Claims based authorization in SharePoint 2010 : Real life example – Part 3

April 19, 2010 Pascal Bonheur 2 comments

So now that we have seen high level overview of the claims picker, let’s focus on how the claims enrichment is done.

First thing to know, when you create a custom claim provider you actually derive a class from SPClaimProvider and then you specify what your claim provider is supporting by overriding the following methods:

public override bool SupportsEntityInformation
{
      get
      {
          return true;
      }
}

public override bool SupportsHierarchy
{
      get
      {
          return true;
      }
}

public override bool SupportsResolve
{
      get
      {
          return true;
      }
}

public override bool SupportsSearch
{
      get
      {
          return true;
      }
}

This code basically says that our custom claims provider allow users to search for claims, support hierarchy (meaning that it displays a tree in the picker – cf. Post http://www.pascalbonheur.com/2010/04/claims-based-authorization-in-sharepoint-2010-real-life-example-part-2/) and also support resolution.

Next thing that we want to code is the actual claims enrichment, ie. the place where the claims are actually added to the current user depending on who is logged in into the system.

This code is implemented in the FillClaimsForEntity method that has the following signature :

protected override void FillClaimsForEntity(Uri context, SPClaim entity, List<SPClaim> claims)

In this method, in our case (claims coming from a SQL Database), we create a connection to a SQL Database to get the current year of the current user. In order to do that, we get the current user login from one of the claim (could be retrieve with the usual SPContext.Current.Web.CurrentUser…) and call the database.

//here, entity is the current Claim (cf. method FillClaimsForEntityDefinition)

string currentUser = entity.Value.Substring(entity.Value.IndexOf("|") + 1);

string currentYear = DAL.GetCurrentYear(currentUser);

Then the key is to add the claim to the claims collection so that the user is now enriched with this claim.

claims.Add(CreateClaim(“http://schema.DEMO.local/year”,currentYear,Microsoft.IdentityModel.Claims.ClaimValueTypes.String);

Now the user has the appropriate claim for his current Year. It means that if we give access to a SharePoint list for all the students of 2006, users will have access to this list if they are in this year in the SQL database.

In the next post on this serie, I will cover the claim resolution.

Dev SharePoint, SharePoint 2010 Authentication, Claims, Custom Claim Provider

#1 | Written by Pascal Bonheur about 2 years ago.

For information, this code is not working on the beta… you will have problem with the name resolution that only works in the RC ….
#2 | Written by Chi about 2 years ago.

Hi Pascal,

Great article and I have been looking for sample code for a while now. I was wondering if you have sample code we can download. Where can I find the post on “Claims resolution”.

Here is my requirement which is somewhat similar to yours

1) All my users reside in AD but are not part of the existing sharepoint site if they are new to the site
2) My client wants new users to complete a form and based on their input dynamically add them to roles in Sharepoint.
3) Once the users are added to the team site, we grant them access to certain lists based on the roles they belong.

Here are my questions
1) how to accomplish this task with claims based authentication.
2) Where can I find additional information on claims based authentication and especially code examples.

Thanks
Chi.

#1 | Pinged by DEAN about 2 years ago.

CheapTabletsOnline.Com. Canadian Health&Care.Special Internet Prices.Best quality drugs.No prescription online pharmacy. High quality drugs. Buy drugs online…

Buy:Prednisolone.Zyban.Nexium.Mega Hoodia.Actos.Prevacid.Valtrex.Arimidex.Lumigan.Zovirax.Synthroid.100% Pure Okinawan Coral Calcium.Accutane.Retin-A.Petcam (Metacam) Oral Suspension.Human Growth Hormone….
#2 | Pinged by ALFREDO about 2 years ago.

NEW FASHION store. Original designers collection at low prices!!! 20 % TO 70 % OFF. END OF SEASON SALE!!!

…

BUY FASHION. TOP BRANDS: GUCCI, DOLCE&GABBANA, BURBERRY, DIESEL, ICEBERG, ROBERTO CAVALLI, EMPORIO ARMANI, VERSACE…

Pascal Bonheur

Claims based authorization in SharePoint 2010 : Real life example – Part 3

Leave a Comment

Recent Posts

Browse by Tags