SharePoint 2010 Role Assignment to Claims(Claim Based Authentication)

Claims Authentication:
Claims Authentication is a new feature in SharePoint 2010 and understanding it will assist administrators in designing and maintaining robust infrastructures and help make implementing other functionality (such as PeoplePicker) a little easier. It also provides many of the details related to setting up a trust configuration, an explanation of runtime considerations and management, configuration details, and programmatic implementations or the use of the extensibility points to turn federated access into a federated SharePoint Server 2010 business solution. 

Claims:
An identity provider makes claims about a user. A good example of an identity provider is Live ID. So Live ID will claim to have attributes and their values. For Example:
Identity Provider "provider of the attributes" contains username attribute containing Himanshu. A custom identity provider created by a hacker also contains an account with username attribute named Himanshu. Both identity providers are making claims about a user. The consumer "SharePoint 2010" must choose which claim it's going to trust. SharePoint 2010 by itself will never trust either claim without being told to do so. In order for SharePoint to use a claim, it must first trust that claim which is setup by you the SharePoint administrator. If claims are trusted, then SharePoint can authenticate and authorize over that claim.

So Here is code for setup of a claim so that sharepoint can trust.

public static void ApplyClaims(SPWeb web, string claimValue)
        {
            SPClaimProviderManager claimMgr = SPClaimProviderManager.Local;
            if (claimMgr != null)
            {
                SPClaim claim = new SPClaim(IPMRoleClaimType, claimValue, StringTypeClaim, SPOriginalIssuers.Format(SPOriginalIssuerType.TrustedProvider, IPMClaimsIdentifier));
                string userName = claimMgr.EncodeClaim(claim);
                // SPUser spUser = web.EnsureUser(userName);
                SPUserInfo info = new SPUserInfo
                {
                    LoginName = userName,
                    Name = claimValue
                };

                SPRoleAssignment roleAssignmentClaim = new SPRoleAssignment(info.LoginName, info.Email, info.Name, info.Notes);
                var tempNew = web.RoleDefinitions["Full Control"];
                roleAssignmentClaim.RoleDefinitionBindings.Add(tempNew);
                web.RoleAssignments.Add(roleAssignmentClaim);
            }
        }

Comments

  1. With the help of SQL Server Management Studio or Transact-SQL, we can grant permissions on a single or multiple stored procedure in SQL. These permissions can be granted to an existing user, database role, or application role in the database.
    Grant Permission on stored procedures

    ReplyDelete

Post a Comment

Popular posts from this blog

C# Copy files from one server to another

Export SharePoint Online Group Users to Excel using Powershell