SharePoint Server 2010 has proved to be a boon for developers working with SharePoint customization or SharePoint development. There has been a huge rise in outsource sharepoint development and thus the case is similar with increase in developers. This article shows you how claims provider in sharepoint 2010 can issue and package claims into security tokens means into tokens of users. At the time of signing to Microsoft SharePoint Foundation 2010 or in to SharePoint server 2010, the token of user is validated and then proceeds with the sign-in.
Role of claims provider in SharePoint Development is picking and augmentation. If you need more details on creating a claims provider then please refer How to: Create a Claims Provider.
Claims Augmentation: This role is when claims provider augments a user’s token with claims at the time of signing-in. It has the capability to enable application to augment additional claims into the user’s token. Any CRM application is able to augment roles from CRM database with the help of claims-based log-in. If you include these claims in the user’s token then with the help of resources claims can be ized against them. So claims can be used to determine if a specific user has the access to specific resources.
Claims Picking: In the people picker, a claims provider provides listing, resolve, search, and friendly display of claims functionality which is its picking role. In this role it enables an application to surface claims in the people picker.
Use of Scenarios by the Claims Provider: It is also possible to solve different scenarios with the help of claim providers. Let us see some scenarios in which claims provider can be used for solving.
- List, Resolve and Search: The 2010 server has in-built claim providers that are enable to list, resolve and search for built-in authentication providers such as Windows Active Directory, forms-based authentication and trusted security assertion markup language (SAML) token issuers. The server does not offer list or search in the case of trusted SAML token issuer. Thus at the time of entering some value server always resolves it. Claims provider enables users to override for implementing custom search, name resolution and list features.
- Authenticated Users or All Users Claims: Server offers some specific in-built claims provider that offers implementation support for concepts like authenticated users which is also called “All Users Claim”. From an authenticated provider it enables you to grant rights to all users.
- Add claims to an original token: There are some in-built claims providers that are added from the original “token”. Sometimes it becomes compulsory to add additional claims to user’s original claims token.
- No identity from original token: In a scenario when your system has some specific needs for people picking as well as token claims then in this case you know the identity of the user based on PUID and the original user. There are some additional active directory groups of user which does not contain the original user token. In such case you can build a claims provider for satisfying your system’s specific requirements.
