没有“管理用户配置文件"权限的 Sharepoint UserProfileManager [英] Sharepoint UserProfileManager without Manage User Profiles right

问题描述

我有一个问题让我有点抓狂:将 UserProfileManager 用作非授权用户.

I have an issue that is driving me a bit nuts: Using a UserProfileManager as an non-authorized user.

问题:用户没有管理用户配置文件"权限，但我还是想使用UserProfileManager.使用 SPSecurity.RunWithElevatedPrivileges 的想法似乎不起作用，因为 UserProfileManager 似乎对 SSP 进行了授权.

The problem: The user does not have "Manage User Profiles" rights, but I still want to use the UserProfileManager. The idea of using SPSecurity.RunWithElevatedPrivileges does not seem to work, as the UserProfileManager authorizes against the SSP as it seems.

            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite site = new SPSite(inputWeb.Site.ID))
                {
                    ServerContext ctx = ServerContext.GetContext(site);
                    UserProfileManager upm = new UserProfileManager(ctx,true);
                    UserProfile u = upm.GetUserProfile(userLogin);
                    DepartmentName = u["Department"].Value as string;
                }
            });

这仍然在new UserProfileManager"行失败，出现您必须具有管理用户配置文件的管理员权限才能使用管理员模式"异常.

This still fails on the "new UserProfileManager" line, with the "You must have manage user profiles administrator rights to use administrator mode" exception.

就我的用户而言，RunWithElevatedPrivileges 恢复到 AppPool 标识.WindowsIdentity.GetCurrent().Name 返回NT AUTHORITY\network service"，并且我已授予该帐户管理用户配置文件"权限 - 没有运气.

As far as I userstood, RunWithElevatedPrivileges reverts to the AppPool Identity. WindowsIdentity.GetCurrent().Name returns "NT AUTHORITY\network service", and I have given that account Manage User Profiles rights - no luck.

site.RootWeb.CurrentUser.LoginName 为在 RunWithElevatedPrivileges 中创建的站点返回 SHAREPOINT\system，该站点不是有效的 Windows 帐户.

site.RootWeb.CurrentUser.LoginName returns SHAREPOINT\system for the site created within RunWithElevatedPrivileges, which is not a valid Windows Account ofc.

有没有办法做到这一点?我不想给所有用户管理用户配置文件"的权限，但我只想从用户配置文件(部门、国家、直接报告)中获取一些数据.有什么想法吗?

Is there even a way to do that? I do not want to give all users "Manage User Profiles" rights, but I just want to get some data from the user profiles (Department, Country, Direct Reports). Any ideas?

推荐答案

需要设置的权限其实是在Shared Service Provider中找到的.

The permission that needs set is actually found in the Shared Service Provider.

1. 导航到中央管理员
2. 导航到共享服务提供商
3. 在用户配置文件和我的网站下导航到个性化服务权限.
4. 如果该帐户尚不存在，请添加运行您的网站的应用程序域所用的帐户.
5. 授予该用户管理用户个人资料权限.

1. Navigate to Central Admin
2. Navigate to the Shared Service Provider
3. Under User Profiles and My Sites navigate to Personalization services permissions .
4. If the account doesn't already exist, add the account for which your sites App Domain is running under.
5. Grant that user Manage user profiles permission.

我注意到您正在网络服务帐户下运行应用程序池.我在我的网站上实现了一个相同的功能；但是，应用程序池托管在 Windows 帐户下.但是，我不确定为什么这会有所作为.

I notice that you're running the application pool under the Network Service account. I implemented an identical feature on my site; however, the application pool was hosted under a Windows account. I'm not sure why this would make a difference, however.

这篇关于没有“管理用户配置文件"权限的 Sharepoint UserProfileManager的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！