Pages

15 March, 2012

How to use SecurityDisabler and UserSwitcher in Sitecore

In Sitecore, if the current context user doesn’t have permission to access this item, Sitecore will return null or throw exception.

SecurityDisabler:
SecurityDisabler will elevate the context user to have administrative privilege and so context user will be able to do anything on the system.

new Sitecore.SecurityModel.SecurityDisabler();

UserSwitcher:
UserSwitcher allows a segment of code to run under a specific user instead of current context user. 

new Sitecore.Security.Accounts.UserSwitcher(Sitecore.Security.Accounts.User.FromName("username",false));

Note: It is recommended to provide context user with appropriate rights than using SecurityDisabler or UserSwitcher.

Sample Code:


        /// <summary>
        /// Code snippets explaining SecurityDisabler and UserSwitcher
        /// </summary>
        private void SecuritySample()
        {
            //Getting Master Database
            Sitecore.Data.Database masterDB = Sitecore.Configuration.Factory.GetDatabase("master");
            //Getting a Sitecore Item
            Sitecore.Data.Items.Item home = masterDB.GetItem("/sitecore/content/Home"); 
            //Using Begin, End, Cancel Edit and Security Disabler
            BeginEditAndSecurityDisabler(home); 
            //Using EditContext and Security User Switcher
            EditContextAndSecurityUserSwitcher(home);
        }
 
        /// <summary>
        /// Using Begin, End, Cancel Edit and Security Disabler
        /// </summary>
        /// <param name="home"></param>
        private void BeginEditAndSecurityDisabler(Sitecore.Data.Items.Item home)
        {
            using (new Sitecore.SecurityModel.SecurityDisabler())
            {
                home.Editing.BeginEdit();
                try
                {
                    home["Title"] = "Title from Code"; 
                    //Commit the changes
                    home.Editing.EndEdit();
                }
                catch (Exception)
                {
                    //Revert the Changes
                    home.Editing.CancelEdit();
                }
            }
        }
 
        /// <summary>
        /// Using EditContext and Security User Switcher
        /// </summary>
        /// <param name="home"></param>
        private void EditContextAndSecurityUserSwitcher(Sitecore.Data.Items.Item home)
        {
            //User which is already created in Sitecore User Manager
            string testUser = @"sitecore\testuser"; 
            //User existing or not
            if (Sitecore.Security.Accounts.User.Exists(testUser))
            {
                //Getting Sitecore User Object with UserName
                Sitecore.Security.Accounts.User scUser = Sitecore.Security.Accounts.User.FromName(testUser, false); 
                //Switching Context User
                using (new Sitecore.Security.Accounts.UserSwitcher(scUser))
                {
                    //Using EditContext to edit an Item
                    using (new Sitecore.Data.Items.EditContext(home))
                    {
                        home["Text"] = "Modified Text from Code";
                    }
                }
            }
        }
Before UserSwitcher:
After UserSwitcher:


2 comments:

blockquote { margin: 0; } blockquote p { padding: 15px; background: #eee; border-radius: 5px; } blockquote p::before { content: '\201C'; } blockquote p::after { content: '\201D'; }