.Sitecore

Since, I customise Sitecore even more and more, I have to work with the SecurityModel in SiteCore.
One of the main issues, when manipulating items, is the full-control access. You can get access, in your code, to nearly everything using those two code snippets:

using (new Sitecore.SecurityModel.SecurityDisabler())
{
//your code
}

or:

string userToLogin = "admin";
Sitecore.SecurityModel.DomainAccessResult result = Sitecore.Context.Domain.Login(Sitecore.Context.Domain.GetUser(userToLogin));
if (result.Success)
{
// your code

// log out for security reasons
Sitecore.Context.Domain.Logout();
}


By myself I prefer the second option. I know it’s slower(it has to contact the database, to login and create some new object in the ‘Domain-Context’), but that’s not the reason why you should choose for the other in the first place. My argument to choose for the second version is that you will use the SecurityModel in the way it is mentiont to be used. When you need such privileges ofcourse. The security disabler kicks your ass to Redmond where they also thin that by default ‘All Access / No rights defined’ is the best way to manage your security.
Ofcourse when you are manipulating your website at any page request you’ll receive it’s better to give the Extranet domain full access to your databases

Last but not least, a hint, just for free: When you are using the code above, please mention that you carefully have to select your databases! Sitecore will change your current database, after logging in not directly points to the database ‘you want’. Based on the current website, the Sitecore.Context will not change till you change the current website. For more information about current databases, default sites, etc. I would suggest you to take a look at this post of Alexander Shyba, one of the Solution Consultants of Sitecore in the Ukraine.