Creating Secure Store Application and Retrieving Credentials From the Secure Store Application

Rutika Banode
Sep 16, 2014

18.1k
0
3
- facebook
- twitter
- linkedIn
- Reddit
- WhatsApp
- Email
- Print
- Other Artcile

A Secure store application is used to store credentials for fetching data from an external system.

For example If we want to fetch data from a web service into a SharePoint project and credentials are required to access the web service then instead of hard-coding the credentials in the SharePoint project we can securely store the credentials in a secure store application.

How to store credentials in a secure store application

Go to the Central Administration site.
Click on Manage Service Applications under the Application Management group.
Click on Secure Store application.
Create a new Target Application to store the user credentials. Click on the New button in the ribbon.
It will open a Create New Secure Store Application page. Specify the following details:

Application Id: Secure Store Application ID that will be unique to access to your credentials.
Display Name: Display Name of the application.
Contact Email: Valid Email address

Target Application Type: group
Click on "Next".
In the next page specify the credential fields for your secure store application.

For example Field Name Field Type Marked

UserName Windows User Name No

Password Windows Password Yes
Click on "Next". In next page specify the Target Application’s membership settings:
Configure the Target Application Administrators who will have permissions to manage the Target application settings.

Configure the members that will access this application and retrieve the credentials to connect with the external system.
Click on Ok. It will save the Target Applications Settings.
Now select the Target Application Id and in the ribbon click on the Set button in the Credentials group.
It will open a Set Credentials for Secure Store Target Application dialog. Specify the Username and Password for the Windows domain user account that you want to use.
Click on Ok. It will save the credentials. The Target Secure Store application has been successfully created.

How to access these credentials from Secure Store Application

Open a Visual Studio and create a New Empty SharePoint Project.
Create it as a Farm Solution.
Add the references of following DLLs:
Microsoft.BusinessData.dll
Microsoft.Office.SecureStoreService.dll
Add the following using statements:
1. using Microsoft.SharePoint.Administration;
2. using Microsoft.BusinessData.Infrastructure.SecureStore;
3. using System.Diagnostics;
4. using System.Security;
5. using System.Runtime.InteropServices;
Add a class with the name Credentials as follows:
1. public class Credentials
2. {
3. private string _userName;
4. public string UserName
5. {
6. get { return _userName; }
7. set { _userName = value; }
8. }
10. private string _password;
11. public string Password
12. {
13. get { return _password; }
14. set { _password = value; }
15. }
17. public Credentials(string username, string password)
18. {
19. _userName = username;
20. _password = password;
21. }
23. /// <summary>
24. /// Retrieve credential information of a given Secure Store Target Application Id from the Secure Store.
25. /// </summary>
26. /// <param name="strTargetAppID"></param>
27. /// <returns>Credentials Object</returns>
28. public static Credentials GetCredentials(string strTargetAppID)
29. {
30. Credentials objUserCredentials = null;
31. SPSecurity.RunWithElevatedPrivileges(delegate()
32. {
34. // Get the default Secure Store Service provider.
35. ISecureStoreProvider objSecureStoreProvider = SecureStoreProviderFactory.Create();
36. if (objSecureStoreProvider == null)
37. {
38. //Throw an InvalidOperationException exception
39. throw new InvalidOperationException("Unable to get an ISecureStoreProvider");
40. }
43. ISecureStoreServiceContext objProviderContext = objSecureStoreProvider as ISecureStoreServiceContext;
44. objProviderContext.Context = SPServiceContext.GetContext(GetCentralAdminSite());
46. // variables to hold the credentials.
47. string sUserName = string.Empty;
48. string sPassword = string.Empty;
50. // Specify a valid target application ID for the Secure Store.
51. string sApplId = strTargetAppID;
53. try
54. {
55. //looking for the first user name, password credentials in the collection.
56. using (SecureStoreCredentialCollection objSecureStoreCredentials = objSecureStoreProvider.GetCredentials(sApplId))
57. {
59. Debug.Assert(objSecureStoreCredentials != null);
61. if (objSecureStoreCredentials != null)
62. {
63. foreach (SecureStoreCredential cred in objSecureStoreCredentials)
64. {
65. if (cred == null)
66. {
68. continue;
69. }
71. switch (cred.CredentialType)
72. {
73. case SecureStoreCredentialType.WindowsUserName:
74. if (string.IsNullOrEmpty(sUserName))
75. {
76. sUserName = GetStringFromSecureString(cred.Credential);
77. }
78. break;
80. case SecureStoreCredentialType.WindowsPassword:
81. if (string.IsNullOrEmpty(sPassword))
82. {
83. sPassword = GetStringFromSecureString(cred.Credential);
84. }
85. break;
87. }
88. }
89. }
90. }
92. //Checking whether required credentials are found
93. if (string.IsNullOrEmpty(sUserName) || string.IsNullOrEmpty(sPassword))
94. {
95. objUserCredentials = null;
96. }
97. else
98. {
99. objUserCredentials = new Credentials(sUserName, sPassword);
100. }
103. }
104. catch (SecureStoreException ex)
105. {
106. objUserCredentials = null;
107. }
108. });
109. return objUserCredentials;
110. }
112. /// <summary>
113. /// This method Converts a secured sting into plain string
114. /// </summary>
115. /// <param name="objSecureString"></param>
116. /// <returns>string</returns>
117. private static string GetStringFromSecureString(SecureString objSecureString)
118. {
119. if (objSecureString == null)
120. {
121. return null;
122. }
124. IntPtr pPlainText = IntPtr.Zero;
125. try
126. {
127. pPlainText = Marshal.SecureStringToBSTR(objSecureString);
128. return Marshal.PtrToStringBSTR(pPlainText);
129. }
130. finally
131. {
132. if (pPlainText != IntPtr.Zero)
133. {
134. Marshal.FreeBSTR(pPlainText);
135. }
136. }
137. }
139. /// <summary>
140. /// This method retrieves the Central Administration site. This is used by the GetCredentials method to set the ProviderContext.
141. /// </summary>
142. /// <returns>SPSite</returns>
143. private static SPSite GetCentralAdminSite()
144. {
145. SPAdministrationWebApplication objAdminWebApp = SPAdministrationWebApplication.Local;
146. if (objAdminWebApp == null)
147. {
148. throw new InvalidProgramException("Unable to get the admin web app");
149. }
151. SPSite objAdminSite = null;
152. Uri objAdminSiteUri = objAdminWebApp.GetResponseUri(SPUrlZone.Default);
153. if (objAdminSiteUri != null)
154. {
155. objAdminSite = objAdminWebApp.Sites[objAdminSiteUri.AbsoluteUri];
157. }
158. else
159. {
160. throw new InvalidProgramException("Unable to get Central Admin Site.");
161. }
163. return objAdminSite;
164. }
165. }
Build the Solution.
Use this class and methods to read the credentials from the Secure Store Application. This class will connect to the secure store application and read the required credentials. If the User context in which the code is running is not a member of the Target Application Members Group, it will throw an exception.

I hope this will help you!

Recommended Free Ebook

Configure MinRole Search and Cloud Hybrid Features in SharePoint Server 2016 and Office 365

Download Now!