This is the first of a four-part series of blog entries in which I will describe how to read and modify SharePoint UserProfile using the SharePoint Object Model.
The series will consist of the following:
- Part 1: How to Check Admin Rights and Get All UserProfile Properties
- Part 2: How to Get the UserProfile Object
- Part 3: How to Update UserProfile Properties
- Part 4: How to Push Changes in Active Directory to the SharePoint User Profile
Before we begin, I want to say that for these articles, the knowledge about the User Profile in 2010 has been collected from various blogs, forums, and Microsoft's online documentation. I have pulled them together, provided my own procedures, and have built a working program based on my sample Web Part.
Challenge:
In many situations, you want to check the permissions of a logged-in user. How can you check permissions on SharePoint Server 2007 and SharePoint Server 2010? Specifically, how do you get all properties of the UserProfile object?
Solution:
Let's get started. First, you will need to assign an Administrator for the User Profile Service Application:
- Go to your Central Administration site.
- Choose "Manage service applications" in the "Application Management" section.
- In the Manage service applications page, make sure the status of User Profile Service Application is "Started". Click User Profile Service Application to enable the "Administrator" Ribbon:
Add your Administrator and set "Manager Profiles" permissions for that account:
You should add references to the following in your Microsoft Visual Studio project:
- Microsoft.Office.Server
- Microsoft.Office.Server.UserProfiles
- Microsoft.SharePoint
- Microsoft.SharePoint.Portal
- Microsoft.SharePoint.Security
In SharePoint 2007, you can use a feature called SiteAccessChecker to check the portal rights:
public bool CheckUserPortalRight()
{
//Can't pass Portal enum in since calling function will throw exception if it is run on WSS
PortalRight portalRight = PortalRight.ManagePeople;
try
{
SiteAccessChecker sac = new SiteAccessChecker(this.portalContext, portalRight);
sac.Demand();
return true;
}
catch (Microsoft.SharePoint.Portal.Security.AccessDeniedException)
{
return false;
}
}
But in SharePoint 2010, that feature is not available. So, how can we check the portal rights of the logged-in user? I'm using the following method:
public bool CheckUserPortalRight()
{
bool flag = true;
try
{
UserProfile userInfo = null;
userInfo = GetUserByAccountName("the account name of login user");
object obj = userInfo["FirstName"].Value;
userInfo["FirstName"].Value = obj;
}
catch (Exception ex)
{
string targetSite = ex.TargetSite.ToString().ToLower();
if (targetSite.Contains("checkupdatepermissions"))
{
flag = false;
}
}
return flag;
}
Next, how do you get all properties of the User Profile?
SharePoint 2010 gets UserProfileManager by using both SPServiceContext and ServerContext, but I haven't yet determined which way is better. In this article, I use the SPServerContext to get UserProfileManager for SharePoint 2010:
public Microsoft.Office.Server.UserProfiles.PropertyCollection GetUserProperties()
{
Microsoft.Office.Server.UserProfiles.PropertyCollection oPropertyCollection = null;
try
{
System.Security.PermissionSet ps =
new System.Security.PermissionSet(System.Security.Permissions.PermissionState.Unrestricted);
ps.Assert();
Microsoft.SharePoint.SPServiceContext serviceContext =
Microsoft.SharePoint.SPServiceContext.Current;
Microsoft.Office.Server.UserProfiles.UserProfileManager upm =
new Microsoft.Office.Server.UserProfiles.UserProfileManager(serviceContext);
oPropertyCollection = upm.PropertiesWithSection;
}
catch (Exception ex)
{
this.WriteInfoLog("GetUserProperties: " + ex.Message);
}
finally
{
System.Security.CodeAccessPermission.RevertAssert();
}
return oPropertyCollection;
}
And for SharePoint 2007:
public Microsoft.Office.Server.UserProfiles.PropertyCollection GetUserProperties()
{
Microsoft.Office.Server.UserProfiles.PropertyCollection oPropertyCollection = null;
try
{
ServerContext context = ServerContext.Current;
UserProfileManager upm = new UserProfileManager(context);
oPropertyCollection = upm.PropertiesWithSection;
}
catch (Exception ex)
{
this.WriteErrorLog("GetUserProperties: " + ex.Message);
}
return oPropertyCollection;
}
Some default properties:
|
Name |
DisplayName |
|
UserProfile_GUID |
Id |
|
SID |
SID |
|
ADGuid |
Active Directory Id |
|
AccountName |
Account name |
|
FirstName |
First name |
|
LastName |
Last name |
|
PreferredName |
Name |
|
WorkPhone |
Work phone |
|
Office |
Office |
|
Department |
Department |
|
Title |
Title |
|
Manager |
Manager |
|
AboutMe |
About me |
|
PersonalSpace |
Personal site |
|
PictureURL |
Picture |
|
UserName |
User name |
|
QuickLinks |
Quick links |
|
WebSite |
Web site |
|
PublicSiteRedirect |
Public site redirect |
|
SPS-Dotted-line |
Dotted-line Manager |
|
SPS-Peers |
Peers |
|
SPS-Responsibility |
Responsibilities |
|
SPS-Skills |
Skills |
|
SPS-PastProjects |
Past projects |
|
SPS-Interests |
Interests |
|
SPS-School |
Schools |
|
SPS-SipAddress |
SIP Address |
|
SPS-Birthday |
Birthday |
|
SPS-MySiteUpgrade |
My Site Upgrade |
|
SPS-DontSuggestList |
Don't Suggest List |
|
SPS-ProxyAddresses |
Proxy addresses |
|
SPS-HireDate |
Hire date |
|
SPS-LastColleagueAdded |
Last Colleague Added |
|
SPS-OWAUrl |
Outlook Web Access URL |
|
SPS-ResourceSID |
Resource Forest SID |
|
SPS-ResourceAccountName |
Resource Forest Account Name |
|
SPS-MasterAccountName |
Master Account Name |
|
Assistant |
Assistant |
|
WorkEmail |
Work e-mail |
|
CellPhone |
Mobile phone |
|
Fax |
Fax |
|
HomePhone |
Home phone |
Notes:
- User Profile is only available on MOSS 2007 and SharePoint 2010 Server. You cannot use this on Windows SharePoint Services or SharePoint Foundation 2010.
- This code may require permissions you don't currently possess. To make these calls, you need to change the trust level from WSS_Custom to Full in web.config (bad solution), or write the following code and put it in your GAC:
SPSUserProfileHelper.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace YourNamespace
{
[Serializable]
[Microsoft.SharePoint.Security.SharePointPermission(System.Security.Permissions.SecurityAction.InheritanceDemand,
ObjectModel = true),
Microsoft.SharePoint.Security.SharePointPermission(System.Security.Permissions.SecurityAction.Demand,
ObjectModel = true)]
public class SPSUserProfileHelper
{
public Microsoft.Office.Server.UserProfiles.PropertyCollection YourMethods()
{
try
{
System.Security.PermissionSet ps =
new System.Security.PermissionSet(System.Security.Permissions.PermissionState.Unrestricted);
ps.Assert();
//Put your code here
}
catch (Exception ex)
{
//throw something
}
finally
{
System.Security.CodeAccessPermission.RevertAssert();
}
}
}
}
See Also:
- Configuring the User Profile Service in SharePoint 2010 [sharepointgeorge]
- Getting User Profile Properties from SharePoint SSP using PowerShell [SharePoint Dev Wiki]
- ProfileValueCollectionBase.CheckUpdatePermissions Method [MSDN]
