none
Determine Farm Administrator through C# and not PowerShell RRS feed

  • Question

  • I have an SP2013 On Premise Farm (with multiple servers, WFE, App, SQL and so on). I have a Windows Service deployed on the WFE which needs to loop through all web applications, site collections and so on. For this, the service has to run as a Farm Admin so that it can access the highest level object in SSOM which is SPFarm. The service is installed into the WFE using an MSI installer which has one step to capture the user with which the Windows Service has to be installed. Here, we expect the user to key in the credentials of the Farm Admin and we need to be able to verify if this keyed in credential is actually the Farm Admin. Unfortunately, for achieving this also, we need to call SPFarm.Local and if this call succeeds then we know it's a Farm Admin and it not, we know the credential is not that of Farm Admin. Unfortunately, we can't even know from WFE which App Pool CA site runs under, which would be the Farm Admin, (because this is in App server) so that we can at least determine the Farm Admin user even before making SP calls. I know that in PS, we can call the (Get-SPFarm).DefaultServiceAccount.Name to get the Farm Admin. Is there a way to find the Farm Admin using C# without calling SPFarm.Local?

    Ven

    Tuesday, March 21, 2017 3:54 PM

All replies

  • Hi Venh,

    I would suggest create a SPWebApplication object for any webapplication and run your windows service under the application pool account of that web application and then access the farm administrator group and loop through the users with the entered user to return if the user is Farm Admin or not, Follow below code snippet:

    public static bool IsFarmAdmin(string loginName)
            {
                bool isFarmAdmin = false;
    
                SPGroup adminGroup = SPAdministrationWebApplication.Local.Sites[0].AllWebs[0].SiteGroups["Farm Administrators"];
    
                    foreach (SPUser user in adminGroup.Users)
                    {
                        if (user.LoginName == loginName)
                        {
                            isFarmAdmin = true;
                            break;
                        }
                    }
    
                return isFarmAdmin;
            }

    Let me know if this helps, make sure the windows service runs under the application pool account of the webapplication that you would be using in your code.

    Regards

    Paramdeep Singh


    SharePoint Architect


    Tuesday, March 21, 2017 7:25 PM
  • I cannot create a web application or run my Windows Service under any particular web application's app pool account. This Windows Service will have to be deployed on any SharePoint Deployment and is meant "Only to Read" information from SharePoint sites and not create / update anything.

    Ven

    Wednesday, March 22, 2017 5:49 AM