SharePoint Saturday Toronto July 2012 - Antonio Maio

Antonio.maio@titus.com
www.trustsharepoint.com

Sponsors
Enterprise

Standard

Options for Retrieving/Managing
Claims
Claim Rule
Format: SAML/WS-Fed 4. Authenticates
user & creates
Claim Rule
Token with token
…
Claims 3. Get info
(claims) about
user
5. User is
authenticated and
SharePoint 2010 now
iAttributeStore …
has user’s claims Secure Token Server Database or
2. Requests (STS) Directory
authentication & EX. Active Directory Ex. Active Directory

SharePoint token Federation Services
(ADFS version 2.0)
2010 Custom Claim Provider
Custom Claim Provider Trusted Identity Provider
…

1. User login
(with username & Client System
password) Ex. web browser
SQL DB,
LDAP, PKI
etc…

Focus: Custom Claim Providers

SharePoint
2010 Custom Claim Provider
Custom Claim Provider
…
Active Directory
1. User login
(with username & Client System
password) Ex. web browser

Microsoft.SharePoint
Microsoft.IdentityModel
Browse to find it in Program FilesReference AssembliesMicrosoftWindows Identity
Foundationv3.5Microsoft.IdentityModel.dll

using System;
using System.Xml;
using System.IO;
using System.ServiceModel.Channels;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Administration;
using Microsoft.SharePoint.Administration.Claims;
using Microsoft.SharePoint.WebControls;

namespace SampleClaimProvider
{
public class ClearanceClaimProvider : SPClaimProvider
{
public ClearanceClaimProvider (string displayName)
: base(displayName)
{
}
}
}

4. Implement the Abstract class

Methods: public class ClearanceClaimProvider:SPClaimProvider
FillClaimTypes {
}
FillClaimValueTypes
FillClaimsForEntity Right click on SPClaimProvider and select…
FillEntityTypes
FillHierarchy
FillResolve(2 overrides)
FillSchema
FillSearch

Properties:
Name
SupportsEntityInformation
SupportsHierarchy
SupportsResolve
SupportsSearch

Returns the
public override string Name Claim Provider
{get { return ProviderInternalName; }} unique name

public override bool SupportsEntityInformation Must return True
{get { return true; }} for Claims
Augmentation
public override bool SupportsHierarchy Supports hierarchy
{get { return true; }} display in people
picker
public override bool SupportsResolve
{get { return true; }}
Supports resolving
claim values
public override bool SupportsSearch
{get { return true; }} Supports search
operation

internal static string ProviderDisplayName
{
get { return “Security Clearance"; }
}

internal static string ProviderInternalName
{
get { return “SecurityClearanceProvider"; }
}

private string[] SecurityLevels new string[]
{ None Confidential Secret Top Secret };

private static string ClearanceClaimType
{
get { return "http://schemas.sample.local/clearance"; }
}

private static string ClearanceClaimValueType
{
get { return Microsoft.IdentityModel.Claims.ClaimValueTypes.String;}
}

• Adding a claim with type URL http://schemas.sample.local/clearance
and the claim’s value is a string

FillClaimTypes
FillClaimValueTypes
FillClaimsForEntity

protected override void FillClaimTypes(List<string> claimTypes)
{
if (claimTypes == null)
throw new ArgumentNullException("claimTypes");
claimTypes.Add(ClearanceClaimType);
}

protected override void FillClaimValueTypes(List<string>
claimValueTypes)
{
if (claimValueTypes == null
throw new ArgumentNullException("claimValueTypes");
claimValueTypes.Add(ClearanceClaimValueType);
}

FillClaimsForEntity

protected override void FillClaimsForEntity(Uri context, SPClaim entity,
List<SPClaim> claims)
{
if (entity == null)
throw new ArgumentNullException("entity");
if (claims == null)
throw new ArgumentNullException("claims");
if (String.IsNullOrEmpty(entity.Value))
throw new ArgumentException("Argument null or empty",
"entity.Value");

//if existing Clearance claim is „top secret‟ then add lower levels
clearances
if (. . .)
{
claims.Add(CreateClaim(ClearanceClaimType, SecurityLevels[0],
ClearanceClaimValueType));


}
. . .
}

Other Important Methods: Replacing the People Picker

FillEntityTypes
Set of possible claims to display in the people picker

FillHierarchy
Hierarchy for displaying claims in the people picker

Resolving claims specified in the people picker

FillSchema
Specifies the schema that is used by people picker to
display claims/entity data

FillSearch
Fills in search results in people picker window

FillEntityTypes
FillHierarchy
FillSchema
FillSearch

protected override void FillEntityTypes(List<string> entityTypes)
{

//Return the type of entity claim we are using
entityTypes.Add(SPClaimEntityTypes.FormsRole);
}

protected override void FillHierarchy(Uri context, string[] entityTypes,
string hierarchyNodeID, int numberOfLevels, SPProviderHierarchyTree hierarchy)
{
if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole))
return;
switch (hierarchyNodeID)
{
case null: // when it 1st loads, add all our nodes
hierarchy.AddChild(new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode
(SecurityClearance.ProviderInternalName,
“SecurityClearance”, “Security Clearance”, true));

hierarchy.AddChild(new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode
(SecurityClearance.ProviderInternalName,
“Caveat”, “Caveat”, true));

break;

default:
break;
}
}

protected override void FillResolve(Uri context, string[] entityTypes,
SPClaim resolveInput, List<PickerEntity> resolved)
{
return;

Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity
(resolveInput.ClaimType, resolveInput.Value);

resolved.Add(pe);
}

protected override void FillResolve(Uri context, string[] entityTypes,
string resolveInput, List<PickerEntity> resolved)
{
return;

//create a matching entity and add it to the return list of picker entries
(ClearanceClaimType, resolveInput);

resolved.Add(pe);

pe = GetPickerEntity(CaveatClaimType, resolveInput);
resolved.Add(pe);

}

private Microsoft.SharePoint.WebControls.PickerEntity GetPickerEntity
(string ClaimType, string ClaimValue)
{
Microsoft.SharePoint.WebControls.PickerEntity pe = CreatePickerEntity();

// set the claim associated with this match & tooltip displayed
pe.Claim = CreateClaim(ClaimType, ClaimValue, ClaimValueType);
pe.Description = SecurityClearance.ProviderDisplayName + ":" + ClaimValue;

// Set the text displayed in people picker
pe.DisplayText = ClaimValue;

// Store in hash table, plug in as a role type entity & flag as resolved
pe.EntityData[Microsoft.SharePoint.WebControls.PeopleEditorEntityDataKeys.
DisplayName] = ClaimValue;
pe.EntityType = SPClaimEntityTypes.FormsRole;
pe.IsResolved = true;

pe.EntityGroupName = "Additional Claims";
return pe;
}

protected override void FillSchema(SPProviderSchema schema)
{
schema.AddSchemaElement(new Microsoft.SharePoint.WebControls.SPSchemaElement(
Microsoft.SharePoint.WebControls.PeopleEditorEntityDataKeys.DisplayName,
"Display Name", Microsoft.SharePoint.WebControls.SPSchemaElementType.Both));
}

protected override void FillSearch(Uri context, string[] entityTypes,
string searchPattern, string hierarchyNodeID,int maxCount,
SPProviderHierarchyTree searchTree)
{
return;

// The node where we will place our matches
Microsoft.SharePoint.WebControls.SPProviderHierarchyNode matchNode = null;

(ClearanceClaimType, searchPattern);

if (!searchTree.HasChild(“SecurityClearance”))
{ // create the node so that we can show our match in there too
matchNode = new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode
(SecurityClearance.ProviderInternalName, “Security Clearance”,
“SecurityClearance”, true);
searchTree.AddChild(matchNode);
}
else
{
// get the node for this security level
matchNode = searchTree.Children.Where(theNode => theNode.HierarchyNodeID
== “SecurityClearance”).First();
}

// add the picker entity to our tree node
matchNode.AddEntity(pe);
}

protected override void FillClaimsForEntity(Uri context, SPClaim entity, List<SPClaim> claims)
{
. . .

DateTime now = DateTime.Now;
if((now.DayOfWeek == DayOfWeek.Saturday)||(now.DayOfWeek == DayOfWeek.Sunday))
{
claims.Add(CreateClaim(WorkDayClaimType,”false”, WorkDayClaimValueType));
return;
}

DateTime start = new DateTime(now.Year, now.Month, now.Day, 9, 0, 0)); //9 o'clock AM
DateTime end = new DateTime(now.Year, now.Month, now.Day, 17, 0, 0)); //5 o'clock PM

if ((now < start) || (now > end))
{
claims.Add(CreateClaim(WorkDayClaimType,”false”, WorkDayClaimValueType));
return;
}

claims.Add(CreateClaim(WorkDayClaimType, ”true”, WorkDayClaimValueType));
}

http://intranet/_vti_bin/listdata.svc

Deployed as a Farm Level Feature Receiver – requires more code
Must inherit from SPClaimProviderFeatureReceiver (lots of examples)

Can deploy multiple claim providers
Called in order of deployment

Once deployed - Available in every web app, in very zone
Can cause performance issues
When user logs in, all Custom Claim Providers deployed get called

Set IsUsedByDefault property in Feature Receiver Def'n to False;
then turn it on manually for required web apps

Reach out to SQL database, LDAP, Repository for attributes
which will get added as claims
Custom Claim Provider running in the context of the web
application, and not the site the user is logging into
Logged in as the Central Admin Service Account
Do not have context
(Most methods have no HTTP Context nor SPContext.Current)

Cannot directly access data on the Site you signed into

For Debugging use a Claims Testing Web Part in SharePoint:
http://blogs.technet.com/b/speschka/archive/2010/02/13/figuring-out-
what-claims-you-have-in-sharepoint-2010.aspx

REGISTER NOW!
www.sharepointconference.com

Join us in Las
Vegas for
SharePoint
Don’t miss this Engage with
the
Conference opportunity to community
2012!
join us in Las
Give yourself a Vegas at the
competitive edge Mandalay Bay Share
insights
and get the inside
scoop about
November 12-15
'SharePoint 15' while Learn about
learning how to what’s coming
next, from the
better use people who
built the
SharePoint 2010 product

SharePoint Saturday Toronto July 2012 - Antonio Maio

More Related Content

What's hot (16)

Viewers also liked (17)

Similar to SharePoint Saturday Toronto July 2012 - Antonio Maio (20)

More from AntonioMaio2 (20)

Recently uploaded (20)

SharePoint Saturday Toronto July 2012 - Antonio Maio

Editor's Notes