Thursday 4 September 2014

Retrieve Credentials from SharePoint Secure Store Service.

While working with SharePoint Secure Store Service, it is hard to remember what credential you have stored. I have faced the same situation when client asked me to use the previous Secure Store Service which was configured almost 6 month before. I have no clue what the credential I have set there.
Then I start googling to get some help how to retrieve information from there and I got some good solutions.
For others I am posting two solutions, one is code based solution and other is PowerShell cmdLet (Actually, I love this one because it makes life easy)

1-      PowerShell cmdLet:

$serviceCntx = Get-SPServiceContext -Site http://<server>

$sssProvider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
 $sssProvider.Context = $serviceCntx

$marshal = [System.Runtime.InteropServices.Marshal]

try
 {
 $applicationlications = $sssProvider.GetTargetApplications()
 foreach ($application in $applicationlications)
 {
 Write-Output "`n$($application.Name)"
 Write-Output "$('-'*100)"
 try
 {
 $sssCreds = $sssProvider.GetCredentials($application.Name)
 foreach ($sssCred in $sssCreds)
 {
 $ptr = $marshal::SecureStringToBSTR($sssCred.Credential)
 $str = $marshal::PtrToStringBSTR($ptr)

Write-Output "$($sssCred.CredentialType): $($str)"
 }
 }
 catch
 {
 Write-Output "(Something went wrong) - Error getting credentials!"
 }
 Write-Output "$('-'*100)"
 }
 }
 catch
 {
 Write-Output "(Something went wrong) - Error getting Target Applications."
 }

$marshal::ZeroFreeBSTR($ptr)



2-      Code based Solution

Create a console application  and add a new class retSecureStoreUtils:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.SharePoint;
using System.Runtime.InteropServices;
using System.Security;
using Microsoft.BusinessData.Infrastructure.SecureStore;
using Microsoft.Office.SecureStoreService.Server;
 (Both highlighted dlls are Available in SharePoint file System)

namespace RetrieveSecureStoreCredentials
{
    public static class retSecureStoreUtils
    {
        public static Dictionary<string, string> GetCredentials(string applicationID)
        {
            var credentialMap = new Dictionary<string, string>();
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                SPSite site = SPContext.Current.Site;
                SPServiceContext serviceContext = SPServiceContext.GetContext(site);
                var secureStoreProvider = new SecureStoreProvider { Context = serviceContext };
                using (var credentials = secureStoreProvider.GetCredentials(applicationID))
                {
                    var fields = secureStoreProvider.GetTargetApplicationFields(applicationID);
                    for (var i = 0; i < fields.Count; i++)
                    {
                        var field = fields[i];
                        var credential = credentials[i];
                        var decryptedCredential = ToClrString(credential.Credential);
 
                        credentialMap.Add(field.Name, decryptedCredential);
                    }
                }
            });
            return credentialMap;
        }
 
        public static string ToClrString(this SecureString secureString)
        {
            var ptr = Marshal.SecureStringToBSTR(secureString);
 
            try
            {
                return Marshal.PtrToStringBSTR(ptr);
            }
            finally
            {
                Marshal.FreeBSTR(ptr);
            }
        }
    }
}

Use the below code to retrieve credentials from secure store service as follows:
Dictionary<string, string> sssCredentials = retSecureStoreUtils.GetCredentials("SecureStoreId");
string strDU = sssCredentials.ElementAt(0).Value;
int SlashPosition = strDU.IndexOf('\\');
this.strDomainName = strDU.Substring(0, SlashPosition);
this.strUserName = strDU.Substring(SlashPosition + 1, strDU.Length - this.strDomainName.Length - 1);
this.strPassword = sssCredentials.ElementAt(1).Value;

Referrences :

http://saiabhilash.blogspot.in/2011/12/read-credentials-from-secure-store.html

http://arjanstijntjes.wordpress.com/2013/05/08/sharepoint-2010-extract-all-credentials-from-the-secure-store-service/






1 comment :

  1. Nice Article. Good way to define two different processes at one place.
    Great

    ReplyDelete