SharePoint【学习笔记】-- SecureStoreProvider扩展:验证Application中是否有当前用户的credentials

Code Snippet: Get User Credentials Using the Default Secure Store Provider 中演示了如何获取当前用户的凭证信息，其中提到当GetCredentials获取不到值会抛异常SecureStoreServiceException，这个异常相当强大，不仅出现在ULS中，在Windows日志中也会出现Event 7493事件；

using (SecureStoreCredentialCollection creds = provider.GetCredentials(appId))
{
// Secure Store Service will not return null. It may throw a SecureStoreServiceException,
// but this may not be true for other providers.

================================================================================

Microsoft Secure Store Service 应用程序 Secure Store Service 无法检索凭据。返回的错误为“在目标应用程序“eam_79”中找不到当前用户的凭据。请为当前用户设置凭据。”。有关详细信息，请参阅 Microsoft SharePoint 产品和技术软件开发工具包(SDK)。

===============================================================

因此避免无凭证用户去请求变的很重要，解决的思路是直接查询SSS的数据库表[SSSCredentials]，将ApplicationID与[IdentityClaimValueHash]字段匹配，如果返回值大于0就说明该用户在SSS中是有该Application的凭证的；其中IdentityClaimValueHash字段是通过Hash256加密的；

下面是关键代码：

1.获取用户的IdentityClaimValueHash

2.获取SSS的数据库ConnecetionString

/// <summary>
/// 获取单点登录数据库连接字符串
/// </summary>
/// <returns></returns>
public static string GetSSSDataBaseStr()
{
string dbconstr = "";
bool islocalservice = false;
foreach (SPServiceApplicationProxy pro in SPContext.Current.Site.WebApplication.ServiceApplicationProxyGroup.DefaultProxies)
{
string s = pro.GetType().ToString();
if (s == "Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy")
{
SPIisWebServiceApplicationProxy iispro = (SPIisWebServiceApplicationProxy)pro;
Uri endpoint = iispro.ServiceEndpointUri;
SecureStoreService svc = SPFarm.Local.Services.GetValue<SecureStoreService>();
foreach (SecureStoreServiceApplication app in svc.Applications)
{
//SecureStoreServiceDatabase db=app.GetPrivateProperty<SecureStoreServiceDatabase>("Database");
string svid1 = app.Id.ToString();
if (!islocalservice)
{
//ServiceEndpointUri    {urn:schemas-microsoft-com:sharepoint:service:510a8bf612714e58a3077f0a1f09ac1d#authority=urn:uuid:3ff1d34f9e994f939ebee8df59ff77b5&authority=https://irene2010rtm:32844/Topology/topology.svc}
islocalservice = endpoint.AbsolutePath.ToLower().EndsWith(svid1.ToLower().Replace("-", ""));
if (islocalservice)
{
Type objectType = app.GetType();
BindingFlags flag = BindingFlags.Instance | BindingFlags.NonPublic;
PropertyInfo WS = objectType.GetProperty("Database", flag);
SecureStoreServiceDatabase db3 = (SecureStoreServiceDatabase)WS.GetValue(app, null);
//writer.WriteLine(db3.Name + ":" + db3.DatabaseConnectionString);
dbconstr=db3.DatabaseConnectionString;
break;
}
}
}
}

}
return dbconstr;

}

3.查询语句（）

select a.ApplicationName,b.IdentityClaimValueHash
from SSSApplication a,SSSCredentials b where a.ApplicationId=b.ApplicationId and a.ApplicationName='" + appName.Trim()+ "' and b.IdentityClaimValueHash=@binaryValue