While working with SharePoint Secure Store Service, it is
hard to remember what credential you have stored. I have faced the same
situation when client asked me to use the previous Secure Store Service which
was configured almost 6 month before. I have no clue what the credential I have
set there.
Then I start googling to get some help how to retrieve
information from there and I got some good solutions.
For others I am posting two solutions, one is code based
solution and other is PowerShell cmdLet (Actually, I love this one because it makes
life easy)
1-
PowerShell
cmdLet:
$serviceCntx = Get-SPServiceContext
-Site http://<server>
$sssProvider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$sssProvider.Context = $serviceCntx
$marshal = [System.Runtime.InteropServices.Marshal]
try
{
$applicationlications
= $sssProvider.GetTargetApplications()
foreach ($application in
$applicationlications)
{
Write-Output "`n$($application.Name)"
Write-Output "$('-'*100)"
try
{
$sssCreds
= $sssProvider.GetCredentials($application.Name)
foreach ($sssCred in $sssCreds)
{
$ptr = $marshal::SecureStringToBSTR($sssCred.Credential)
$str = $marshal::PtrToStringBSTR($ptr)
Write-Output "$($sssCred.CredentialType): $($str)"
}
}
catch
{
Write-Output "(Something went wrong) - Error getting
credentials!"
}
Write-Output "$('-'*100)"
}
}
catch
{
Write-Output "(Something went wrong) - Error getting Target
Applications."
}
$marshal::ZeroFreeBSTR($ptr)
2- Code based Solution
Create
a console application and add a new
class retSecureStoreUtils:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.SharePoint;
using System.Runtime.InteropServices;
using System.Security;
using Microsoft.BusinessData.Infrastructure.SecureStore;
using Microsoft.Office.SecureStoreService.Server;
(Both highlighted dlls are Available in SharePoint
file System)
namespace RetrieveSecureStoreCredentials
{
public static class retSecureStoreUtils
{
public static Dictionary<string, string> GetCredentials(string applicationID)
{
var credentialMap = new Dictionary<string, string>();
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite site = SPContext.Current.Site;
SPServiceContext serviceContext = SPServiceContext.GetContext(site);
var secureStoreProvider = new SecureStoreProvider { Context = serviceContext };
using (var credentials = secureStoreProvider.GetCredentials(applicationID))
{
var fields = secureStoreProvider.GetTargetApplicationFields(applicationID);
for (var i = 0; i < fields.Count; i++)
{
var field = fields[i];
var credential = credentials[i];
var decryptedCredential = ToClrString(credential.Credential);
credentialMap.Add(field.Name, decryptedCredential);
}
}
});
return credentialMap;
}
public static string ToClrString(this SecureString secureString)
{
var ptr = Marshal.SecureStringToBSTR(secureString);
try
{
return Marshal.PtrToStringBSTR(ptr);
}
finally
{
Marshal.FreeBSTR(ptr);
}
}
}
}
Use the below code to retrieve credentials from secure store
service as follows:
Dictionary<string, string> sssCredentials = retSecureStoreUtils.GetCredentials("SecureStoreId");
string strDU = sssCredentials.ElementAt(0).Value;
int SlashPosition = strDU.IndexOf('\\');
this.strDomainName = strDU.Substring(0, SlashPosition);
this.strUserName = strDU.Substring(SlashPosition + 1, strDU.Length - this.strDomainName.Length - 1);
this.strPassword = sssCredentials.ElementAt(1).Value;
Referrences :
http://saiabhilash.blogspot.in/2011/12/read-credentials-from-secure-store.html
http://arjanstijntjes.wordpress.com/2013/05/08/sharepoint-2010-extract-all-credentials-from-the-secure-store-service/
Nice Article. Good way to define two different processes at one place.
ReplyDeleteGreat