In an effort to understand how you might exploit the SSO for your own custom development in Sharepoint (MOSS) I wrote a Web Part to enumerate SSO Applications and Credentials, as shown below.
The code for the web part is quite simple, as is the SSO SDK itself (at least as an SSO consumer).
using System; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; using System.Web.UI; using Microsoft.SharePoint; using Microsoft.SharePoint.Portal.SingleSignon; namespace Sharepoint.WebParts { [Guid("45c8266e-6a1b-4223-97fa-5cc3e65c5629")] public class SSOInfoViewWebPart : System.Web.UI.WebControls.WebParts.WebPart { private static string ConvertSecureStringToString(System.Security.SecureString pValue) { IntPtr lValuePointer = IntPtr.Zero; string lValueAsString; try { lValuePointer = Marshal.SecureStringToBSTR(pValue); lValueAsString = Marshal.PtrToStringBSTR(lValuePointer); } catch (Exception ex) { lValueAsString = ex.Message; } finally { if (lValuePointer != IntPtr.Zero) Marshal.ZeroFreeBSTR(lValuePointer); } return lValueAsString; } protected override void CreateChildControls() { base.CreateChildControls(); ISsoProvider ssoProvider = SsoProviderFactory.GetSsoProvider(); var listOfEAD = ssoProvider.GetApplicationDefinitions(); var sb = new StringBuilder(); var ssoPI = ssoProvider.GetSsoProviderInfo(); sb.Append(" <tr> <td><b>SSO Provider:</td> "); sb.Append(" <td>Vendor:</td> "); sb.AppendFormat(" <td>{0}</td> </tr> ", ssoPI.Vendor); sb.Append(" <tr> <td> </td> "); sb.Append(" <td>Version:</td> "); sb.AppendFormat(" <td>{0}</td> </tr> ", ssoPI.Version); sb.Append(" <tr> <td> </td> "); sb.Append(" <td>Assembly:</td> "); sb.AppendFormat(" <td>{0}</td> </tr> ", ssoPI.AssemblyName); var wi = WindowsIdentity.GetCurrent(true); if (wi != null) { var wic = WindowsIdentity.Impersonate(IntPtr.Zero); sb.Append(" <tr> <td><b>Process Identity:</td> "); sb.AppendFormat(" <td>{0}</td> <td>({1}, {2}{3}{4}{5}{6})</td> </tr> ", WindowsIdentity.GetCurrent().Name, WindowsIdentity.GetCurrent().AuthenticationType, WindowsIdentity.GetCurrent().ImpersonationLevel, WindowsIdentity.GetCurrent().IsAnonymous ? ", Anonymous" : "", WindowsIdentity.GetCurrent().IsAuthenticated ? ", Authenticated" : "", WindowsIdentity.GetCurrent().IsGuest ? ", Guest" : "", WindowsIdentity.GetCurrent().IsSystem ? ", System" : ""); wic.Undo(); } sb.AppendFormat(" <tr> <td><b>{0} Identity:</td> ", wi != null ? "Thread" : "Process"); sb.AppendFormat(" <td>{0}</td> <td>({1}, {2}{3}{4}{5}{6})</td> </tr> ", WindowsIdentity.GetCurrent().Name, WindowsIdentity.GetCurrent().AuthenticationType, WindowsIdentity.GetCurrent().ImpersonationLevel, WindowsIdentity.GetCurrent().IsAnonymous ? ", Anonymous" : "", WindowsIdentity.GetCurrent().IsAuthenticated ? ", Authenticated" : "", WindowsIdentity.GetCurrent().IsGuest ? ", Guest" : "", WindowsIdentity.GetCurrent().IsSystem ? ", System" : ""); sb.Append(" <tr> <td><b>ASP.NET Identity:</td> "); sb.AppendFormat(" <td>{0}</td> <td>({1}{2})</td> </tr> ", Context.User.Identity.Name, Context.User.Identity.AuthenticationType, Context.User.Identity.IsAuthenticated ? ", Authenticated" : ""); sb.Append(" <tr> <td><b>Sharepoint Identity:</td> "); sb.AppendFormat(" <td>{0}</td> <td>(ID:{1}, {2}{3}{4}{5})</td> </tr> ", SPContext.Current.Web.CurrentUser.Name, SPContext.Current.Web.CurrentUser.ID, SPContext.Current.Web.CurrentUser.LoginName, SPContext.Current.Web.CurrentUser.IsSiteAdmin ? ", SiteAdmin" : "", SPContext.Current.Web.CurrentUser.IsDomainGroup ? ", DomainGroup" : "", SPContext.Current.Web.CurrentUser.IsSiteAuditor ? ", SiteAuditor" : ""); sb.Append(" <tr> <td><b>SSO User:</b></td> <td>"); try { sb.AppendFormat("{0}", ssoProvider.GetCurrentUser()); } catch (Exception ex) { sb.AppendFormat("<i>n/a ({0})</i>", ex.Message); } sb.Append("</td> </tr> "); sb.AppendFormat( " <tr> <td><b>SSO Enterprise Application Definitions</b></td> </tr> "); foreach (var ead in listOfEAD) { string credManUrl = "#"; if (ead.Type == Application.ApplicationType.Individual || ead.Type == Application.ApplicationType.IndividualWindows) credManUrl = ssoProvider.GetCredentialManagementURL(ead.ApplicationName).ToString(); sb.Append(" <tr>"); sb.AppendFormat(" <td><b><a>{0}</a></b></td> ", ead.ApplicationName, credManUrl); sb.Append(" <td>Display Name: </td> "); sb.AppendFormat(" <td>{0}</td> ", ead.ApplicationFriendlyName); sb.Append("</tr> "); sb.Append(" <tr> <td> </td> "); sb.AppendFormat(" <td>Type:</td> <td>{0}</td> ", ead.Type); sb.Append("</tr> "); sb.Append(" <tr> <td> </td> "); sb.Append(" <td>Fields:</td> <td> </td> "); sb.Append("</tr> "); sb.Append(" <tr> <td> </td> "); sb.Append(" <td>"); sb.Append(" <div>"); var listOfEadFields = ssoProvider.GetApplicationFields(ead.ApplicationName); var listOfCreds = ssoProvider.GetCredentials(ead.ApplicationName); // sb.AppendFormat("\"UserName\" = {0} ", ConvertSecureStringToString(listOfCreds.UserName)); // sb.AppendFormat("\"Password\" = {0} ", ConvertSecureStringToString(listOfCreds.Password)); for (int idx = 0; idx < listOfEadFields.Length; idx++) { var eadField = listOfEadFields[idx]; string ssoEvidence = ConvertSecureStringToString(listOfCreds.Evidence[idx]); sb.AppendFormat("{0} ({1}) = {2} ", eadField.Field, eadField.Mask ? "Masked" : "Unmasked", ssoEvidence); } sb.Append("</div> "); sb.Append("</td> </tr> "); } Controls.Add(new LiteralControl(" <table>")); Controls.Add(new LiteralControl(sb.ToString())); Controls.Add(new LiteralControl("</table> ")); } } }
Published by