Share via


Exercise 2: Calling SPSecurity

In this second exercise you will add code to the Web Part that will call SPSecurity. You will redeploy and test the Web Part by simply starting debugging from Visual Studio.

  1. In the WebPart1 class, add the following code to the CreateChildControls method that you have added earlier. This code will utilize the SPSecurity object.

    C#

    protected override void CreateChildControls() { // CODE OMMITTED FOR BREVITY Controls.Add(testButton1); Button testButton2 = new Button(); testButton2.Text = "Test 2"; testButton2.Click += delegate { try { SPSecurity.RunWithElevatedPrivileges( delegate { using (SPSite siteCollection = new SPSite(SPContext.Current.Site.ID)) { SPWeb site = siteCollection.OpenWeb(SPContext.Current.Web.ID); message.Text = String.Format("This site contains {0} lists", site.Lists.Count); } }); } catch (Exception e) { message.Text = e.Message; } }; Controls.Add(testButton2); }

    VB.NET

    <ToolboxItemAttribute(false)> _ Public Class WebPart1 Inherits WebPart Dim message As New Label() Protected Overrides Sub CreateChildControls() Controls.Add(message) Controls.Add(New WebControl(HtmlTextWriterTag.Br)) Dim testButton1 As New Button() AddHandler testButton1.Click, AddressOf testButton1_Click testButton1.Text = "Test 1" Controls.Add(testButton1) Dim testButton2 As New Button() testButton2.Text = "Test 2" AddHandler testButton2.Click, AddressOf testButton2_Click Controls.Add(testButton2) End Sub Private Sub testButton1_Click(ByVal sender As Object,ByVal e As EventArgs) message.Text = [String].Format("This site contains {0} lists",SPContext.Current.Web.Lists.Count) End Sub Private Sub testButton2_Click(ByVal sender As Object, ByVal e As EventArgs) SPSecurity.RunWithElevatedPrivileges(AddressOf ElevateMe) End Sub Private Sub ElevateMe() Try Using siteCollection As New SPSite(SPContext.Current.Site.ID) Dim site As SPWeb =siteCollection.OpenWeb(SPContext.Current.Web.ID) message.Text = [String].Format("This site contains {0} lists", site.Lists.Count) End Using Catch e As Exception message.Text = e.Message End Try End Sub End Class
  2. Right click the project in Solution Explorer and choose Deploy in order to deploy the web part.
  3. If you have your browser still open from previous exercise, press F5 to refresh the page. If you closed the browser, open it again and navigate to https://intranet.contoso.com/sites/Lab13.

    Figure 1

    Test 1 and Test 2 buttons

  4. On the WebPart1, click the Test 2 button in order to test the call to SPSecurity.
  5. Notice that an exception is thrown. Also notice that the exception details are hidden by default. Click on the Show Error Details. This error shows that this Web Part, which is running in the sandbox, cannot include a reference to the SPSecurity type:

    Figure 2

    Security exception

  6. Close the browser.
Note:
In this exercise you added code to your sandboxed Web Part that included a reference to SPSecurity which is not permitted within the sandbox.