Code Snippet: Get User Credentials Using the Default Secure Store Provider
中演示了如何获取当前用户的凭证信息,其中提到当GetCredentials获取不到值会抛异常SecureStoreServiceException,这个异常相当强大,不仅出现在ULS中,在Windows日志中也会出现Event 7493事件;
using (SecureStoreCredentialCollection creds = provider.GetCredentials(appId)) { // Secure Store Service will not return null. It may throw a SecureStoreServiceException, // but this may not be true for other providers.
================================================================================
Microsoft Secure Store Service 应用程序 Secure Store Service 无法检索凭据。返回的错误为“在目标应用程序“eam_79”中找不到当前用户的凭据。请为当前用户设置凭据。”。有关详细信息,请参阅 Microsoft SharePoint 产品和技术软件开发工具包(SDK)。
===============================================================
因此避免无凭证用户去请求变的很重要,解决的思路是直接查询SSS的数据库表[SSSCredentials],将ApplicationID与[IdentityClaimValueHash]字段匹配,如果返回值大于0就说明该用户在SSS中是有该Application的凭证的;其中IdentityClaimValueHash字段是通过Hash256加密的;
下面是关键代码:
1.获取用户的IdentityClaimValueHash
2.获取SSS的数据库ConnecetionString
/// <summary>
/// 获取单点登录数据库连接字符串
/// </summary>
/// <returns></returns>
public static string GetSSSDataBaseStr()
{
string dbconstr = "";
bool islocalservice = false;
foreach (SPServiceApplicationProxy pro in SPContext.Current.Site.WebApplication.ServiceApplicationProxyGroup.DefaultProxies)
{
string s = pro.GetType().ToString();
if (s == "Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy")
{
SPIisWebServiceApplicationProxy iispro = (SPIisWebServiceApplicationProxy)pro;
Uri endpoint = iispro.ServiceEndpointUri;
SecureStoreService svc = SPFarm.Local.Services.GetValue<SecureStoreService>();
foreach (SecureStoreServiceApplication app in svc.Applications)
{
//SecureStoreServiceDatabase db=app.GetPrivateProperty<SecureStoreServiceDatabase>("Database");
string svid1 = app.Id.ToString();
if (!islocalservice)
{
//ServiceEndpointUri {urn:schemas-microsoft-com:sharepoint:service:510a8bf612714e58a3077f0a1f09ac1d#authority=urn:uuid:3ff1d34f9e994f939ebee8df59ff77b5&authority=https://irene2010rtm:32844/Topology/topology.svc}
islocalservice = endpoint.AbsolutePath.ToLower().EndsWith(svid1.ToLower().Replace("-", ""));
if (islocalservice)
{
Type objectType = app.GetType();
BindingFlags flag = BindingFlags.Instance | BindingFlags.NonPublic;
PropertyInfo WS = objectType.GetProperty("Database", flag);
SecureStoreServiceDatabase db3 = (SecureStoreServiceDatabase)WS.GetValue(app, null);
//writer.WriteLine(db3.Name + ":" + db3.DatabaseConnectionString);
dbconstr=db3.DatabaseConnectionString;
break;
}
}
}
}
}
return dbconstr;
}
以下代码作废
1: SPFarm farm = SPFarm.Local;
2: if (null == farm)
3: {
4: throw new InvalidProgramException("SP Farm Local Not Found");
5: }
6: SecureStoreService service = farm.Services.GetValue<SecureStoreService>();
7: if (null == service)
8: {
9: throw new InvalidProgramException("Proxy Creattion Failed Error");
10: }
11: SPServiceApplication application = service.Applications.ToList().SingleOrDefault();
12: if (application is SecureStoreServiceApplication)
13: {
14: SecureStoreServiceApplication secureStoreServiceApplication = application as SecureStoreServiceApplication;
15: string strconn=((Microsoft.SharePoint.Administration.SPDatabase)(secureStoreServiceApplication.Database)).ConnectionString;
16:
17: Console.WriteLine(strconn);
18: }
select a.ApplicationName,b.IdentityClaimValueHash
from SSSApplication a,SSSCredentials b where a.ApplicationId=b.ApplicationId and a.ApplicationName='" + appName.Trim()+ "' and b.IdentityClaimValueHash=@binaryValue