SharePoint【学习笔记】-- SecureStoreProvider扩展:验证Application中是否有当前用户的credentials

    Code Snippet: Get User Credentials Using the Default Secure Store Provider 中演示了如何获取当前用户的凭证信息，其中提到当GetCredentials获取不到值会抛异常SecureStoreServiceException，这个异常相当强大，不仅出现在ULS中，在Windows日志中也会出现Event 7493事件；

using (SecureStoreCredentialCollection creds = provider.GetCredentials(appId))
{
// Secure Store Service will not return null. It may throw a SecureStoreServiceException,
// but this may not be true for other providers.

 

================================================================================

Microsoft Secure Store Service 应用程序 Secure Store Service 无法检索凭据。返回的错误为“在目标应用程序“eam_79”中找不到当前用户的凭据。请为当前用户设置凭据。”。有关详细信息，请参阅 Microsoft SharePoint 产品和技术软件开发工具包(SDK)。

===============================================================

因此避免无凭证用户去请求变的很重要，解决的思路是直接查询SSS的数据库表[SSSCredentials]，将ApplicationID与[IdentityClaimValueHash]字段匹配，如果返回值大于0就说明该用户在SSS中是有该Application的凭证的；其中IdentityClaimValueHash字段是通过Hash256加密的；

下面是关键代码：

1.获取用户的IdentityClaimValueHash

2.获取SSS的数据库ConnecetionString

/// <summary> 
/// 获取单点登录数据库连接字符串 
 /// </summary> 
/// <returns></returns> 
public static string GetSSSDataBaseStr() 
{ 
    string dbconstr = ""; 
    bool islocalservice = false; 
    foreach (SPServiceApplicationProxy pro in SPContext.Current.Site.WebApplication.ServiceApplicationProxyGroup.DefaultProxies) 
    { 
        string s = pro.GetType().ToString(); 
        if (s == "Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy") 
        { 
            SPIisWebServiceApplicationProxy iispro = (SPIisWebServiceApplicationProxy)pro; 
            Uri endpoint = iispro.ServiceEndpointUri; 
            SecureStoreService svc = SPFarm.Local.Services.GetValue<SecureStoreService>(); 
            foreach (SecureStoreServiceApplication app in svc.Applications) 
            { 
                //SecureStoreServiceDatabase db=app.GetPrivateProperty<SecureStoreServiceDatabase>("Database"); 
                string svid1 = app.Id.ToString(); 
                if (!islocalservice) 
                { 
                    //ServiceEndpointUri    {urn:schemas-microsoft-com:sharepoint:service:510a8bf612714e58a3077f0a1f09ac1d#authority=urn:uuid:3ff1d34f9e994f939ebee8df59ff77b5&authority=https://irene2010rtm:32844/Topology/topology.svc} 
                    islocalservice = endpoint.AbsolutePath.ToLower().EndsWith(svid1.ToLower().Replace("-", "")); 
                    if (islocalservice) 
                    { 
                        Type objectType = app.GetType(); 
                        BindingFlags flag = BindingFlags.Instance | BindingFlags.NonPublic; 
                        PropertyInfo WS = objectType.GetProperty("Database", flag); 
                        SecureStoreServiceDatabase db3 = (SecureStoreServiceDatabase)WS.GetValue(app, null); 
                        //writer.WriteLine(db3.Name + ":" + db3.DatabaseConnectionString); 
                        dbconstr=db3.DatabaseConnectionString; 
                        break; 
                    } 
                } 
            } 
        } 
          
    } 
    return dbconstr; 
      
} 

3.查询语句（）

select a.ApplicationName,b.IdentityClaimValueHash 
             from SSSApplication a,SSSCredentials b where a.ApplicationId=b.ApplicationId and a.ApplicationName='" + appName.Trim()+ "' and b.IdentityClaimValueHash=@binaryValue