Menu
I have an issue that is driving me a bit nuts: Using a UserProfileManager as an non-authorized user.
The problem: The user does not have "Manage User Profiles" rights, but I still want to use the UserProfileManager. The idea of using SPSecurity.RunWithElevatedPrivileges does not seem to work, as the UserProfileManager authorizes against the SSP as it seems.
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(inputWeb.Site.ID))
{
ServerContext ctx = ServerContext.GetContext(site);
UserProfileManager upm = new UserProfileManager(ctx,true);
UserProfile u = upm.GetUserProfile(userLogin);
DepartmentName = u["Department"].Value as string;
}
});
This still fails on the "new UserProfileManager" line, with the "You must have manage user profiles administrator rights to use administrator mode" exception.
As far as I userstood, RunWithElevatedPrivileges reverts to the AppPool Identity. WindowsIdentity.GetCurrent().Name returns "NT AUTHORITY\network service", and I have given that account Manage User Profiles rights - no luck.
site.RootWeb.CurrentUser.LoginName returns SHAREPOINT\system for the site created within RunWithElevatedPrivileges, which is not a valid Windows Account ofc.
Is there even a way to do that? I do not want to give all users "Manage User Profiles" rights, but I just want to get some data from the user profiles (Department, Country, Direct Reports). Any ideas?
226
The permission that needs set is actually found in the Shared Service Provider.
I notice that you're running the application pool under the Network Service account. I implemented an identical feature on my site; however, the application pool was hosted under a Windows account. I'm not sure why this would make a difference, however.
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
