Share via


An Updated ClaimsTokenHelper for SharePoint 2013 High Trust Apps and SAML

When Visual Studio 2013 came out, it introduced a new class and simplified methods for obtaining a ClientContext to use with the Client Side Object Model (CSOM) to access SharePoint 2013 sites. A new SharePointContext class was added to simplify the programming model, but internally it still called the TokenHelper class that originally shipped with Visual Studio 2012. 

Shortly after SharePoint 2013 shipped, I provided an additional class – the ClaimsTokenHelper class – to be used when your SharePoint sites are secured using SAML authentication (https://blogs.technet.com/b/speschka/archive/2013/07/23/3539509.aspx). Neither the original TokenHelper class nor the new SharePointContext class provides a means to properly identify a SAML claims user. I decided to take a fresh look at the ClaimsTokenHelper implementation and see if I could find a way to update things to keep it more closely aligned with the development model used in the new SharePointContext class. What I ended up doing is creating a new SharePointContextExtensions class, and it allows you to use virtually the same exact programming model as you do now with the SharePointContext class. 

Here’s an example of the code you use to access a site title using the SharePointContext class:

var spContext = SharePointContextProvider.Current.GetSharePointContext(Context);

using (var clientContext =

spContext.CreateUserClientContextForSPHost())

{

clientContext.Load(clientContext.Web, web => web.Title);

clientContext.ExecuteQuery();

Response.Write(clientContext.Web.Title);

}

 

Now, here’s an example of using the new SharePointContextExtensions class:

var spContext = SharePointContextProvider.Current.GetSharePointContext(Context);

using (var clientContext =

               spContext.CreateUserClientContextForSPHost(TokenHelper.IdentityClaimType.SMTP))

{

clientContext.Load(clientContext.Web, web => web.Title);

clientContext.ExecuteQuery();

Response.Write(clientContext.Web.Title);

}

 

As you can see, literally the only difference between the two now is that you need to specify which OAuth identity attribute you want to use as the identity claim – SMTP, SIP, or UPN. Also, there is a corresponding method for getting a ClientContext for an App Only token. Here’s the out of the box syntax:

spContext.CreateAppOnlyClientContextForSPHost();

 

And here’s the corresponding method when using SAML:

spContext.CreateAppOnlySamlClientContextForSPHost();

 

In this case I had to actually change the method name, because it would otherwise have the same exact method name and signature as the SharePointContext class. I’ve attached the SharePointContextExtensions and ClaimsTokenHelper classes to this posting. Using them is pretty straightforward:

  1. Add both classes to your project
  2. Change the “namespace” declaration at the top of each class to match the namespace you are using in your project.
  3. As with the original ClaimsTokenHelper class you also need to do the following; you can find more details on both of these steps in the original blog post at https://blogs.technet.com/b/speschka/archive/2013/07/23/3539509.aspx#pi47623=1:
    1. Add the “partial” modifier to the TokenHelper.cs class that Visual Studio adds to your project, i.e. it should read public partial class TokenHelper
    2. Add the “TrustedProviderName” property to your appSettings section in web.config and put in the name of your SPTrustedIdentityTokenIssuer as the value.
    3. Start coding.

That’s it – you should be up and running in no time!

SharePointContextExtensions.zip

Comments

  • Anonymous
    January 01, 2003
    http://dichvuketoanlongbien.com>dich vu ke toan
  • Anonymous
    September 30, 2014
    Would it be possible to push this code as a library to NuGet?
  • Anonymous
    October 28, 2014
    Hi I am getting access denied error and its still passing the windows identity
  • Anonymous
    October 29, 2014
    Got it working. thanks
  • Anonymous
    November 04, 2014
    Hi Steve,

    Can I still decorate my methods with [SharePointContextFilter] attribute?

    Please advise. Thank you so much.
  • Anonymous
    November 17, 2014
    Continuing on with the theme of SAML secured SharePoint sites and SharePoint Apps, this next posting
  • Anonymous
    November 25, 2014
    Hi Steve, I'm trying to download the attached file for this post and the original, but they are not working.
    Could you please help me to get them?
    Thanks, you content is very helpful!
  • Anonymous
    January 08, 2015
    m88 : http://m88en.com
    M88.com offer online sports games Asia, Sports Betting Asia, Sports Betting Sites Asia.
    m88asia : http://m88en.net
    Link to M88BET phone: m88en.com. – Register and Open Betting Account and Membership M88BET.
    m88bet : http://www.linkm88vip.com
    MANSION88 the house is one of the largest and most prestigious. Appeared quite early in the Asian market, the so-MANSION88 currently attracts more players.
    link m88 : http://m88wiki.com
    Home the M88 is the official sponsor of the football club in the Premier League
    Wish you happy with the new M88
    m88 casino online : http://m88free.com