Programmatically determining which Claims Authentication Type has been used to login with Claims Based Authentication

Claims Based Authentication introduced with SharePoint 2010 allows you to login to a SharePoint site using multiple Authentication Providers. In some scenario you might need to determine which Claims Authentication Type has been used to login in order to conditionally show some content. Find out how this can be done using the new Claims API provided with SharePoint 2010.

Determining the Claims Authentication Type used for logging in is very simple using the Claims API provided with SharePoint 2010 and can be done using the following code snippet:

string info = null;  
SPClaimProviderManager mgr = SPClaimProviderManager.Local;  
if (mgr != null)  
{
    SPClaim userLogonNameClaim = mgr.DecodeClaim(SPContext.Current.Web.CurrentUser.LoginName);
    SPOriginalIssuerType issuerType = SPOriginalIssuers.GetIssuerType(userLogonNameClaim.OriginalIssuer);
    string issuerIdentifier = SPOriginalIssuers.GetIssuerIdentifier(userLogonNameClaim.OriginalIssuer);

    info = String.Format("type: {0}<br />identifier: {1}", issuerType, issuerIdentifier);
}

First you will need a reference to the current Claims Provider Manager (2). The next step is to turn the login name of the currently logged in user into a claim. This can be done using the DecodeClaim method (5). The type and the ID of the Claims Authentication Type used for authenticating the user is stored in the SPClaim.OriginalIssuer property. You can retrieve the type of the claim using the GetIssuerType method (6) and the identifier using the GetIssuerIdentifier method (7). Let’s have a look at a sample case.

Imagine you were logged in with a Forms Based Authentication user called myuser. The FBA Membership Provider registered with the Web Application is called myprovider. So after logging in the login name of the user would be something similar to: i:0#.f|myprovider|myuser. After using the code snippet above the issuerType would be set to SPOriginalIssuerType.Forms and the issuerIdentifier would contain the id of the FBA Membership Provider – myprovider.

In another scenario, when you would be logged in using a Windows account, using the same code snippet as presented above would return SPOriginalIssuerType.Windows for the type and an empty string for the identifier.

And that’s all you need to know in order to determine which Claims Authentication Type has been used for authenticating the user. Being able to distinct users using different authentication types can help you target and/or secure content or functionality in your solution.

Technorati Tags: SharePoint 2010,Claims

Comments

comments powered by Disqus