Wednesday, May 9, 2012

Retrieving Credentials from Secure Store Service

MOSS 2007 makes use of Single Sign On Service which has been replaced by Secure Store Service in SharePoint 2010. Secure Store Service can be used authenticate External Applications.
To see how to configure SSS please visit Configure the Secure Store Service SharePoint 2010


We will create a custom web part to retrieve current user credentials.
Open Visual Studio and create new Empty SharePoint Project.
Add new Visual webpart.
Add reference to following dll
  • Microsoft.BusinessData (C:\Windows\assembly\GAC_MSIL\Microsoft.Office.SecureStoreService\14.0.0.0__71e9bce111e9429c\Microsoft.Office.SecureStoreService.dll )
  • Microsoft.Office.SecureStoreService.Server
    (C:\Windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll)
  • Microsoft.SharePoint
Add following method in visual webpart's usercontrol code behind

 private static string GetStringFromSecureString(SecureString secStr)
        {
            if (secStr == null)
            {
                return null;
            }

            IntPtr pPlainText = IntPtr.Zero;
            try
            {
                pPlainText = Marshal.SecureStringToBSTR(secStr);
                return Marshal.PtrToStringBSTR(pPlainText);
            }
            finally
            {
                if (pPlainText != IntPtr.Zero)
                {
                    Marshal.FreeBSTR(pPlainText);
                }
            }
        }

Now in user control design add two labels "lblUsername" and "lblPassword". Then in code behind file add following code in page load.

string _TargetApplicationID = "MyCustomApp";

            ISecureStoreProvider _ISecureStoreProvider = SecureStoreProviderFactory.Create();
            if (_ISecureStoreProvider == null)
            {
                throw new InvalidOperationException("Unable to get an ISecureStoreProvider");
            }

            ISecureStoreServiceContext _ISecureStoreServiceContext = _ISecureStoreProvider as ISecureStoreServiceContext;
            _ISecureStoreServiceContext.Context = SPServiceContext.GetContext(SPContext.Current.Site);
           
            try
            {
                SecureStoreCredentialCollection _SecureStoreCredentialCollection = _ISecureStoreProvider.GetCredentials(_TargetApplicationID);
                if (_SecureStoreCredentialCollection != null)
                {
                    foreach (SecureStoreCredential _SecureStoreCredential in _SecureStoreCredentialCollection)
                    {
                        if (_SecureStoreCredential == null)
                            continue;

                        switch (_SecureStoreCredential.CredentialType)
                        {
                            case SecureStoreCredentialType.UserName:
                                 lblUsername.Text = GetStringFromSecureString(_SecureStoreCredential.Credential);
                                break;

                            case SecureStoreCredentialType.Password:
                                  lblPassword.Text = GetStringFromSecureString(_SecureStoreCredential.Credential);
                                break;
                        }
                    }
                }
           }
            catch (SecureStoreException e)
            {
                throw;
            }



Sunday, May 6, 2012

Configure the Secure Store Service SharePoint 2010

The Secure Store Service is a claims-aware authorization service that includes a secure database for storing credentials. These credentials usually consists of username and passwords but can also contain some other fields. Then these credentials can be used to connect external systems like SQL server, BCS etc.


The first time you access the Secure Stored Service it will ask you generate a new encryption key. This key will be used to encrypt and decrypt credentials stored in Secure store.


Generate new encryption key
Open Central Admin site. 
Go to Application Management > Service Applications > Manage Service Applications.
Select Secure Store Service and click Manage in Ribbon.
On Ribbon click "Generate New Key". Enter Pass Phrase and click OK.


Next step is to create Target Application. A Target Application Maps credential of a user, group to a set of encrypted credentials stored in secure store.


Create Target Application
Click "New" in Ribbon under "Manage Target Application" Group.
"Target Application ID": This is unique string to identify target application.
"Display Name": Display name of target application.
"Email": Email of primary contact of target Application.
Target Application Type": Drop-down list, choose the target application type: There are two primary types for creating a target application:
  • Group, for mapping all the members of one or more groups to a single set of credentials on the external data source.
  • Individual, for mapping each user to a unique set of credentials on the external data source.
Click Next. 
On this screen we can define fields that can be supply to external sources. By default two fields will be listed "Window User Name" and "Window Password".

Click Next.
Specify the Target Application Administrators and click OK.


Now if you have chosen Target Application Type as Individual the users can add individual credentials using default page
http://{your site url}/_layouts/SecureStoreSetCredentials.aspx?TargetAppId={TargetApplicationID}, where  {TargetApplicationID}  is the string typed in the "Target Application ID" box.










Popular Posts