This is the first of a four-part series of blog entries in which I will describe how to read and modify SharePoint UserProfile using the SharePoint Object Model.
The series will consist of the following:
- Part 1: How to Check Admin Rights and Get All UserProfile Properties
- Part 2: How to Get the UserProfile Object
- Part 3: How to Update UserProfile Properties
- Part 4: How to Push Changes in Active Directory to the SharePoint User Profile
Before we begin, I want to say that for these articles, the knowledge about the User Profile in 2010 has been collected from various blogs, forums, and Microsoft's online documentation. I have pulled them together, provided my own procedures, and have built a working program based on my sample Web Part.
Challenge:
In many situations, you want to check the permissions of a logged-in user. How can you check permissions on SharePoint Server 2007 and SharePoint Server 2010? Specifically, how do you get all properties of the UserProfile object?
Solution:
Let's get started. First, you will need to assign an Administrator for the User Profile Service Application:
- Go to your Central Administration site.
- Choose "Manage service applications" in the "Application Management" section.
- In the Manage service applications page, make sure the status of User Profile Service Application is "Started". Click User Profile Service Application to enable the "Administrator" Ribbon:
Add your Administrator and set "Manager Profiles" permissions for that account:
You should add references to the following in your Microsoft Visual Studio project:
- Microsoft.Office.Server
- Microsoft.Office.Server.UserProfiles
- Microsoft.SharePoint
- Microsoft.SharePoint.Portal
- Microsoft.SharePoint.Security
In SharePoint 2007, you can use a feature called SiteAccessChecker to check the portal rights:
public bool CheckUserPortalRight()
{
//Can't pass Portal enum in since calling function will throw exception if it is run on WSS
PortalRight portalRight = PortalRight.ManagePeople;
try
{
SiteAccessChecker sac = new SiteAccessChecker(this.portalContext, portalRight);
sac.Demand();
return true;
}
catch (Microsoft.SharePoint.Portal.Security.AccessDeniedException)
{
return false;
}
}
But in SharePoint 2010, that feature is not available. So, how can we check the portal rights of the logged-in user? I'm using the following method:
public bool CheckUserPortalRight()
{
bool flag = true;
try
{
UserProfile userInfo = null;
userInfo = GetUserByAccountName("the account name of login user");
object obj = userInfo["FirstName"].Value;
userInfo["FirstName"].Value = obj;
}
catch (Exception ex)
{
string targetSite = ex.TargetSite.ToString().ToLower();
if (targetSite.Contains("checkupdatepermissions"))
{
flag = false;
}
}
return flag;
}
Next, how do you get all properties of the User Profile?
SharePoint 2010 gets UserProfileManager by using both SPServiceContext and ServerContext, but I haven't yet determined which way is better. In this article, I use the SPServerContext to get UserProfileManager for SharePoint 2010:
public Microsoft.Office.Server.UserProfiles.PropertyCollection GetUserProperties()
{
Microsoft.Office.Server.UserProfiles.PropertyCollection oPropertyCollection = null;
try
{
System.Security.PermissionSet ps =
new System.Security.PermissionSet(System.Security.Permissions.PermissionState.Unrestricted);
ps.Assert();
Microsoft.SharePoint.SPServiceContext serviceContext =
Microsoft.SharePoint.SPServiceContext.Current;
Microsoft.Office.Server.UserProfiles.UserProfileManager upm =
new Microsoft.Office.Server.UserProfiles.UserProfileManager(serviceContext);
oPropertyCollection = upm.PropertiesWithSection;
}
catch (Exception ex)
{
this.WriteInfoLog("GetUserProperties: " + ex.Message);
}
finally
{
System.Security.CodeAccessPermission.RevertAssert();
}
return oPropertyCollection;
}
And for SharePoint 2007:
public Microsoft.Office.Server.UserProfiles.PropertyCollection GetUserProperties()
{
Microsoft.Office.Server.UserProfiles.PropertyCollection oPropertyCollection = null;
try
{
ServerContext context = ServerContext.Current;
UserProfileManager upm = new UserProfileManager(context);
oPropertyCollection = upm.PropertiesWithSection;
}
catch (Exception ex)
{
this.WriteErrorLog("GetUserProperties: " + ex.Message);
}
return oPropertyCollection;
}
Some default properties:
Name |
DisplayName |
UserProfile_GUID |
Id |
SID |
SID |
ADGuid |
Active Directory Id |
AccountName |
Account name |
FirstName |
First name |
LastName |
Last name |
PreferredName |
Name |
WorkPhone |
Work phone |
Office |
Office |
Department |
Department |
Title |
Title |
Manager |
Manager |
AboutMe |
About me |
PersonalSpace |
Personal site |
PictureURL |
Picture |
UserName |
User name |
QuickLinks |
Quick links |
WebSite |
Web site |
PublicSiteRedirect |
Public site redirect |
SPS-Dotted-line |
Dotted-line Manager |
SPS-Peers |
Peers |
SPS-Responsibility |
Responsibilities |
SPS-Skills |
Skills |
SPS-PastProjects |
Past projects |
SPS-Interests |
Interests |
SPS-School |
Schools |
SPS-SipAddress |
SIP Address |
SPS-Birthday |
Birthday |
SPS-MySiteUpgrade |
My Site Upgrade |
SPS-DontSuggestList |
Don't Suggest List |
SPS-ProxyAddresses |
Proxy addresses |
SPS-HireDate |
Hire date |
SPS-LastColleagueAdded |
Last Colleague Added |
SPS-OWAUrl |
Outlook Web Access URL |
SPS-ResourceSID |
Resource Forest SID |
SPS-ResourceAccountName |
Resource Forest Account Name |
SPS-MasterAccountName |
Master Account Name |
Assistant |
Assistant |
WorkEmail |
Work e-mail |
CellPhone |
Mobile phone |
Fax |
Fax |
HomePhone |
Home phone |
Notes:
- User Profile is only available on MOSS 2007 and SharePoint 2010 Server. You cannot use this on Windows SharePoint Services or SharePoint Foundation 2010.
- This code may require permissions you don't currently possess. To make these calls, you need to change the trust level from WSS_Custom to Full in web.config (bad solution), or write the following code and put it in your GAC:
SPSUserProfileHelper.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace YourNamespace
{
[Serializable]
[Microsoft.SharePoint.Security.SharePointPermission(System.Security.Permissions.SecurityAction.InheritanceDemand,
ObjectModel = true),
Microsoft.SharePoint.Security.SharePointPermission(System.Security.Permissions.SecurityAction.Demand,
ObjectModel = true)]
public class SPSUserProfileHelper
{
public Microsoft.Office.Server.UserProfiles.PropertyCollection YourMethods()
{
try
{
System.Security.PermissionSet ps =
new System.Security.PermissionSet(System.Security.Permissions.PermissionState.Unrestricted);
ps.Assert();
//Put your code here
}
catch (Exception ex)
{
//throw something
}
finally
{
System.Security.CodeAccessPermission.RevertAssert();
}
}
}
}
See Also:
- Configuring the User Profile Service in SharePoint 2010 [sharepointgeorge]
- Getting User Profile Properties from SharePoint SSP using PowerShell [SharePoint Dev Wiki]
- ProfileValueCollectionBase.CheckUpdatePermissions Method [MSDN]
SharePoint Online
The cloud parts are functional components that extend your SharePoint Online environment in Microsoft 365.
Supports Classic and Modern sites for SharePoint Online/Microsoft 365
Small Business Pricing and Discounts
SharePoint
Top SharePoint Online Products
Experience greater power and savings by bundling our SharePoint apps and cloud parts.
On-Premises Only
These web parts extend SharePoint beyond its out-of-the-box capabilities by tailoring it to your requirements with Bamboo Solution’s growing portfolio of SharePoint Web Parts.
SharePoint 2016, 2019, 2022 – Classic Pages Only
SharePoint
Top On-Premises Only Products
Experience greater power and savings by bundling our SharePoint apps and web parts.
Our team of Microsoft 365 Technology Consultants helps you get the most out of your Microsoft technology, we have the best Microsoft 365 talent to streamline your organization.
Consulting to Streamline Your Department
M365 Plus
Managed Services
Microsoft 365
Consulting to Streamline Your Department
Our Consultants Have What You Need
Federal Contractors
Microsoft 365
Our Consultants Have What You Need