Connecting to SharePoint with Claims Authentication

Posted by Unknown on Wednesday, January 12, 2011

In a nutshell, the process of connecting to SharePoint happens like this; Make a request, re-direct to an STS for login, post token from login to SharePoint’s STS (‘_trust’ site), post token from SharePoint’s STS to SharePoint, and then capture and store the ‘FedAuth’ cookie generated by the site. Then and only then, can you start accessing the data from the site by providing the ‘FedAuth’ cookie. The diagram below outlines the process in a slightly more detail…




The new SharePoint Client objects accessing SharePoint and most of its information much easier than before. Unfortunately; they are new, and new things have very little support. Fortunately, this fact didn’t keep us from long hours with Microsoft Tech Support (naturally calling me back right as I was about to walk out the door).


Now on to the good stuff…


The primary component of using the SharePoint Client objects is the ClientContext class. This class manages all of the interaction with your application and the SharePoint site. You tell the ClientContext what you want it to do and then tell it to execute. All-in-all, it makes the code much cleaner when pulling information from SharePoint.



Instead of muddying up my code, I decided to extend the ClientContext class and make it able to connect to a Claims-based site on its own. The key to extending the class, was in utilizing the ‘ExecutingWebRequest’ event. Here is where I was able to do all of my work and setup the connection with SharePoint.


But; before I continue, one warning. This is beta code and should be used at your own risk. I currently only having it working by retrieving authentication by impersonating the local context. So, it will not pass on any Claims Based credentials if used from a website (Windows Identity Foundation).


If anyone reading this can figure out a clean way to pass on the user’s token, please let me know. Thanks!
view source
print?
001 using System;
002 using System.Linq;
003 using System.Net;
004 using System.Net.Security;
005 using System.Security.Principal;
006 using System.ServiceModel;
007 using System.ServiceModel.Channels;
008 using System.Text;
009 using System.Web;
010 using System.Xml;
011 using Microsoft.IdentityModel.Protocols.WSTrust;
012 using Microsoft.SharePoint.Client;
013
014 namespace SharePointLibraries
015 {
016 public class ClaimsClientContext : ClientContext
017 {
018 // store this info at the class level for access by the ExecutingWebRequest event
019 private string SharePointRootUrl
020 {
021 get
022 {
023 // return (new Uri(_sharePointSiteUrl)).GetComponents(UriComponents.Scheme | UriComponents.Host, UriFormat.SafeUnescaped).ToString();
024 var siteUri = (new Uri(_sharePointSiteUrl));
025 return string.Format("{0}://{1}/", siteUri.Scheme, siteUri.Host);
026 }
027 }
028 private string _sharePointSiteUrl;
029 private string SharePointSiteUrl
030 {
031 get { return _sharePointSiteUrl.EndsWith("/") ? _sharePointSiteUrl : _sharePointSiteUrl + "/"; }
032 set { _sharePointSiteUrl = value; }
033 }
034 public string SharePointSiteRealm { get; set; }
035 private string _loginStsUrl;
036 private string LoginStsUrl
037 {
038 get { return _loginStsUrl.EndsWith("/") ? _loginStsUrl : _loginStsUrl + "/"; }
039 set { _loginStsUrl = value; }
040 }
041
042 // store the Saml token so that it can be used by successive requests
043 private static string IssuedSamlToken { get; set; }
044 private static DateTime IssuedSamlTokenExpireDate { get; set; }
045
046 ///
047 /// Public constructor for all three being strings
048 ///

049 ///
050 ///
051 ///
052 public ClaimsClientContext(string sharePointSiteUrl, string sharePointSiteRealm, string loginStsUrl)
053 : base(sharePointSiteUrl)
054 {
055 if (sharePointSiteUrl == null) throw new ArgumentNullException("sharePointSiteUrl");
056 if (sharePointSiteRealm == null) throw new ArgumentNullException("sharePointSiteRealm");
057 if (loginStsUrl == null) throw new ArgumentNullException("loginStsUrl");
058
059 // save the settings
060 SharePointSiteUrl = sharePointSiteUrl;
061 SharePointSiteRealm = sharePointSiteRealm;
062 LoginStsUrl = loginStsUrl;
063
064 // specify the default credentials to use
065 Credentials = CredentialCache.DefaultCredentials;
066
067 // add a handler for the ExecutingWebReques event to provide the SAML token
068 // this.ExecutingWebRequest += new EventHandler(ClientContext_ExecutingWebRequest);
069 ExecutingWebRequest += ClientContext_ExecutingWebRequest;
070 }
071
072 ///
073 /// Public constructor for Site Url being a Uri
074 ///

075 ///
076 ///
077 ///
078 public ClaimsClientContext(Uri sharePointSiteUrl, string sharePointSiteRealm, string loginStsUrl)
079 : base(sharePointSiteUrl)
080 {
081 if (sharePointSiteUrl == null) throw new ArgumentNullException("sharePointSiteUrl");
082 if (sharePointSiteRealm == null) throw new ArgumentNullException("sharePointSiteRealm");
083 if (loginStsUrl == null) throw new ArgumentNullException("loginStsUrl");
084
085 // save the settings
086 SharePointSiteUrl = sharePointSiteUrl.ToString();
087 SharePointSiteRealm = sharePointSiteRealm;
088 LoginStsUrl = loginStsUrl;
089
090 // specify the default credentials to use
091 Credentials = CredentialCache.DefaultCredentials;
092
093 // add a handler for the ExecutingWebReques event to provide the SAML token
094 ExecutingWebRequest += ClientContext_ExecutingWebRequest;
095 }

More Here


Courtesy:http://fredericloud.com/2011/01/11/connecting-to-sharepoint-with-claims-authentication/

{ 0 comments... read them below or add one }

Post a Comment