Secure Store service App

First, the user credential entry

You can use the system default page (http:/<samplesite>/_layouts/securestoresetcredentials.aspx? targetappid=<targetapplicationid>) is used for user credential entry, and user credentials can be created and updated using a custom page. The following code is used to update (create) the specific target application credentials for the current user:

 public static void SetCredentials (String appId, string[] userInfo) {list<securestorecredential>            creds = new list<securestorecredential> (); Securestorecredential name = new Securestorecredential (tosecurestring (userinfo[0]),            Securestorecredentialtype.windowsusername); securestorecredential pwd = new Securestorecredential (tosecurestring (userinfo[1]),            Securestorecredentialtype.windowspassword); Securestorecredential EmailAddress = new Securestorecredential (tosecurestring (userinfo[2]),            Securestorecredentialtype.generic); Creds.            ADD (name); Creds.            ADD (PWD); Creds.            ADD (EmailAddress); Securestorecredentialcollection credes = new Securestorecredentialcollection (creds.            ToArray ());            SecureStoreServiceProxy Proxyss = new SecureStoreServiceProxy ();            SPSite site = null;            SPWeb web = null;       Spsecurity.runwithelevatedprivileges (Delegate () {           site = SPContext.Current.Site;              web = SPContext.Current.Web;            }); Site.            Allowunsafeupdates = true; Web.            Allowunsafeupdates = true;            Spservicecontext context = Spservicecontext.getcontext (site);            Isecurestore store = proxyss.getsecurestore (context); Store.            SetCredentials (AppId, credes); Web.            Allowunsafeupdates = false; Site.        Allowunsafeupdates = false; }

Parameter description:
AppID: The target Application ID, which is the new "FirstID" in the above steps;

UserInfo: A list of user information obtained from the page;

Method Description:

1. Create a field instance (note: the instance name is not associated with the actual target Application field name, as long as the order pair is available, of course the type is consistent)

Securestorecredential name = new Securestorecredential (tosecurestring (userinfo[0]), Securestorecredentialtype.windowsusername);

The above statement is to create a credential field corresponding to "Windows user name" in FirstID, which contains a 2 parameter constructor (field value, field type);

2. Create Secure Store service agent to get the current SharePoint Secure Store service context

3, for site,web elevation of authority

Spsecurity.runwithelevatedprivileges (Delegate ()
{
site = SPContext.Current.Site;
web = SPContext.Current.Web;
});
4. Use Isecurestore's SetCredentials method to update (create) user credentials.

5, finally, will notice that there is a tosecurestring method, which is to secure the string encoding, the code is:

public static System.Security.SecureString tosecurestring (string s)        {            System.Security.SecureString secureString = new System.Security.SecureString ();            foreach (Char character in s)            {                Securestring.appendchar (character);            }            return secureString;        }

With the code above, you can configure the user's credentials for the target application.

Second, obtain the user credential information according to the current user

After the user credentials are entered using the method above, the next step is to obtain the user credentials using the Secure Store service.

In the blog where Exchange mailboxes are operated using EMSMANAGEDAPI, one step is to require the user's account number and password. In addition, the above in the process of creating the target application, add a column of EmailAddress, so that we can use the EWS Managed API Autodiscoverurl method, without needing to know the specific mail Server service address, the code can be changed to:

Original code:        service. Credentials = new Webcredentials (creds);            Service. URL = new Uri ("https://server address/ews/exchange.asmx");            Service. PreAuthenticate = true;

After modification:        service. Credentials = new Webcredentials (creds);            Service. Autodiscoverurl (EmailAddress);            Service. PreAuthenticate = true;

Above is a bit of optimization of the previous application, if interested, you can go to see the previous blog. The next step is how to obtain an instance of the user credential.

The Secure Store service does not need to specify the user and will get the current logged-in user directly based on the current context, and here's how to get a list of user information:

Public list<string> getusercredentialcollection (string appId, Spservicecontext currentcontext)//appid is the SSS            ' ID {list<string> credentiallist = new list<string> ();            Securestoreprovider prov = new Securestoreprovider ();            Spservicecontext context = CurrentContext; Prov. context = context; The current context information in order to find the current logged in user try {securestorecredentialcollection cc = Prov from the context.                Getcredentials (APPID); for (int i = 0; i < cc. Count;                    i++) {isecurestorecredential c = cc[i];                    IntPtr ptr = System.Runtime.InteropServices.Marshal.SecureStringToBSTR (c.credential);                    String sdecrypstring = System.Runtime.InteropServices.Marshal.PtrToStringUni (PTR);                Credentiallist.add (sdecrypstring);        }} catch {} return credentiallist; }

In fact, the most important is the method in the for loop, according to the target Application ID, get the user credential collection, traverse the user credential field and put in the list, then can be based on personal needs to take advantage of this information.

The application of Secure Store service is basically over here, and overall secure store service has its pros and cons, and may not be the best choice for users with high security requirements. However, the Secure Store service is flexible enough to store multiple application credentials for users and is well-compatible with multiple system integrations. Interested friends, can discuss together, this blog will be written here first.

Secure Store service App