From time to time developer faces with the need to perform some action with the item in the scope of administrative user. In such case there are two possibilities:
SecurityDisabler and UserSwitcher.
Both of them allows developer to solve the task. So, let’s what is the difference between them and which of them is most preferable to use.
SecurityDisabler
The SecurityDisabler elevates the users permission (temporarily) to administrator rights and so context user will be able to do anything on the system. Such ability could have the potential to be very dangerous to use and errors to potentially be very costly. An interesting side effect is that anything done with the SecurityDisabler will show up as being done by the sitecore\Anonymous role, messing up the audit trail.
private void SecurityDisablerExample(Sitecore.Data.Items.Item itemToEdit, Sitecore.Data.Items.Item itemToDelete)
{
using (new Sitecore.SecurityModel.SecurityDisabler())
{
itemToEdit.Editing.BeginEdit();
try
{
itemToEdit["Title"] = "Title from Code";
//Commit the changes
itemToEdit.Editing.EndEdit();
}
catch (Exception)
{
//Revert the Changes
itemToEdit.Editing.CancelEdit();
}
//Using sitecore\testuser to delete an Item
itemToDelete.Delete();
}
}
UserSwitcher
UserSwitcher allows a segment of code to run under a specific user instead of current context user.
private void SecurityUserSwitcherExample(Sitecore.Data.Items.Item itemToEdit, Sitecore.Data.Items.Item itemToDelete)
{
//User which is already created in Sitecore User Manager
string testUser = @"sitecore\testuser";
//User existing or not
if (Sitecore.Security.Accounts.User.Exists(testUser))
{
//Getting Sitecore User Object with UserName
Sitecore.Security.Accounts.User scUser =
Sitecore.Security.Accounts.User.FromName(testUser, false);
//Switching Context User
using (new Sitecore.Security.Accounts.UserSwitcher(scUser))
{
//Using EditContext to edit an Item
using (new Sitecore.Data.Items.EditContext(itemToEdit))
{
itemToEdit["Text"] = "Modified Text from Code";
}
//Using sitecore\testuser to delete an Item
itemToDelete.Delete();
}
}
}
Conclusion
Assuming we have set up the access for the TestUser account correctly and pass some content item to modify and home item to delete. In case of SecurityDisabler all actions will be done. In case of UserSwitcher content item will be updated but on execution of delete action AccessDeniedException will be thrown because TestUser doesn’t have appropriate rights.
Although this is a trivial example, it does point out the dangers of the SecurityDisabler.
Base on the information above I would recommend to configure special user with the appropriate rights (such approach could save us from dangerous in the future) and use UserSwitcher instead of using SecurityDisabler.
Enjoy!
Andrey Vinda 