Archive for the ‘User Account’ Category

Apr
12
Things to know when updating a profile using API
Filed Under (Security, Tips and Tricks, User Account) by Andy Diericks on 25-04-2007

 

 

  • When updating a value of a profile your changes won’t be applied until you make a commit, it can be so frustrating when you forget it…..
   1: UserProfile u;
   2: u[property].Value = "My string";
   3: u.Commit();

  • Maybe the user will not have the rights to edit profiles, the current user has to get the "Manage user profiles" right, you can set it up in the SSP.
  • If the users cannot have the rights to edit profiles and can’t have it through SSP, because of security or business reason you can run your code with elevated privileges using the object SPSecurity. In that case the user that will run the code will have the same rights as "SYSTEM\Administrator", so be careful. I have to admit I’m not a big fan of it. More information on MSDN: SPSecurity.RunWithElevatedPrivileges Method .You can use the impersonation too: a good post about it: Impersonation in Event Handlers by Ishai Sagi
   1: SPSecurity.RunWithElevatedPrivileges(delegate()
   2: {
   3:     using (SPSite site = new SPSite(web.Site.ID))
   4:     {
   5:     // your code
   6:     }
   7: });

 

  • Like always use some safe code, like testing if your user exist if not you can raise an exception
   1: try
   2: {
   3:    if (profileManager.UserExists("MOSS\\andy"))
   4:    {
   5:          //Do something
   6:    }
   7: }
   8: catch (UserNotFoundException ex)
   9: {
  10:     //Do something                
  11: }

(0) Comments    Read More