SharePoint Saturday Toronto July 2012 - Antonio Maio

  • 981 views
Uploaded on

SharePoint Saturday Toronto - Antonio Maio July 2012 - Developing Custom Claim Providers for Authorization

SharePoint Saturday Toronto - Antonio Maio July 2012 - Developing Custom Claim Providers for Authorization

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
981
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
17
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • We’re adding a claim with a name of http://schemas.sample.local/clearance and the value in that claim is a string

Transcript

  • 1. Antonio.maio@titus.comwww.trustsharepoint.com
  • 2. SponsorsEnterpriseStandard
  • 3. Antonio.maio@titus.comwww.trustsharepoint.com
  • 4. Options for Retrieving/Managing Claims Claim Rule Format: SAML/WS-Fed 4. Authenticates user & creates Claim Rule Token with token … Claims 3. Get info (claims) about user 5. User is authenticated and SharePoint 2010 now iAttributeStore … has user’s claims Secure Token Server Database or 2. Requests (STS) Directory authentication & EX. Active Directory Ex. Active DirectorySharePoint token Federation Services (ADFS version 2.0) 2010 Custom Claim Provider Custom Claim Provider Trusted Identity Provider … 1. User login (with username & Client System password) Ex. web browser SQL DB, LDAP, PKI etc…
  • 5. Focus: Custom Claim ProvidersSharePoint 2010 Custom Claim Provider Custom Claim Provider … Active Directory 1. User login (with username & Client System password) Ex. web browser
  • 6. Microsoft.SharePointMicrosoft.IdentityModelBrowse to find it in Program FilesReference AssembliesMicrosoftWindows IdentityFoundationv3.5Microsoft.IdentityModel.dllusing System;using System.Xml;using System.IO;using System.ServiceModel.Channels;using System.Collections.Generic;using System.Linq;using System.Text;using Microsoft.SharePoint;using Microsoft.SharePoint.Administration;using Microsoft.SharePoint.Administration.Claims;using Microsoft.SharePoint.WebControls;namespace SampleClaimProvider{ public class ClearanceClaimProvider : SPClaimProvider { public ClearanceClaimProvider (string displayName) : base(displayName) { } }}
  • 7. 4. Implement the Abstract class Methods: public class ClearanceClaimProvider:SPClaimProvider FillClaimTypes { } FillClaimValueTypes FillClaimsForEntity Right click on SPClaimProvider and select… FillEntityTypes FillHierarchy FillResolve(2 overrides) FillSchema FillSearch Properties: Name SupportsEntityInformation SupportsHierarchy SupportsResolve SupportsSearch
  • 8. Returns thepublic override string Name Claim Provider {get { return ProviderInternalName; }} unique namepublic override bool SupportsEntityInformation Must return True {get { return true; }} for Claims Augmentationpublic override bool SupportsHierarchy Supports hierarchy {get { return true; }} display in people pickerpublic override bool SupportsResolve {get { return true; }} Supports resolving claim valuespublic override bool SupportsSearch {get { return true; }} Supports search operation
  • 9. internal static string ProviderDisplayName{ get { return “Security Clearance"; }}internal static string ProviderInternalName{ get { return “SecurityClearanceProvider"; }}
  • 10. private string[] SecurityLevels new string[] { None Confidential Secret Top Secret };private static string ClearanceClaimType{ get { return "http://schemas.sample.local/clearance"; }}private static string ClearanceClaimValueType{ get { return Microsoft.IdentityModel.Claims.ClaimValueTypes.String;}}• Adding a claim with type URL http://schemas.sample.local/clearance and the claim’s value is a string
  • 11. FillClaimTypes FillClaimValueTypes FillClaimsForEntityprotected override void FillClaimTypes(List<string> claimTypes){ if (claimTypes == null) throw new ArgumentNullException("claimTypes"); claimTypes.Add(ClearanceClaimType);}protected override void FillClaimValueTypes(List<string> claimValueTypes){ if (claimValueTypes == null throw new ArgumentNullException("claimValueTypes"); claimValueTypes.Add(ClearanceClaimValueType);}
  • 12. FillClaimsForEntityprotected override void FillClaimsForEntity(Uri context, SPClaim entity, List<SPClaim> claims){ if (entity == null) throw new ArgumentNullException("entity"); if (claims == null) throw new ArgumentNullException("claims"); if (String.IsNullOrEmpty(entity.Value)) throw new ArgumentException("Argument null or empty", "entity.Value"); //if existing Clearance claim is „top secret‟ then add lower levels clearances if (. . .) { claims.Add(CreateClaim(ClearanceClaimType, SecurityLevels[0], ClearanceClaimValueType)); claims.Add(CreateClaim(ClearanceClaimType, SecurityLevels[1], ClearanceClaimValueType)); claims.Add(CreateClaim(ClearanceClaimType, SecurityLevels[2], ClearanceClaimValueType)); } . . .}
  • 13. Other Important Methods: Replacing the People PickerFillEntityTypes Set of possible claims to display in the people pickerFillHierarchy Hierarchy for displaying claims in the people pickerFillResolve(2 overrides) Resolving claims specified in the people pickerFillSchema Specifies the schema that is used by people picker to display claims/entity dataFillSearch Fills in search results in people picker window
  • 14. FillEntityTypesFillHierarchyFillResolve(2 overrides)FillSchemaFillSearch
  • 15. protected override void FillEntityTypes(List<string> entityTypes){ //Return the type of entity claim we are using entityTypes.Add(SPClaimEntityTypes.FormsRole);}
  • 16. protected override void FillHierarchy(Uri context, string[] entityTypes, string hierarchyNodeID, int numberOfLevels, SPProviderHierarchyTree hierarchy){ if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole)) return; switch (hierarchyNodeID) { case null: // when it 1st loads, add all our nodes hierarchy.AddChild(new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode (SecurityClearance.ProviderInternalName, “SecurityClearance”, “Security Clearance”, true)); hierarchy.AddChild(new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode (SecurityClearance.ProviderInternalName, “Caveat”, “Caveat”, true)); break; default: break; } }
  • 17. protected override void FillResolve(Uri context, string[] entityTypes, SPClaim resolveInput, List<PickerEntity> resolved){ if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole)) return; Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity (resolveInput.ClaimType, resolveInput.Value); resolved.Add(pe);}
  • 18. protected override void FillResolve(Uri context, string[] entityTypes, string resolveInput, List<PickerEntity> resolved){ if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole)) return; //create a matching entity and add it to the return list of picker entries Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity (ClearanceClaimType, resolveInput); resolved.Add(pe); pe = GetPickerEntity(CaveatClaimType, resolveInput); resolved.Add(pe);}
  • 19. private Microsoft.SharePoint.WebControls.PickerEntity GetPickerEntity (string ClaimType, string ClaimValue){ Microsoft.SharePoint.WebControls.PickerEntity pe = CreatePickerEntity(); // set the claim associated with this match & tooltip displayed pe.Claim = CreateClaim(ClaimType, ClaimValue, ClaimValueType); pe.Description = SecurityClearance.ProviderDisplayName + ":" + ClaimValue; // Set the text displayed in people picker pe.DisplayText = ClaimValue; // Store in hash table, plug in as a role type entity & flag as resolved pe.EntityData[Microsoft.SharePoint.WebControls.PeopleEditorEntityDataKeys. DisplayName] = ClaimValue; pe.EntityType = SPClaimEntityTypes.FormsRole; pe.IsResolved = true; pe.EntityGroupName = "Additional Claims"; return pe;}
  • 20. protected override void FillSchema(SPProviderSchema schema){ schema.AddSchemaElement(new Microsoft.SharePoint.WebControls.SPSchemaElement( Microsoft.SharePoint.WebControls.PeopleEditorEntityDataKeys.DisplayName, "Display Name", Microsoft.SharePoint.WebControls.SPSchemaElementType.Both));}
  • 21. protected override void FillSearch(Uri context, string[] entityTypes, string searchPattern, string hierarchyNodeID,int maxCount, SPProviderHierarchyTree searchTree){ if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole)) return; // The node where we will place our matches Microsoft.SharePoint.WebControls.SPProviderHierarchyNode matchNode = null; Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity (ClearanceClaimType, searchPattern); if (!searchTree.HasChild(“SecurityClearance”)) { // create the node so that we can show our match in there too matchNode = new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode (SecurityClearance.ProviderInternalName, “Security Clearance”, “SecurityClearance”, true); searchTree.AddChild(matchNode); } else { // get the node for this security level matchNode = searchTree.Children.Where(theNode => theNode.HierarchyNodeID == “SecurityClearance”).First(); } // add the picker entity to our tree node matchNode.AddEntity(pe);}
  • 22. protected override void FillSearch(Uri context, string[] entityTypes, string searchPattern, string hierarchyNodeID,int maxCount, SPProviderHierarchyTree searchTree){ if (!EntityTypesContain(entityTypes, SPClaimEntityTypes.FormsRole)) return; // The node where we will place our matches Microsoft.SharePoint.WebControls.SPProviderHierarchyNode matchNode = null; Microsoft.SharePoint.WebControls.PickerEntity pe = GetPickerEntity (ClearanceClaimType, searchPattern); if (!searchTree.HasChild(“SecurityClearance”)) { // create the node so that we can show our match in there too matchNode = new Microsoft.SharePoint.WebControls.SPProviderHierarchyNode (SecurityClearance.ProviderInternalName, “Security Clearance”, “SecurityClearance”, true); searchTree.AddChild(matchNode); } else { // get the node for this security level matchNode = searchTree.Children.Where(theNode => theNode.HierarchyNodeID == “SecurityClearance”).First(); } // add the picker entity to our tree node matchNode.AddEntity(pe);}
  • 23. protected override void FillClaimsForEntity(Uri context, SPClaim entity, List<SPClaim> claims){ . . . DateTime now = DateTime.Now; if((now.DayOfWeek == DayOfWeek.Saturday)||(now.DayOfWeek == DayOfWeek.Sunday)) { claims.Add(CreateClaim(WorkDayClaimType,”false”, WorkDayClaimValueType)); return; } DateTime start = new DateTime(now.Year, now.Month, now.Day, 9, 0, 0)); //9 oclock AM DateTime end = new DateTime(now.Year, now.Month, now.Day, 17, 0, 0)); //5 oclock PM if ((now < start) || (now > end)) { claims.Add(CreateClaim(WorkDayClaimType,”false”, WorkDayClaimValueType)); return; } claims.Add(CreateClaim(WorkDayClaimType, ”true”, WorkDayClaimValueType));}
  • 24. http://intranet/_vti_bin/listdata.svc
  • 25. Deployed as a Farm Level Feature Receiver – requires more code Must inherit from SPClaimProviderFeatureReceiver (lots of examples)Can deploy multiple claim providers Called in order of deploymentOnce deployed - Available in every web app, in very zone Can cause performance issues When user logs in, all Custom Claim Providers deployed get called Set IsUsedByDefault property in Feature Receiver Defn to False; then turn it on manually for required web apps
  • 26. Reach out to SQL database, LDAP, Repository for attributeswhich will get added as claimsCustom Claim Provider running in the context of the webapplication, and not the site the user is logging into Logged in as the Central Admin Service Account Do not have context (Most methods have no HTTP Context nor SPContext.Current) Cannot directly access data on the Site you signed intoFor Debugging use a Claims Testing Web Part in SharePoint: http://blogs.technet.com/b/speschka/archive/2010/02/13/figuring-out- what-claims-you-have-in-sharepoint-2010.aspx
  • 27. SponsorsEnterpriseStandard
  • 28. REGISTER NOW! www.sharepointconference.comJoin us in LasVegas forSharePoint Don’t miss this Engage with theConference opportunity to community2012! join us in LasGive yourself a Vegas at thecompetitive edge Mandalay Bay Share insightsand get the insidescoop about November 12-15SharePoint 15 while Learn aboutlearning how to what’s coming next, from thebetter use people who built theSharePoint 2010 product