There are times when developing custom web parts and other SharePoint solutions, you need to impersonate a user and view SharePoint from within their context.
Impersonating a user in SharePoint requires a few things:
- the account that the web or console application users that has privileges to impersonate other users (typically this would be the system account)
- specific users’ user tokens
Step 1: Log in as the system account, or get a handle to the system account in your code
string siteURL = "http://mysite/";
// we just need to get a handle to the site for us
// to get the system account user token
SPSite parentSite = new SPSite(siteURL);
SPUserToken systemToken = parentSite.SystemAccount.UserToken;
using (SPSite site = new SPSite(siteURL, systemToken))
{
using (SPWeb web = site.OpenWeb())
{
// Add code to initiate impersonation
}
}
Step 2: Before you impersonate, get the user token of the user you are switching to. For example:
// Get the current user's user token SPUserToken userToken = web.AllUsers[user].UserToken; // Create an SPSite object in the context of the user SPSite site = new SPSite(siteURL, userToken) SPWeb web = site.OpenWeb(); // Add code to be executed in context of impersonation
Complete code follows:
private static void ImpersonateUser()
{
string siteURL = "http://mysite/";
SPSite parentSite = new SPSite(siteURL);
SPUserToken systemToken = parentSite.SystemAccount.UserToken;
using (SPSite site = new SPSite(siteURL, systemToken))
{
using (SPWeb web = site.OpenWeb())
{
OpenUserContext(web, siteURL, "DOMAIN/JoeDoe");
}
}
}
private static void OpenUserContext(SPWeb web, string siteURL, string user)
{
SPUserToken userToken = web.AllUsers[user].UserToken;
SPSite impSite = new SPSite(siteURL, userToken);
SPWeb impWeb = impSite.OpenWeb();
// Do something as impersonated user
Console.WriteLine("Currently logged in as: " + impWeb.CurrentUser.ToString() + "(" + impWeb.CurrentUser.Name + ")");
}