SPUser.RequireRequestToken Property

Gets or sets a value that indicates whether the SPUser object requires a request token.

Namespace:  Microsoft.SharePoint
Assembly:  Microsoft.SharePoint (in Microsoft.SharePoint.dll)
Available in Sandboxed Solutions: Yes
Available in SharePoint Online

public bool RequireRequestToken { get; set; }

Property Value

Type: System.Boolean
true if the SPUser object requires a request token; otherwise false.

The RequireRequestToken property can be true only if the IsApplicationPrincipal property is true.

The practical effect of setting RequireRequestToken to true is that the application represented by the SPUser object must be hosted in a Web Part on a Microsoft SharePoint Foundation page to which a real user; that is, a user who is not an application principal; has navigated. The application can take actions and retrieve data only if both the real user and the application principal have permission for the action or data.

We recommend that RequireRequestToken be true whenever IsApplicationPrincipal is true. If it is not, then any person running the application would have all of the permissions of the application, even if that person does not have those permissions.

For more information on the role of the request token, see the links in the Related Topics section.