I am able to get the users roles (User AD groups) in SP 2010 (NTLM/Classic sites) using Roles.GetRolesForUser(); method. But the same method gives encrypted roles in SP2013 as like this,
"0).w|s-1-5-21-3781269710-2253848316-4214219372-5434"
"0*.w|s-1-5-21-3781269710-2253848316-4214219372-513"
"0!.s|windows"
"0(.s|true"
I need a user groups as like this,
DOMAIN\Administrator
DOMAIN\WSS_WPG
DOMAIN\WSS_WPG_ADMIN
Following activities I did to get the decrypted roles. But I am not able to get the decrypted roles.
- Broke the claims and try to get the roles from the SPClaims object.
IClaimsIdentity claimsIdentity;
ClaimCollection userClaims;
claimsIdentity = ((IClaimsPrincipal)(Thread.CurrentPrincipal)).Identities[0];
userClaims = claimsIdentity.Claims;
allRoles = userClaims.Where(r => r.ClaimType ==ClaimTypes.Role).Select(r => r.Value).ToArray();
2. Convert SAML 2.0 to Windows NT token and get the roles from NT token
SPSecurity.RunWithElevatedPrivileges(delegate()
{
WindowsIdentity windowsIdentity = S4UClient.UpnLogon(upn);
using (WindowsImpersonationContext ctxt = windowsIdentity.Impersonate())
{
IdentityReferenceCollection objWinRoleCollection = windowsIdentity.Groups;
}
IdentityReferenceCollection objWinRoleCollectionw = windowsIdentity.Groups;
allRoles =Roles.GetRolesForUser();
});
3. Set the SALM claims requirement as role in web.config file to return roles
<microsoft.identityModel>
<servicesaveBootstrapTokens="true">
<audienceUris />
<issuerNameRegistrytype="Microsoft.SharePoint.IdentityModel.SPPassiveIssuerNameRegistry, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<issuerTokenResolvertype="Microsoft.SharePoint.IdentityModel.SPIssuerTokenResolver, Microsoft.SharePoint.IdentityModel, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<securityTokenHandlers>
<clear />
<addtype="Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<addtype="Microsoft.SharePoint.IdentityModel.SPSaml11SecurityTokenHandler, Microsoft.SharePoint.IdentityModel, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c">
<samlSecurityTokenRequirement>
<nameClaimTypevalue="http://schemas.microsoft.com/sharepoint/2009/08/claims/userid" />
<roleClaimTypevalue="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"/>
</samlSecurityTokenRequirement>
</add>
<addtype="Microsoft.SharePoint.IdentityModel.SPTokenCache, Microsoft.SharePoint.IdentityModel, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
</securityTokenHandlers>
<federatedAuthentication>
<wsFederationpassiveRedirectEnabled="false"issuer="https://none"realm="https://none" />
<cookieHandlermode="Custom"path="/">
<customCookieHandlertype="Microsoft.SharePoint.IdentityModel.SPChunkedCookieHandler, Microsoft.SharePoint.IdentityModel, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
</cookieHandler>
</federatedAuthentication>
</service>
</microsoft.identityModel>
- 4. Get the roles from SPClaimsAuthRoleProvider class
allRoles = newSPClaimsAuthRoleProvider().GetRolesForUser(SPContext.Current.Web.CurrentUser.LoginName);
5. Decrypt the Claims token
foreach (string roleinRoles.GetRolesForUser(name.Value))
{
SPClaim spcrole = SPClaimProviderManager.Local.DecodeClaimFromFormsSuffix(role); // This is the method you are looking for
if (spcrole.ClaimType == ClaimTypes.Role)
{
rolesList.Add(spcrole.Value);
}
}
6. Get the role from the Default role provide
allRoles = Roles.Providers["c"].GetAllRoles();
All above methods return only the encrypted role. I searched over the internet but I am not able to get the much help for the SP2013.
Any help is greatly appreciated.
Thanks and Regards, BalaMurugan J