Wednesday, April 9, 2014

Convert claims based login name in SharePoint

In SharePoint 2010 and 2013 we have classic mode authentication as well as claims based authentication. In a classic mode scenario, if we get LoginName using SPUser object it would result something like “Domain\LoginName”

But if the web application is configured with claims based authentication it will provide us something like “i:0#.w|Domain\LoginName”.

Let’s say we don’t need the prefix (e.g: i:0#.w ) and require only the valid login name portion (in this case Domain\LoginName). How do we get it ? Will something like below work ?
   1: var user = @"i:0#.w|dev\john";
   2: var encodedUser = user.Split('|')[1];
OK. it will work, but for this scenario only.

This is because that claims based environment is highly scalable where you can plug so many authentication providers. If you plug another authentication provider instead of windows authentication you may get different forms of encoded strings. Let’s assume you have federated authentication using email as login you would get something like below for LoginName
   1: i:05.t|Azure|myemail@gmail.com
You can see that string operations (e.g:split) we’ve used in above code will not work for this scenario. Furthermore there are so many other claim representations as well for other providers. You can get a complete list by referring this post from Wictor Wilen’s blog.

What is the recommended way to decode claims encoded string. We can get the help from “SPClaimProviderManager” class. Following code will decode claims string.
   1: private string GetLoggingName(string name)
   2: {
   3:     var manager = SPClaimProviderManager.Local;
   4:     if (manager != null){
   5:         return SPClaimProviderManager.IsEncodedClaim(name) ? manager.DecodeClaim(name).Value : name;
   6:     }
   7:     return name;
   8: }
It’s better to avoid string operations to decode/encode claims as we don’t know what providers will be plugged or unplugged in our claims environment future.

No comments: