Resolve a User Principal

One of the more awkard areas on SharePoint development is dealing with users, AD groups, SharePoint groups, and getting more information about users and groups can be awkward.

You can sometimes get an SPUser object using the SPWeb.Users , SPWeb.SiteUsers or SPWeb.AllUsers objects:

 SPUser u = web.SiteUsers["DOMAIN\user"];

What’s the difference between those things? From MSDN:

The Users collection has the smallest membership of these three collections. This collection includes all the external principals that have been explicitly assigned permissions within the current site.

The AllUsers collection includes all members of the Users collection, plus external users that have accessed objects within the site using implicit permissions through group or role membership. For example, imagine a user named Brian with the login of LITWAREINCBrianC that has never been given explicit permissions to access a site and view a particular list. However, he might still be able to view the list because of his membership within an Active Directory group that has been configured with list view permissions. When Brian first accesses the site or one of its objects (say, a list using implicit permissions), he is added as a member of the AllUsers collection, but he is not added as a member of the Users collection.

The SiteUsers collection is an aggregation that combines membership for each AllUsers collection within the current site collection. The membership of this collection includes all external principals that have been assigned permissions to any object within the site collection as well as all external users that have been granted access to any of the site collection’s objects using implicit permissions.

This is fine – but sometimes the details you want belong to a user who isn’t in your current context. For this, we have the SPUtility.ResolvePrincipal() methods:

SPWebApplication webApp = SPSite.WebApplication;
SPPrincipalInfo pi = null;
pi = SPUtility.ResolvePrincipal(webApp, null, login, SPPrincipalType.User, SPPrincipalSource.All, false);
if (primaryInfo == null)
    throw new SPException("Can't resolve user: " + login);

Note that the SPUtility.ResolvePrincipal() method allows us to search for details against the web application, or site. Also, you can search just for specific types of principal (SPPrincipalType) or the source (SPPrincipalSource), which is useful. Also useful is that the PeopleEditor control uses the SPUtility.ResolvePrincipal() internally, so it seems to fit well if you need to get information about users that have been entered using a PeopleEditor.

Resolve a User Principal

2 thoughts on “Resolve a User Principal

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.