I have not found any other solution then impersonating, one option you
may want to consider is to use the Lists in the site  Directory, this
will list  all sites  that have been "Listed" but will now show other
sites. I believe this is a regular list and doesn't require admin  access

I will let know if I found a other solution

You can use my SimulatedUser.cs class (attached) to become another user.
Call it like this:

private Mindsharp.SimulatedUser user;

user = new Mindsharp.SimulatedUser();
user.Impersonate();

//run your code

user.Undo();

We currently use this throughout the Mindsharp site. However, one of the
tasks on my to do list  is to switch over to using the .NET RevertToSelf
function. It discontinues the ASP.NET impersonation  that IIS is doing
and runs your code as the application pool identity. No stored  usernames
or passwords in config files. I like that. The text file that contains
the research that I've done this far is also attached. But it isn't a
working or easy to use canned solution as of yet. Let me know if you
make some progress in this area.

Note, the code you mention is the same code I posted about a short while
back because I cannot get it to work in my environment. I get an error
even though I am running as the SharePoint Farm Administrator. Let me
know if you can run my code below...

IIRC, Todd worked with this and WSS team - he filed a bug and they have
decided to not fix it.

I could be wrong, however, but this sounds familiar to what Todd was working
on with the product team. I'm sure he'll respond soon.

My email was held up for quite some time. Not sure why.

Attached is an updated version of my RevertToAppPool class. I worked on
it yesterday with Aaron Naas. You call it similar to the way my
SimulatedUser class was called:

private Mindsharp.RevertToAppPool reverter = new
Mindsharp.RevertToAppPool();

reverter.UseAppPoolIdentity();

//run your code

reverter.ReturnToImpersonatingCurrentUser();

This code is currently untested and needs some additional error checking
but it should work. I really like the idea of using the app pool
identity rather than storing credentials in some config file. We are
just using the credentials that are already stored  in the IIS metabase.
Cool.

I just came across this thread that came up back in December. I am
trying to accomplish exactly what is described below, and am faced with
the exact same situation. I want to display  a hierarchical list  of
sub-sites from within the portal, and the AllSites property requires
admin access.

My question has to do with Todd's proposed solution of a SimulatedUser
class that mimics a system administrator.

I'm not a C-Sharp expert, so please forgive my ignorance. If I am
reading the code right, then the username and password are pulled from
settings in the web.config file. Is that a safe place to put an
administrator's username and password? Can non-administrators access  the
web.config file? Are there ways to safeguard against someone
unauthorized getting at the settings?

Yes, non-admins can access  the web.config. And the code in the original
post does not require username/pwd as it runs through impersonization.
Regardless, you should never hardcode a username and password into
anything you write. That's just asking for trouble. I haven't tried the
code mentioned in the original post, so I can't help you there. I can
just offer the advice that although it may require more work, avoid
hardcoding usernames/pwds at all costs.

Yes, non-admins can access  the web.config. And the code in the original
post does not require username/pwd as it runs through impersonization.
Regardless, you should never hardcode a username and password into
anything you write. That's just asking for trouble. I haven't tried the
code mentioned in the original post, so I can't help you there. I can
just offer the advice that although it may require more work, avoid
hardcoding usernames/pwds at all costs.

I would think it's a little severe to consider recording a username, password, connection string or the like in web.config as hard coding. The issue of security is valid, many people have taken to encrypting values when they store them in web.config like this

www.thedatafarm.com/.../PermaLink.aspx

Check out my recent blog post for the best method of impersonation  I've
found to date:
mindsharpblogs.com/.../467.aspx

My work on this got shoved to the back burner, and I am just now getting
back to it.

I've tried using the impersonation  RevertToAppPool class that you
reference, Todd, and I am running into some trouble.

On the line:
foreach(SPWeb web  in site.AllWebs) {

I am getting the error:

Cannot complete this action. Please try again.Microsoft.SharePoint at
Microsoft.SharePoint.Library.a.a(String A_0, Object& A_1, Object& A_2,
Object& A_3, Object& A_4, Object& A_5) at
Microsoft.SharePoint.b.a(String[]& A_0, String[]& A_1, Guid[]& A_2,
Int32[]& A_3, String[]& A_4, String[]& A_5, String[]& A_6, String[]&
A_7, Boolean[]& A_8, Int32[]& A_9, Int16[]& A_10, Int16[]& A_11) at
Microsoft.SharePoint.SPWebCollection.b() at
Microsoft.SharePoint.SPWebCollection.Undirty() at
Microsoft.SharePoint.SPBaseCollection.System.Collections.IEnumerable.Get
Enumerator() at
ASI.PortalLibrary.WebParts.MySubSites.RenderWebPart(HtmlTextWriter
output) in c:\documents and settings\bnadler\my documents\visual studio
projects\asinet3\asiportal\webparts\mysubsites.cs:line 74


I am using the following code:
--------------------
protected override void RenderWebPart(HtmlTextWriter output) {



try {

RevertToAppPool reverter = new RevertToAppPool();
reverter.UseAppPoolIdentity();


SPSite site  = GetSite();
output.WriteLine (site.Url + " ");

foreach(SPWeb web in site.AllWebs) {
output.WriteLine ("Subsite: <a href=" + web.Url
+ ">" + web.Title + "</a> ");
}

reverter.ReturnToImpersonatingCurrentUser();

} catch (System.Exception exc) {
Text += exc.Message + exc.Source + exc.StackTrace;
}

output.Write(Text);
}
-------------------------

I have recreated the problem and I'll try to look into it.

It happens that I have run across this same issue. I have been able to use the reverter to revert when doing some things, but not when adding a new site. Todd, have you had time to research this? I have not had any luck finding a solution at this point.