Click here to Skip to main content
Click here to Skip to main content

Tagged as

(untagged)
Go to top

Deploy SharePoint 2010 Feature Claims based Authorization using VS 2010

, 20 Jul 2010
Rate this:
Please Sign up or sign in to vote.
With Visual Studio 2010, you can have a provision to deploy multiple SharePoint 2010 features. VS 2010 provides following project templates for SharePoint 2010.1. Empty SharePoint Project - To deploy Site collections, custom Web parts etc2. Visual Web Part - Project to deploy individual Web...
With Visual Studio 2010, you can have a provision to deploy multiple SharePoint 2010 features. VS 2010 provides following project templates for SharePoint 2010.
  1. Empty SharePoint Project - To deploy Site collections, custom Web parts etc
  2. Visual Web Part - Project to deploy individual Web part to the Site
  3. Site Definition - To create site definition template with default themes, format, master page layouts etc.
  4. Import SharePoint Solution Package - This provides you the Sand Box solution to import WSP and publish it.
  5. Sequential Workflow - To create and publish WWF custom workflow to SharePoint Workflow
  6. Business Data Connectivity Model - For integration BDC(Business Data catalog ) features. It will be used for integration with multiple systems
  7. Event Receiver - This project can be used for Alerts and notification
  8. List Definition - To create and publish SharePoint list
  9. Many more…
Last but not the least very powerful feature is WSP builder.
With the SharePoint groups we realize that one SharePoint group (Like “Contributor”) will have limitations to handle 15,000 + users. Transactions and access to the SharePoint sites will highly impact in terms of low performance for handling more users. Some time it crashes. If we manage this using AD groups, this limitations can be avoided. However still does it make sense to create so many roles in AD and provide transactions to the AD group? I am sure it is not.
With SharePoint there are three ways to handle roles:
  1. SharePoint Groups
  2. AD Groups
  3. Claim based authorization
SharePoint’s security boundaries are of four ways –
  1. Individual User: From any system perspective, giving individual permissions is not feasible, considering the amount of users it has.
  2. SharePoint Group
  3. Active Directory (AD) Group.
  4. Claim based Authorization
Claim based authorization: This feature is really new and it is more flexible to use. In your organization if roles are handled differently then claims can be created for those roles and login user (Windows or form based) can get access to the sites, sources based on this claims. Further at the SharePoint items level, folder level, Web parts level permission can be assigned based on this role.
There all real time business scenarios which can be handled using Claim based authorization.
  1. Providing role based access to different systems in an organization based on claims.
  2. Providing role based access to the Services if you have SOA enabled architecture
  3. Syncing between multiple ((like CRM, Task Management, PeopleSoft, SAP etc) role based system in an organization. In any system with different groups and hierarchy.
SharePoint 2010 claims:
SharePoint Claims can be created by writing custom claim provider to create claims for all roles defined in different system and provide access to the Site based on this claims. Existing restricted Roles can be migrated to Claims in SharePoint i.e. only those roles which are really required by SharePoint UI.
Claims provider in SharePoint 2010 is can be used for to do claims augmentation (adding more attributes to claims) and to provide name resolution.
Picture here :
Implementation steps for claims in SharePoint 2010
You need to perform following implementation activities to provide claims in SharePoint.
  1. Create Claim provider
  2. Consumed services in claims (if claims are required to be fetched from different systems).
  3. Populate claims inside SP People Picker
  4. At Web application given permissions depends on claims
Objective Create Provider class for generating claims
Design
  • Create custom class that inherits from SPClaimProvider class.
  • To add claim in SharePoint for login user, need to implement FillClaimsForEntity method, this method will consume the RHMS service and retrieve roles and this roles acts as claim in SharePoint.
  • To Populates all the claims in People picker, need to implements FillSearch method, this method fetch all the roles from RHMS and show in people picker depend on search criteria.
  • To resolve all the claims in People piker, need to implements FillResolve method, this method fetch all the roles from RHMS and show in people picker depend on search criteria.
  • Link for claim based implementation http://myspserver:8587/sites/CRM/Pages/HRWorkspace2.aspx
Custom Claim provider Class Diagram:

Follow below steps to create your own custom provider:
  1. Create new project as class library and add references of “Microsoft.Identitymodel”, “Microsoft.SharePoint” and “Microsoft.SharePoint.Security” dlls.
  2. Create custom class that inherit from SPClaimProvider class, and override all the required methods.
    [SharePointPermission(System.Security.Permissions.SecurityAction.Demand,ObjectModel=true)]
    [SharePointPermission(System.Security.Permissions.SecurityAction.LinkDemand,ObjectModel=true)]
    public class CustomRoleClaimProvider : SPClaimProvider
    {
    }
    
    • Register DLL in GAC.
    • Create console application to deploy the custom claim provider on the SP farm. This application will used below class to deploy custom claim provider.
SPClaimProviderManager and SPClaimProviderDefinition
  1. Then Create claim based application, then try to add permission from people picker, Will get all claim return from the custom claim provider. Example: Give permission for specific web part in web part gallery, Add claim in the users using people picker, then this web part will visible to only those user having added claim.
Challenges : Converting exiting Classic mode Web App to the Claim based Web App
For sample code refer link http://blogs.technet.com/speschka/archive/2010/03/13/writing-a-custom-claims-provider-for-sharepoint-2010-part-1.aspx [^]

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Member 879724
Architect Cognizant
India India
10+ years of IT Design and development experience in Skills like ASP.NET, SharePoint 2007/2010, SQL server. As a part of Role I do architecture design, patterns design for different architectures in project. Recently I implemented SOA based architecture for SharePoint and PeopleSoft Apps integration.
 
My core strength is SharePoint. I also worked on SQL Server BI(SSRS,SSAS,SSIS).

Comments and Discussions

 
GeneralReason for my vote of 2 Better to have images PinmemberMohammad Siddiqali1-Aug-11 18:49 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140921.1 | Last Updated 20 Jul 2010
Article Copyright 2010 by Member 879724
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid