Recently I had a problem where I was writing a webpart to modify some user profile values of people other than the logged in user.
So I do what I usually do, I call:
SPSecurity.RunWithElevatedPrivileges
and found that even though I was impersonating, I would still get errors saying:
Property Not Editable. This property can only be modified by an administrator
or
You may only modify your own profile, unless you are an administrator
I then I also tried my other tactic of creating the SPSite using the System Token from:
SPContext.Current.Site.SystemAccount.UserToken
but again no joy.
I tried a bunch of different things until I stumbled across
this post, that suggested setting the HTTPContect to null just before updating the profile. I thought that could never work, but I tried it anyway. His post is unavailable and I only managed to get it through Google Cache! The sample code was:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite sc = new SPSite(SPContext.Current.Site.ID);
ServerContext context = ServerContext.GetContext(sc);
HttpContext currentContext = HttpContext.Current;
HttpContext.Current = null;
UserProfileManager profileManager = new UserProfileManager(context);
UserProfile user = profileManager.GetUserProfile("DOMAIN\\userName");
writer.Write(user.PersonalUrl);
HttpContext.Current = currentContext;
});
and to my amazement it works. It seems with no HTTPContext, SharePoint is unable to determine the current user and so uses the credentials of the actual impersonated user (as it should).
Disgusting - but it saved the day.