private string[] GetCredentialsFromSSS()
{
string[] Credentials = new String[2];
//Get the provider info
string ssoProvider = this.LobSystemInstance.GetProperties()["SsoProviderImplementation"] as string;
if (ssoProvider == null)
{
throw new LobBusinessErrorException("The SSO provider information is missing to retrieve the credentials");
}
Type providerType = Type.GetType(ssoProvider);
ISecureStoreProvider provider = (ISecureStoreProvider)Activator.CreateInstance(providerType);
//Get the credentials
string appTargetName = this.LobSystemInstance.GetProperties()["SecondarySsoApplicationId"] as string;
SecureStoreCredentialCollection credentials = provider.GetCredentials(appTargetName);
foreach (ISecureStoreCredential cred in credentials)
{
if (cred.CredentialType == SecureStoreCredentialType.UserName)
{
Credentials[0] = GetString(cred.Credential);
}
else if (cred.CredentialType == SecureStoreCredentialType.Password)
{
Credentials[1] = GetString(cred.Credential);
}
}
return(Credentials);
}
/// <summary>
/// If not using windows authentication, might want to try running under elevated permissions and giving the farm account write access to the SSS.
/// </summary>
/// <param name="providerTypeName"></param>
/// <param name="applicationId"></param>
/// <param name="userName"></param>
/// <param name="password"></param>
public static void WriteCredentialsToSecureStore(string providerTypeName, string applicationId, string userName, string password)
{
SPServiceContext context = SPServiceContext.GetContext(SPServiceApplicationProxyGroup.Default, SPSiteSubscriptionIdentifier.Default);
SecureStoreServiceProxy ssp = new SecureStoreServiceProxy();
ISecureStore iss = ssp.GetSecureStore(context);
IList <TargetApplicationField> applicationFields = iss.GetUserApplicationFields(applicationId);
IList <ISecureStoreCredential> creds =
new List <ISecureStoreCredential>(applicationFields.Count);
foreach (TargetApplicationField taf in applicationFields)
{
switch (taf.CredentialType)
{
case SecureStoreCredentialType.UserName:
case SecureStoreCredentialType.WindowsUserName:
creds.Add(new SecureStoreCredential(MakeSecureString(userName), taf.CredentialType));
break;
case SecureStoreCredentialType.Password:
case SecureStoreCredentialType.WindowsPassword:
creds.Add(new SecureStoreCredential(MakeSecureString(password), taf.CredentialType));
break;
}
}
using (SecureStoreCredentialCollection credentials = new SecureStoreCredentialCollection(creds))
{
iss.SetCredentials(applicationId, credentials);
}
}
public static SecureStoreCredentialCollection GetCredentials(string targetApplicationId)
{
SecureStoreCredentialCollection credentials = null;
var iSecureStore = GetSecureStore();
credentials = iSecureStore.GetCredentials(targetApplicationId);
return(credentials);
}
public static List <string> VerifyStoredCredentials(SecureStoreCredentialCollection credentials)
{
var vcreds = new List <string>();
foreach (SecureStoreCredential ssc in credentials)
{
vcreds.Add(ReadSecureString(ssc.Credential));
}
return(vcreds);
}
/// <summary>
/// Get credentials from Secure Store Service
/// </summary>
/// <param name="targetAppId">Target Application ID for the Secure Store</param>
/// <param name="site"></param>
/// <returns>Object of NetworkCredential class. This class provides credentials for password-based authentication schemes such as basic, digest, NTLM, and Kerberos authentication.</returns>
public static SecureStoreCredentials GetCredentials(string targetAppId, SPSite site)
{
// Get the default Secure Store Service provider.
ISecureStoreProvider provider = SecureStoreProviderFactory.Create();
if (provider == null)
{
throw new Exception("Unable to get an ISecureStoreProvider.");
}
ISecureStoreServiceContext providerContext = provider as ISecureStoreServiceContext;
if (providerContext != null)
{
providerContext.Context = SPServiceContext.GetContext(site);
}
var credentials = new SecureStoreCredentials();
using (SecureStoreCredentialCollection credentialCollection = provider.GetCredentials(targetAppId))
{
foreach (ISecureStoreCredential credential in credentialCollection)
{
switch (credential.CredentialType)
{
case SecureStoreCredentialType.UserName:
credentials.UserName = GetStringFromSecureString(credential.Credential);
break;
case SecureStoreCredentialType.Password:
credentials.Password = credential.Credential;
break;
case SecureStoreCredentialType.WindowsUserName:
credentials.WindowsUserName = GetStringFromSecureString(credential.Credential);
break;
case SecureStoreCredentialType.WindowsPassword:
credentials.WindowsPassword = credential.Credential;
break;
case SecureStoreCredentialType.Certificate:
credentials.Certificate = GetStringFromSecureString(credential.Credential);
break;
case SecureStoreCredentialType.CertificatePassword:
credentials.CertificatePassword = credential.Credential;
break;
}
}
}
return(credentials);
}
public static Credentials GetExtentrixWindowsCredentials(Page page, LogLocationEnum LogLocation, SPUser user)
{
WindowsCredentials extentrixCredentials = null;
SecureStoreCredentialCollection ssCreds = null;
SPServiceContext context = SPServiceContext.GetContext(SPServiceApplicationProxyGroup.Default, SPSiteSubscriptionIdentifier.Default);
SecureStoreServiceProxy ssp = new SecureStoreServiceProxy();
ISecureStore iss = ssp.GetSecureStore(context);
try
{
ssCreds = iss.GetCredentials(Constants.TargetAppID);
if (ssCreds != null && ssCreds.Count() > 0)
{
extentrixCredentials = new WindowsCredentials();
IList <TargetApplicationField> applicationFields = GetTargetApplicationFields(Constants.TargetAppID);
foreach (TargetApplicationField taf in applicationFields)
{
switch (taf.Name)
{
case "Windows User Name":
extentrixCredentials.UserName =
ReadSecureString(ssCreds[applicationFields.IndexOf(taf)].Credential);
break;
case "Windows Password":
extentrixCredentials.Password =
ReadSecureString(ssCreds[applicationFields.IndexOf(taf)].Credential);
break;
case "Domain":
extentrixCredentials.Domain =
ReadSecureString(ssCreds[applicationFields.IndexOf(taf)].Credential);
break;
}
}
}
}
catch (SecureStoreServiceCredentialsNotFoundException ex)
{
Logger.Default.Error(LogLocation, ex.Message, ex);
}
catch (Exception ex)
{
Logger.Default.Info(LogLocation, "SecureStore: Exception getting Windows Credentials");
Logger.Default.Error(LogLocation, ex.Message, ex);
}
return(extentrixCredentials);
}
public static void SetExtentrixWindowsCredentials(LogLocationEnum LogLocation, SPUser user, WindowsCredentials extentrixCredentials)
{
try
{
IList <TargetApplicationField> applicationFields = GetTargetApplicationFields(Constants.TargetAppID);
IList <ISecureStoreCredential> creds = new List <ISecureStoreCredential>(applicationFields.Count);
using (SecureStoreCredentialCollection credentials = new SecureStoreCredentialCollection(creds))
{
foreach (TargetApplicationField taf in applicationFields)
{
switch (taf.Name)
{
case "Windows User Name":
creds.Add(new SecureStoreCredential(MakeSecureString(extentrixCredentials.UserName),
SecureStoreCredentialType.WindowsUserName));
break;
case "Windows Password":
creds.Add(new SecureStoreCredential(MakeSecureString(extentrixCredentials.Password),
SecureStoreCredentialType.WindowsPassword));
break;
case "Domain":
creds.Add(new SecureStoreCredential(MakeSecureString(extentrixCredentials.Domain)
, SecureStoreCredentialType.Generic));
break;
}
}
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Site.ID))
{
using (SPWeb web = site.OpenWeb())
{
SPServiceContext context = SPServiceContext.GetContext(SPServiceApplicationProxyGroup.Default, SPSiteSubscriptionIdentifier.Default);
SecureStoreServiceProxy ssp = new SecureStoreServiceProxy();
ISecureStore iss = ssp.GetSecureStore(context);
iss.SetUserCredentials(Constants.TargetAppID, GetSSClaim(user), credentials);
}
}
});
}
}
catch (Exception ex)
{
Logger.Default.Info(LogLocation, "SecureStore: Exception setting windows credentials");
Logger.Default.Error(LogLocation, ex.Message, ex);
}
}
public static void SetCredentials(string userName, string userPassword, string targetApplicationId)
{
IList <ISecureStoreCredential> creds = new List <ISecureStoreCredential>();
creds.Add(new SecureStoreCredential(MakeSecureString(userName), SecureStoreCredentialType.UserName));
creds.Add(new SecureStoreCredential(MakeSecureString(userPassword), SecureStoreCredentialType.Password));
using (var credentials = new SecureStoreCredentialCollection(creds))
{
var iSecureStore = GetSecureStore();
iSecureStore.SetUserCredentials(targetApplicationId, GetSecureStoreClaim(SPContext.Current.Web.CurrentUser.UserId.NameId), credentials);
//if the target application is using group type credentials then call this.//iss.SetGroupCredentials(targetApplicationID, credentials);
}
}
internal static NetworkCredential GetSecureStoreCredentials(SPSite site, string secureStoreAppId)
{
string _userName = null;
string _password = null;
NetworkCredential credentials = null;
try
{
SPSecurity.RunWithElevatedPrivileges(() =>
{
SecureStoreProvider ssp = new SecureStoreProvider();
SPServiceContext context = SPServiceContext.GetContext(site);
ssp.Context = context;
SecureStoreCredentialCollection cc =
ssp.GetCredentials(secureStoreAppId);
foreach (SecureStoreCredential c in cc)
{
if (c.CredentialType == SecureStoreCredentialType.UserName)
{
_userName = c.Credential.ToClrString();
}
if (c.CredentialType == SecureStoreCredentialType.Password)
{
_password = c.Credential.ToClrString();
}
}
credentials = new NetworkCredential(_userName, _password);
});
}
catch (Exception ex)
{
throw new Exception("Unable to get credentials for application " + secureStoreAppId);
}
return(credentials);
}
private static void PopulateCredentialsMap(SecureStoreProvider secureStoreProvider, SecureStoreCredentialCollection credentials, string applicationId, Dictionary <string, string> credentialMap)
{
var fields = secureStoreProvider.GetTargetApplicationFields(applicationId);
for (var i = 0; i < fields.Count; i++)
{
var field = fields[i];
var credential = credentials[i];
var decryptedCredential = ExtractString(credential.Credential);
credentialMap.Add(field.Name, decryptedCredential);
}
}
