Share-n-dipity

SharePoint serendipity is the effect by which one accidentally discovers something fortunate, especially while looking for something else entirely. In this case, it is the occassional musings, observations, and Ouija board readings about the phabulously

How To Get All Claims Providers Associated with a Web Application in SharePoint 2010

How To Get All Claims Providers Associated with a Web Application in SharePoint 2010

  • Comments 6
  • Likes

I’ve been asked this question a couple times before, which is I want to be able to programmatically find out what claims providers are being used with my web application.  This question is usually asked to mean what SPTrustedIdentityTokenIssuers are being used, but the method I’ll demonstrate will reveal those as well as custom claims providers that are not enabled by default (because if it’s enabled by default then it’s used everywhere).

The first thing to understand is that if you are wondering what’s enabled for a web application, you are thinking about it wrong (and probably why folks have had a hard time finding this info).  Your claims providers are going to be applied at the zone level, not the web application level.  So given a SharePoint Url, how do we figure out this information? 

To start with, get a new SPSite based on the Url in which you are interested:

using (SPSite theSite = new SPSite("http://someUrl"))

{

}

 

Once you have the SPSite object you can get the web application and zone:

//get the web app

SPWebApplication wa = theSite.WebApplication;

 

//get the zone for the site

SPUrlZone theZone = theSite.Zone;

 

With that information, you can get the SPIisSettings for the zone, which is where most of the good stuff resides:

//get the settings associated with the zone

SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);

 

Once I have the zone information, I can get both the authentication providers and claims providers for that zone.  They are found in these two properties:  ClaimsAuthenticationProviders and ClaimsProviders.  Now keep in mind that each ClaimsAuthenticationProvider has only a very small subset of the information that you get when you do something like Get-SPTrustedIdentityTokenIssuers in PowerShell.  If you really want to get the core underlying object, then you need to take your ClaimsAuthenticationProvider and get a SPTrustedLoginProvider from it.  Fortunately that is not too hard either.  Here’s an example where I’m basically querying for a list of SPTrustedLoginProviders using LINQ; note that in this example I’m only interested in the SAML claims providers (A.K.A. SPTrustedIdentityTokenIssuer):

//get the token service manager so we can retrieve the appropriate

//trusted login provider

SPSecurityTokenServiceManager sptMgr = SPSecurityTokenServiceManager.Local;

                                 

//get the list of authentication providers associated with the zone

foreach (SPAuthenticationProvider prov in theSettings.ClaimsAuthenticationProviders)

{

//make sure the provider we're looking at is a SAML claims provider

       if (prov.GetType() == typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider))

       {

              //get the SPTrustedLoginProvider using the DisplayName

              var lp =

                     from SPTrustedLoginProvider spt in

                     sptMgr.TrustedLoginProviders

                     where spt.DisplayName == prov.DisplayName

                     select spt;

 

              //there should only be one match, so retrieve that

              if ((lp != null) && (lp.Count() > 0))

              {

                     //get the login provider

                     SPTrustedLoginProvider loginProv = lp.First();

 

              }

       }

}

 

For completeness, I’ll paste in the entire code block below here.  In this particular scenario I was looking for all the SPTrustedIdentityTokenIssuers associated with a zone and for each one I was creating a string with the name of the provider and the Url to which you would get redirected to authenticate when using that provider.

using (SPSite theSite = new SPSite("http://someUrl"))

{

//get the web app

       SPWebApplication wa = theSite.WebApplication;

 

       //get the zone for the site

       SPUrlZone theZone = theSite.Zone;

 

       //get the settings associated with the zone

       SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);

 

       //if this isn't a claims auth site then bail out

       if (!theSettings.UseTrustedClaimsAuthenticationProvider)

       {

              MessageBox.Show("This is not a SAML claims auth site");

              return;

       }

                                 

       //clear the list of providers out

       ProviderLst.Items.Clear();

 

       //get the token service manager so we can retrieve the appropriate

       //trusted login provider

       SPSecurityTokenServiceManager sptMgr = SPSecurityTokenServiceManager.Local;

                                 

       //get the list of authentication providers associated with the zone

       foreach (SPAuthenticationProvider prov in

              theSettings.ClaimsAuthenticationProviders)

       {

              //make sure the provider we're looking at is a SAML claims provider

              if (prov.GetType() ==

       typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider))

              {

                     //get the SPTrustedLoginProvider using the DisplayName

                     var lp =

                           from SPTrustedLoginProvider spt in

                           sptMgr.TrustedLoginProviders

                           where spt.DisplayName == prov.DisplayName

                           select spt;

 

                     //there should only be one match, so retrieve that

                     if ((lp != null) && (lp.Count() > 0))

                     {

                           //get the login provider

                           SPTrustedLoginProvider loginProv = lp.First();

 

                           //get the login info

                           string provInfo = prov.DisplayName + " - " +

                                  loginProv.ProviderUri.ToString();

 

                           //add the login info to the list

                           ProviderLst.Items.Add(provInfo);

                     }

              }

       }

}

 

Attachment: How To Get All Claims Providers Associated with a Web Application in SharePoint 2010.docx
Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment