public static SecurityIdentifier GetSidFromClaim(string claimValue)
{
SecurityIdentifier sid = null;
SPClaimProviderManager claimManager = SPClaimProviderManager.Local;
if (claimManager == null)
{
throw new ApplicationException("Unable to access the claims provider manager.");
}
try
{
SPClaim claim = claimManager.DecodeClaim(claimValue);
if (claim.OriginalIssuer.Equals("Windows", StringComparison.OrdinalIgnoreCase))
{
if (claim.ClaimType.Equals(Microsoft.IdentityModel.Claims.ClaimTypes.GroupSid, StringComparison.OrdinalIgnoreCase))
{
sid = new SecurityIdentifier(claim.Value);
}
else if (claim.ClaimType.Equals(Microsoft.SharePoint.Administration.Claims.SPClaimTypes.UserLogonName, StringComparison.OrdinalIgnoreCase))
{
NTAccount userAccount = new NTAccount(claim.Value);
sid = (SecurityIdentifier)userAccount.Translate(typeof(SecurityIdentifier));
}
}
}
catch (ArgumentException currentException)
{
GlymaSearchLogger.WriteTrace(LogCategoryId.Security, TraceSeverity.Unexpected, "The following exception occured when attempting to decode the claim, " + claimValue + " : " + currentException.ToString());
}
return(sid);
}
/// <summary>
/// Implement this method if the claims provider supports claims augmentation.
/// </summary>
/// <param name="context"></param>
/// <param name="entity"></param>
/// <param name="claims"></param>
protected override void FillClaimsForEntity(Uri context, SPClaim entity, List <SPClaim> claims)
{
if (null == entity)
{
throw new ArgumentNullException("entity");
}
if (null == claims)
{
throw new ArgumentNullException("claims");
}
//Add the role claim.
SPClaim userIdClaim = SPClaimProviderManager.DecodeUserIdentifierClaim(entity);
//Add claims for users.
List <string> allCRMUsers = CRMUserInfo.GetAllUsers();
if (allCRMUsers.Contains(userIdClaim.Value.ToLower()))
{
List <Claim> userClaims = CRMUserInfo.GetClaimsForUser(userIdClaim.Value.ToLower());
foreach (Claim claim in userClaims)
{
claims.Add(CreateClaim(claim.ClaimType, claim.Value, claim.ValueType));
}
}
}
internal static void VerifyPermissions(List <string> groups, string url)
{
//string currUserName = SPContext.Current.Web.CurrentUser.LoginName;
//string url = SPContext.Current.Site.Url;
try
{
/*SPSecurity.RunWithElevatedPrivileges(delegate ()
* {*/
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim userClaim = cpm.ConvertIdentifierToClaim(defaultUser, SPIdentifierTypes.WindowsSamAccountName);
using (SPSite s = new SPSite(url))
{
using (SPWeb w = s.RootWeb)
{
w.AllowUnsafeUpdates = true;
List <string> missingGroups;
List <SPGroup> spgroups = PermutationGroups(groups, w, out missingGroups);
if (spgroups.Count != groups.Count)
{
SPUser admin = w.EnsureUser(userClaim.ToEncodedString());
CreateMissingGroups(missingGroups, w, admin);
}
w.AllowUnsafeUpdates = false;
}
}
//});
}
catch (Exception ex)
{
Console.WriteLine("Error:\n" + ex.Message + "\n" + ex.StackTrace + "\n" + ex.InnerException);
}
}
internal void VerifyPermissions(List <string> permutations)
{
string currUserName = SPContext.Current.Web.CurrentUser.LoginName;
string url = SPContext.Current.Site.Url;
try
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// need to convert to claim due to us running against claims enabled web app
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim adminClaim = cpm.ConvertIdentifierToClaim(defaultUser, SPIdentifierTypes.WindowsSamAccountName);
using (SPSite s = new SPSite(url))
{
using (SPWeb w = s.RootWeb)
{
w.AllowUnsafeUpdates = true;
UpdateUserInformationList(w, GetClaimsForUser(true));
List <string> missingGroups;
List <SPGroup> groups = PermutationGroups(permutations, w, out missingGroups);
if (groups.Count != permutations.Count)
{
SPUser admin = w.EnsureUser(adminClaim.ToEncodedString());
groups.AddRange(CreateMissingGroups(missingGroups, w, admin));
}
SPUser cUser = w.EnsureUser(currUserName);
SPGroupCollection gUser = cUser.Groups;
foreach (SPGroup g in groups)
{
bool isAlreadyMember = false;
foreach (SPGroup gu in gUser)
{
if (gu.Name == g.Name)
{
isAlreadyMember = true;
break;
}
}
if (!isAlreadyMember)
{
g.AddUser(cUser);
#if DEBUG
this.Controls.Add(new LiteralControl("<div>Adding user to group:" + g.Name + "</div>"));
#endif
}
#if DEBUG
this.Controls.Add(new LiteralControl("<div>Already a member of group: " + g.Name + "</div>"));
#endif
}
w.AllowUnsafeUpdates = false;
}
}
});
}
catch (Exception ex)
{
this.Controls.Add(new LiteralControl("<div class='Error' style='display:none'>" + ex.Message + "</div><div>" + ex.StackTrace + "</div>"));
}
}
/// <summary>
/// DropClaimProvider method implmentation
/// </summary>
private void DropClaimProvider(ProxyClaimsProviderParameters prm)
{
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaimProviderDefinition ppv = cpm.GetClaimProvider(prm.ClaimProviderName);
if (ppv == null)
{
return;
}
if (ppv.TypeName.ToLower().Equals("sharepoint.identityservice.claimsprovider.identityserviceclaimsprovider"))
{
try
{
cpm.DeleteClaimProvider(ppv);
}
finally
{
cpm.Update(true);
}
if (prm.ClaimProviderMode == ProxyClaimsMode.Windows)
{
ReCreateWindowsClaimProvider(prm);
}
/* else
* {
* ReCreateTrustedClaimProvider(prm);
* } it seem that it is not needed */
}
}
private bool UpdateUserPermissions(SPWeb web, SPRoleAssignmentCollection roleAssignments, XmlNodeList principalUserNodes)
{
bool dirty = false;
foreach (XmlNode principalUserNode in principalUserNodes)
{
string loginName = principalUserNode.Attributes["login"].Value;
string userName = principalUserNode.Attributes["name"].Value;
try
{
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim userClaim = cpm.ConvertIdentifierToClaim(loginName, SPIdentifierTypes.WindowsSamAccountName);
SPUser user = web.EnsureUser(userClaim.ToEncodedString());
if (user == null)
{
throw new Exception();
}
SPPrincipal userPrincipal = (SPPrincipal)user;
try
{
SPRoleAssignment roleAssignment = roleAssignments.GetAssignmentByPrincipal(userPrincipal);
if (roleAssignment == null)
{
throw new Exception();
}
UpdatePrincipal(web, principalUserNode,
string.Format("{0,20}, '{1,15}'", userName, loginName),
roleAssignment);
}
catch
{
output.Append(string.Format("permissins missing for user: {0,20} with login: {1,15}, adding new..." + Environment.NewLine, userName, loginName));
SPRoleAssignment roleAssignmentNew = new SPRoleAssignment(userPrincipal);
XmlNodeList roleNodes = principalUserNode.SelectNodes("role");
foreach (XmlNode roleNode in roleNodes)
{
string roleName = roleNode.Attributes["name"].Value;
if (roleName.ToLower().Equals("limited access"))
{
roleName = "Limited User";
}
SPRoleDefinition role = web.RoleDefinitions[roleName];
roleAssignmentNew.RoleDefinitionBindings.Add(role);
}
roleAssignments.Add(roleAssignmentNew);
output.Append("completed" + Environment.NewLine);
dirty = true;
}
}
catch { output.Append(string.Format("user not found: {0,20} with login: {1,15}" + Environment.NewLine, userName, loginName)); }
}
return(dirty);
}
public IEnumerable <PrincipalInfo> Resolve(SPUser user, IDisposable implicitContext)
{
try {
CommonHelper.ConfirmNotNull(user, "user");
if (!resolvedIdentities.Contains(user.ID))
{
resolvedIdentities.Add(user.ID);
parentPrincipal = user;
if (SPClaimProviderManager.IsEncodedClaim(user.LoginName))
{
SPClaim claim = SPClaimProviderManager.Local.DecodeClaim(user.LoginName);
if (claim.OriginalIssuer == "Windows")
{
if (claim.ClaimType == SPClaimTypes.UserLogonName)
{
PrincipalInfo userInfo = ResolveActiveDirectoryUser(IdentityType.SamAccountName, claim.Value);
if (userInfo != null)
{
return(new[] { userInfo });
}
return(new PrincipalInfo[0]);
}
if (claim.ClaimType == ClaimTypes_GroupSid)
{
return(EnumerateActiveDirectoryGroup(IdentityType.SamAccountName, user.Name));
}
}
if (claim.OriginalIssuer.StartsWith("Forms:"))
{
string providerName = claim.OriginalIssuer.Substring(6);
if (claim.ClaimType == SPClaimTypes.UserLogonName)
{
PrincipalInfo userInfo = ResolveMembershipUser(providerName, claim.Value);
if (userInfo != null)
{
return(new[] { userInfo });
}
return(new PrincipalInfo[0]);
}
if (claim.ClaimType == ClaimTypes_Role)
{
return(EnumerateMembershipUsersInRole(providerName, claim.Value));
}
}
}
if (user.IsDomainGroup)
{
return(EnumerateActiveDirectoryGroup(IdentityType.SamAccountName, user.LoginName));
}
return(EnumerateBySamAccountName(user.LoginName));
}
return(new PrincipalInfo[0]);
} finally {
if (implicitContext != null)
{
implicitContext.Dispose();
}
}
}
private void CheckItems(XmlNode siteNode, string url)
{
using (SPWeb web = new SPSite(url).OpenWeb())
{
XmlNodeList alertNodes = siteNode.SelectNodes("alert[@type='Item']");
foreach (XmlNode alertNode in alertNodes)
{
string alertTitle = alertNode.Attributes["title"].Value;
string listTitle = alertNode.Attributes["list"].Value;
string loginName = alertNode.Attributes["user"].Value;
int itemId = Int32.Parse(alertNode.Attributes["id"].Value);
string itemUrl = alertNode.Attributes["url"].Value;
string objectType = alertNode.Attributes["object"].Value;
output.Append(string.Format("user: {0,20}...", loginName));
try
{
SPList list = web.Lists[listTitle];
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim userClaim = cpm.ConvertIdentifierToClaim(loginName, SPIdentifierTypes.WindowsSamAccountName);
SPUser user = web.EnsureUser(userClaim.ToEncodedString());
string eventType = alertNode.Attributes["event"].Value;
SPEventType spEventType = (SPEventType)Enum.Parse(typeof(SPEventType), eventType);
string eventFrequency = alertNode.Attributes["frequency"].Value;
SPAlertFrequency spAlertFrequency = (SPAlertFrequency)Enum.Parse(typeof(SPAlertFrequency), eventFrequency);
string type = alertNode.Attributes["type"].Value;
SPAlertType spAlertType = (SPAlertType)Enum.Parse(typeof(SPAlertType), type);
SPListItem item = null;
if (list.BaseType == SPBaseType.DocumentLibrary)
{
SPFile file = web.GetFile(itemUrl);
item = file.Item;
}
else
{
item = list.GetItemById(itemId);
}
SPAlert newAlert = user.Alerts.Add();
newAlert.Title = alertTitle;
newAlert.AlertType = spAlertType;
newAlert.Item = item;
newAlert.DeliveryChannels = SPAlertDeliveryChannels.Email;
newAlert.EventType = spEventType;
newAlert.AlertFrequency = spAlertFrequency;
newAlert.Status = SPAlertStatus.On;
newAlert.Update(false);
output.Append(string.Format("Complete" + Environment.NewLine));
}
catch (Exception ex) { output.Append(string.Format("error: {0,20}" + Environment.NewLine, ex.Message)); }
}
}
}
public Credentials GetCredentials(SPUser user)
{
System.Security.Principal.WindowsIdentity winUser = System.Security.Principal.WindowsIdentity.GetCurrent();
if (SPClaimProviderManager.IsClaimsUser())
{
Logger.Default.Error(LogLocation, string.Format("Can't get applications for {0}. You should use Secure Store option for web peb part.", winUser != null ? winUser.Name : null), new ApplicationException("Claim based authentication not supported"));
}
return(service.GetUser(winUser));
}
public static SPUserToken GetToken(string login)
{
SPClaimProviderManager claimProviderManager = SPClaimProviderManager.Local;
SPClaim claim = new SPClaim(SPClaimTypes.UserLogonName, login, "http://www.w3.org/2001/XMLSchema#string", SPOriginalIssuers.Format(SPOriginalIssuerType.Windows));
var userName = claimProviderManager.EncodeClaim(claim);
return(SPContext.Current.Web.EnsureUser(userName).UserToken);
}
/// <summary>
/// Attempts to resolve a given SharePoint Claims Identity string to a sAMAccountName / Windows Login ID.
/// </summary>
/// <param name="userName">String. User Identity Claim string.</param>
/// <returns></returns>
internal static string sAMAccountName(string userName)
{
SPClaimProviderManager mgr = SPClaimProviderManager.Local;
if (mgr != null)
{
string domainUser = mgr.DecodeClaim(userName).Value;
return(domainUser.Substring(domainUser.LastIndexOf('\\') + 1));
}
return("unknown"); // user could not be determined from string.
}
public string getAccountNameForEmail(string email, string indentityProviderName)
{
UPSBrowserLogger.LogDebug(loggingCategory, "getIdentityProviders invoked");
UPSBrowserLogger.LogDebug(loggingCategory, $"email: {email}, indentityProviderName: {indentityProviderName}");
string originalIssuer = SPOriginalIssuers.Format(SPOriginalIssuerType.TrustedProvider, indentityProviderName);
SPClaimProviderManager mgr = SPClaimProviderManager.Local;
SPClaim claim = new SPClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", email, System.Security.Claims.ClaimValueTypes.String, originalIssuer);
string accountName = mgr.EncodeClaim(claim);
return(accountName);
}
public static string DecodeUsername(string username)
{
if (SPClaimProviderManager.IsEncodedClaim(username))
{
return(SPClaimProviderManager.Local.DecodeClaim(username).Value);
}
else
{
return(username);
}
}
protected void Page_Load(object sender, EventArgs e)
{
SPClaimProviderManager clmProvider = SPClaimProviderManager.Local;
if (clmProvider != null)
{
usrname = clmProvider.DecodeClaim(SPContext.Current.Web.CurrentUser.LoginName).Value;
int index = usrname.IndexOf('\\');
usrDomain = usrname.Substring(0, index);
}
inpUserName.Value = usrname.ToString();
}
public static string GetClaims(string account)
{
string userName = null;
SPClaimProviderManager mgr = SPClaimProviderManager.Local;
if (mgr != null)
{
SPClaim claim = new SPClaim(SPClaimTypes.UserLogonName, account, "http://www.w3.org/2001/XMLSchema#string", SPOriginalIssuers.Format(SPOriginalIssuerType.Windows));
userName = mgr.EncodeClaim(claim);
}
return(userName);
;
}
private string getUserId()
{
string userId = string.Empty;
try
{
SPClaimProviderManager mgr = SPClaimProviderManager.Local;
if (mgr != null)
{
userId = mgr.DecodeClaim(SPContext.Current.Web.CurrentUser.LoginName).Value;
}
}
catch (Exception ex) { HandleException(ex); }
return(userId.Substring(userId.IndexOf("\\") + 1));
}
private void CheckLists(XmlNode siteNode, string url)
{
using (SPWeb web = new SPSite(url).OpenWeb())
{
XmlNodeList alertNodes = siteNode.SelectNodes("alert[@type='List']");
foreach (XmlNode alertNode in alertNodes)
{
string alertTitle = alertNode.Attributes["title"].Value;
string listTitle = alertNode.Attributes["list"].Value;
string loginName = alertNode.Attributes["user"].Value;
string objectType = alertNode.Attributes["object"].Value;
bool isFolder = objectType.ToLower().Equals("folder");
if (!isFolder)
{
output.Append(string.Format("user: {0,20}...", loginName));
try
{
SPList list = web.Lists[listTitle];
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim userClaim = cpm.ConvertIdentifierToClaim(loginName, SPIdentifierTypes.WindowsSamAccountName);
SPUser user = web.EnsureUser(userClaim.ToEncodedString());
string eventType = alertNode.Attributes["event"].Value;
SPEventType spEventType = (SPEventType)Enum.Parse(typeof(SPEventType), eventType);
string eventFrequency = alertNode.Attributes["frequency"].Value;
SPAlertFrequency spAlertFrequency = (SPAlertFrequency)Enum.Parse(typeof(SPAlertFrequency), eventFrequency);
string type = alertNode.Attributes["type"].Value;
SPAlertType spAlertType = (SPAlertType)Enum.Parse(typeof(SPAlertType), type);
SPAlert newAlert = user.Alerts.Add();
newAlert.Title = alertTitle;
newAlert.AlertType = spAlertType;
newAlert.List = list;
newAlert.DeliveryChannels = SPAlertDeliveryChannels.Email;
newAlert.EventType = spEventType;
newAlert.AlertFrequency = spAlertFrequency;
newAlert.Status = SPAlertStatus.On;
newAlert.Update(false);
output.Append(string.Format("Complete" + Environment.NewLine));
}
catch (Exception ex) { output.Append(string.Format("error: {0,20}" + Environment.NewLine, ex.Message)); }
}
}
}
}
protected override void CreateChildControls()
{
// return when user is not a forms based user
IClaimsIdentity claimsIdentity = (HttpContext.Current.User != null) ? (HttpContext.Current.User.Identity as IClaimsIdentity) : null;
if (claimsIdentity != null)
{
SPClaimProviderManager mgr = SPClaimProviderManager.Local;
SPClaim sPClaim = mgr.DecodeClaimFromFormsSuffix(claimsIdentity.Name);
if (SPOriginalIssuers.GetIssuerType(sPClaim.OriginalIssuer) == SPOriginalIssuerType.Windows)
{
return;
}
}
string changePasswordPage = "";
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Site.ID, SPContext.Current.Site.Zone))
{
MembershipSettings setting = new MembershipSettings(site.RootWeb);
if (setting == null || string.IsNullOrEmpty(setting.ChangePasswordPage))
{
return;
}
changePasswordPage = setting.ChangePasswordPage;
}
});
// generate return url
string source = SPUtility.OriginalServerRelativeRequestUrl;
string target = Utils.GetAbsoluteURL(SPContext.Current.Web, changePasswordPage);
MenuItemTemplate changePasswordItem = new MenuItemTemplate();
changePasswordItem.Text = LocalizedString.GetString("FBAPackMenus", "FBAChangePassword_Title");
changePasswordItem.Description = LocalizedString.GetString("FBAPackMenus", "FBAChangePassword_Desc");
changePasswordItem.Sequence = 1;
changePasswordItem.ClientOnClickNavigateUrl = target + "?Source=" + SPHttpUtility.UrlKeyValueEncode(source);
this.Controls.Add(changePasswordItem);
}
/// <summary>
/// ReCreateWindowsClaimProvider method implementation
/// </summary>
private void ReCreateWindowsClaimProvider(ProxyClaimsProviderParameters prm)
{
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
try
{
SPClaimProviderDefinition ppva = new SPClaimProviderDefinition("AD", "Windows Claim Provider", "Microsoft.SharePoint, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c", "Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider");
ppva.IsEnabled = true;
ppva.IsVisible = true;
cpm.AddClaimProvider(ppva);
}
finally
{
cpm.Update(true);
}
}
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
ExecBaseFeatureActivated(properties);
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
foreach (SPClaimProviderDefinition cp in cpm.ClaimProviders)
{
if (cp.ClaimProviderType == typeof(NSADFSClaimsProvider))
{
cp.IsUsedByDefault = false;
cpm.Update();
break;
}
}
}
private static SecureStoreServiceClaim GetSSClaim(SPUser user)
{
SPClaim spClaim = null;
var manager = SPClaimProviderManager.Local;
if ((manager != null) && SPClaimProviderManager.IsEncodedClaim(user.LoginName))
{
spClaim = manager.DecodeClaim(user.LoginName);
}
else
{
spClaim = SPClaimProviderManager.CreateUserClaim(user.LoginName, SPOriginalIssuerType.Windows);
}
SecureStoreServiceClaim ssClaim = new SecureStoreServiceClaim(spClaim);
return(ssClaim);
}
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
ExecBaseFeatureActivated(properties);
// Make this custom claims provider enabled but NOT used by default
// https://samlman.wordpress.com/2015/02/28/configuring-a-custom-claims-provider-to-be-used-only-on-select-zones-in-sharepoint-2010/
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
foreach (SPClaimProviderDefinition cp in cpm.ClaimProviders)
{
if (cp.ClaimProviderType == typeof(UPSClaimProvider))
{
cp.IsUsedByDefault = false;
cpm.Update();
break;
}
}
}
private void RemoveAlerts(XmlNode siteNode, string url)
{
using (SPWeb web = new SPSite(url).OpenWeb())
{
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim userClaim = cpm.ConvertIdentifierToClaim("emirates\\s717981", SPIdentifierTypes.WindowsSamAccountName);
SPUser tempUser = web.EnsureUser(userClaim.ToEncodedString());
web.AllowUnsafeUpdates = true;
try
{
SPAlertCollection allAlerts = web.Alerts;
List <Guid> alertsToDelete = new List <Guid>();
foreach (SPAlert spAlert in allAlerts)
{
alertsToDelete.Add(spAlert.ID);
}
Guid [] alerts = alertsToDelete.ToArray();
for (int i = 0; i < alerts.Length; i++)
{
SPAlert alert = allAlerts[alerts[i]];
alert.User = tempUser;
alert.Status = SPAlertStatus.Off;
alert.Update();
}
foreach (Guid alertGuid in alertsToDelete)
{
allAlerts.Delete(alertGuid);
}
web.Update();
}
catch (Exception ex) { Console.WriteLine(ex.Message); }
web.AllowUnsafeUpdates = false;
}
}
private ClaimsContext(SPContext context)
{
SPWebApplication webApplication = context.Site.WebApplication;
foreach (SPAlternateUrl mapping in webApplication.AlternateUrls)
{
SPIisSettings settings = webApplication.GetIisSettingsWithFallback(mapping.UrlZone);
if (settings.UseFormsClaimsAuthenticationProvider)
{
this.FormsMembershipProvider = Membership.Providers[settings.FormsClaimsAuthenticationProvider.MembershipProvider];
this.FormsRoleProvider = Roles.Providers[settings.FormsClaimsAuthenticationProvider.RoleProvider];
break;
}
}
SPUser currentUser = context.Web.CurrentUser;
if (currentUser != null && SPClaimProviderManager.IsEncodedClaim(currentUser.LoginName))
{
SPClaim claim = SPClaimProviderManager.Local.DecodeClaim(currentUser.LoginName);
this.IsWindowsUser = claim.OriginalIssuer == "Windows";
if (claim.OriginalIssuer.StartsWith("Forms:"))
{
if (this.FormsMembershipProvider != null && this.FormsMembershipProvider.Name.Equals(claim.OriginalIssuer.Substring(6), StringComparison.OrdinalIgnoreCase))
{
this.FormsUser = this.FormsMembershipProvider.GetUser(claim.Value, false);
if (this.FormsUser != null)
{
this.IsFormsUser = true;
this.FormsUserId = claim.Value;
this.FormsUserProfile = ProfileBase.Create(this.FormsUser.UserName);
}
}
}
}
this.IsAnonymous = !this.IsFormsUser && !this.IsWindowsUser;
}
protected override void FillResolve(Uri context, string[] entityTypes, SPClaim resolveInput, List <Microsoft.SharePoint.WebControls.PickerEntity> resolved)
{
UPSClaimProviderLogger.LogDebug("FillResolve type2 invoked!");
string outputString;
outputString = $"resolveInput - ";
outputString += $"ClaimType: {resolveInput.ClaimType}; ";
outputString += $"OriginalIssuer: {resolveInput.OriginalIssuer}; ";
outputString += $"Value: {resolveInput.Value}; ";
outputString += $"ValueType: {resolveInput.ValueType}; ";
UPSClaimProviderLogger.LogDebug(outputString);
UPSClaimProviderLogger.LogDebug($"SPTrustedIdentityTokenIssuerName: {SPTrustedIdentityTokenIssuerName}");
if (!resolveInput.OriginalIssuer.ToLower().Contains(SPTrustedIdentityTokenIssuerName.ToLower()))
{
return;
}
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
string accountName = cpm.EncodeClaim(resolveInput);
User foundUser = usersDAL.GetUserByAccountName(accountName);
if (foundUser == null)
{
UPSClaimProviderLogger.LogError($"usersDAL.GetUserByAccountName(accountName) returned null! Error performing the final resolving of the user in FillResolve type2");
return;
}
;
UPSClaimProviderLogger.LogDebug($"foundUser.Email: {foundUser.Email}");
PickerEntity entity = GetPickerEntity(foundUser);
resolved.Add(entity);
UPSClaimProviderLogger.LogDebug($"Added PickerEntity to resolved with Claim - Claim.Value: {entity.Claim.Value}, Claim.ClaimType: {entity.Claim.ClaimType}, Claim.OriginalIssuer: {entity.Claim.OriginalIssuer}");
}
public static void InitializeSiteCollection()
{
#if DEBUG
TestSiteCollUri = new Uri("http://spsites/sites/" + TestContext.Parameters["TestSiteCollectionName"]);
return; // Uncommented when debugging LDAPCP code from unit tests
#endif
logFileListener = new TextWriterTraceListener(TestContext.Parameters["TestLogFileName"]);
Trace.Listeners.Add(logFileListener);
Trace.AutoFlush = true;
Trace.TraceInformation($"{DateTime.Now.ToString("s")} Start integration tests of {ClaimsProviderName} {FileVersionInfo.GetVersionInfo(Assembly.GetAssembly(typeof(ldapcp.LDAPCP)).Location).FileVersion}.");
Trace.WriteLine($"{DateTime.Now.ToString("s")} DataFile_AllAccounts_Search: {DataFile_AllAccounts_Search}");
Trace.WriteLine($"{DateTime.Now.ToString("s")} DataFile_AllAccounts_Validate: {DataFile_AllAccounts_Validate}");
Trace.WriteLine($"{DateTime.Now.ToString("s")} TestSiteCollectionName: {TestContext.Parameters["TestSiteCollectionName"]}");
if (SPTrust == null)
{
Trace.TraceError($"{DateTime.Now.ToString("s")} SPTrust: is null");
}
else
{
Trace.WriteLine($"{DateTime.Now.ToString("s")} SPTrust: {SPTrust.Name}");
}
LDAPCPConfig config = LDAPCPConfig.GetConfiguration(UnitTestsHelper.ClaimsProviderConfigName, UnitTestsHelper.SPTrust.Name);
if (config == null)
{
LDAPCPConfig.CreateConfiguration(ClaimsProviderConstants.CONFIG_ID, ClaimsProviderConstants.CONFIG_NAME, SPTrust.Name);
}
var service = SPFarm.Local.Services.GetValue <SPWebService>(String.Empty);
SPWebApplication wa = service.WebApplications.FirstOrDefault();
if (wa != null)
{
Trace.WriteLine($"{DateTime.Now.ToString("s")} Web application {wa.Name} found.");
SPClaimProviderManager claimMgr = SPClaimProviderManager.Local;
string encodedClaim = claimMgr.EncodeClaim(TrustedGroup);
SPUserInfo userInfo = new SPUserInfo {
LoginName = encodedClaim, Name = TrustedGroupToAdd_ClaimValue
};
// The root site may not exist, but it must be present for tests to run
Uri rootWebAppUri = wa.GetResponseUri(0);
if (!SPSite.Exists(rootWebAppUri))
{
Trace.WriteLine($"{DateTime.Now.ToString("s")} Creating root site collection {rootWebAppUri.AbsoluteUri}...");
SPSite spSite = wa.Sites.Add(rootWebAppUri.AbsoluteUri, "root", "root", 1033, "STS#1", FarmAdmin, String.Empty, String.Empty);
spSite.RootWeb.CreateDefaultAssociatedGroups(FarmAdmin, FarmAdmin, spSite.RootWeb.Title);
SPGroup membersGroup = spSite.RootWeb.AssociatedMemberGroup;
membersGroup.AddUser(userInfo.LoginName, userInfo.Email, userInfo.Name, userInfo.Notes);
spSite.Dispose();
}
if (!Uri.TryCreate(rootWebAppUri, TestSiteRelativePath, out TestSiteCollUri))
{
Trace.TraceError($"{DateTime.Now.ToString("s")} Unable to generate Uri of test site collection from Web application Uri {rootWebAppUri.AbsolutePath} and relative path {TestSiteRelativePath}.");
}
if (!SPSite.Exists(TestSiteCollUri))
{
Trace.WriteLine($"{DateTime.Now.ToString("s")} Creating site collection {TestSiteCollUri.AbsoluteUri}...");
SPSite spSite = wa.Sites.Add(TestSiteCollUri.AbsoluteUri, ClaimsProviderName, ClaimsProviderName, 1033, "STS#1", FarmAdmin, String.Empty, String.Empty);
spSite.RootWeb.CreateDefaultAssociatedGroups(FarmAdmin, FarmAdmin, spSite.RootWeb.Title);
SPGroup membersGroup = spSite.RootWeb.AssociatedMemberGroup;
membersGroup.AddUser(userInfo.LoginName, userInfo.Email, userInfo.Name, userInfo.Notes);
spSite.Dispose();
}
else
{
using (SPSite spSite = new SPSite(TestSiteCollUri.AbsoluteUri))
{
SPGroup membersGroup = spSite.RootWeb.AssociatedMemberGroup;
membersGroup.AddUser(userInfo.LoginName, userInfo.Email, userInfo.Name, userInfo.Notes);
}
}
}
else
{
Trace.TraceError($"{DateTime.Now.ToString("s")} Web application was NOT found.");
}
}
internal static SecureStoreServiceClaim GetSecureStoreClaim(string userName)
{
SPClaim claim = SPClaimProviderManager.CreateUserClaim(userName, SPOriginalIssuerType.ClaimProvider);
return(new SecureStoreServiceClaim(claim));
}
public static string GetEmailFromUser(string userIdentifier)
{
if (string.IsNullOrEmpty(userIdentifier))
{
throw new ApplicationException("[GetEmailFromUser] The input 'userIdentifier' param can not be null or empty ");
}
Regex regex = new Regex(@"^([\w\.\-]+)@([\w\-]+)((\.(\w){2,3})+)$");
Match match = regex.Match(userIdentifier);
if (match.Success)
{
return(userIdentifier);
}
// else check if its claim
var userLogin = string.Empty;
try
{
SPClaimProviderManager mgr = SPClaimProviderManager.Local;
userLogin = mgr.DecodeClaim(userIdentifier).Value;
}
catch (ArgumentException)
{
userLogin = userIdentifier;
}
var rooturl = string.Empty;
if (!SPFarm.Local.Properties.ContainsKey(Constants.KeyRootSiteColl))
{
throw new ApplicationException("Farm is missing Root Site Collection property [" + Constants.KeyRootSiteColl + "]");
}
else
{
rooturl = SPFarm.Local.Properties[Constants.KeyRootSiteColl] as string;
}
SPUser user = null;
using (SPSite site = new SPSite(rooturl))
using (SPWeb web = site.OpenWeb())
{
//web.ValidateFormDigest();
try
{
web.AllowUnsafeUpdates = true;
user = web.EnsureUser(userLogin.ToLower());
}
catch (Exception ex)
{
//TODO log
}
finally
{
web.AllowUnsafeUpdates = false;
}
}
if (user == null)
{
throw new ApplicationException(string.Format("No user with id {0} found", userIdentifier));
}
return(user.Email);
}
private static SecureStoreServiceClaim GetSecureStoreClaim(string userName)
{
var claim = SPClaimProviderManager.CreateUserClaim(userName, SPOriginalIssuerType.Windows);
return(new SecureStoreServiceClaim(claim));
}
