Accessing the SharePoint Secure Store through code

The Secure Store Service in SharePoint 2010 is a shared service that provides a secure storage and mapping of credentials such as account names and passwords which can be used for accessing external systems.In this article, I’ll demonstrate how to setup a new Target Application in SharePoint 2010 as well as demonstrate how to access this information through code. We will use the Secure Store to store information needed to access an external database which will be used by our SharePoint application.

Ensure the Secure Store Service is active

    1. In Central Administration, open the “Manage Services on Server” link under the System Settings heading.
    2. Verify the Secure Store Service is started.

image

    1. In Central Administration, open the “Manage Service Applications” link. If you don’t already have a Secure Store Service Application in your farm, you will need to create one.

image

Create a new Target Application

    1. In Central Administration, open the “Manage Service Applications” page and then manage the Secure Store Service Application.
    2. Click New
    3. Complete the Target Application Settings. The Target Application ID is used to reference the Target Application. In this scenario, the Target Application Type is setup to group so that we can add some users later on.

image

    1. Click Next.
    2. Setup the required fields which will hold the credentials and database information. By default, you will see just a Windows User Name and Windows Password field. You can rename these and click on the “Add Field” link to add some new fields which will store the server name and database name we will use to create a connection string. (It’s also possible for this scenario just to have only one field which contains the entire connection string)

image

    1. Click Next.
    2. Add the application Administrators and Members. Administrators can manage this Target Application, while users added to the Members box will be mapped to this Target Application.

image

    1. Click Next.
    2. Now we have created the Target Application, but we have yet to add the credentials. Hover over the new Target Application and select “Set Credentials”.

image

    1. Enter the information necessary for accessing the database.

image

  1. Click Ok when finished.

Access the Target Application programmatically

  1. For this application, I created a static class called SecureStoreUtility.cs which contains a couple of methods that handle reading the Target Application and generating a connection string from that information. It should be pretty self explanatory.  The GetConnectionString method accepts the SPServiceContext as well as the Target Application ID which we created earlier. The GetValues method returns a Dictionary collection of all of the key/value pairs contained within the Target Application we created. We simply grab those values and generate a connection string out of it.
usingMicrosoft.Office.SecureStoreService.Server;usingMicrosoft.SharePoint;usingSystem;usingSystem.Collections.Generic;usingSystem.Linq;usingSystem.Runtime.InteropServices;usingSystem.Security;namespaceMyProject {publicstaticclassSecureStoreUtility {publicstaticstringGetConnectionString(SPServiceContext serviceContext,stringapplicationID) { Dictionary<string,string>credentials=SecureStoreUtility.GetValues(serviceContext, applicationID);stringserver=credentials["Server"];stringdatabase=credentials["Database"];stringusername=credentials["UserName"];stringpassword=credentials["Password"];stringconnectionString=String.Format(@"Data Source={0};Initial Catalog={1};Integrated Security=SSPI;User Id={2};Password={3};", server, database, username, password);returnconnectionString; }privatestaticDictionary<string,string>GetValues(SPServiceContext serviceContext,stringapplicationID) { var secureStoreProvider=newSecureStoreProvider { Context=serviceContext }; var values=newDictionary<string,string>();using(var credentials=secureStoreProvider.GetCredentials(applicationID)) { var fields=secureStoreProvider.GetTargetApplicationFields(applicationID);for(var i=0; i<fields.Count; i++) { var field=fields[i]; var credential=credentials[i]; var decryptedCredential=ToClrString(credential.Credential); values.Add(field.Name, decryptedCredential); } }returnvalues; }privatestaticstringToClrString(thisSecureString secureString) { var ptr=Marshal.SecureStringToBSTR(secureString);try{returnMarshal.PtrToStringBSTR(ptr); }finally{ Marshal.FreeBSTR(ptr); } } } }
  1. You should now be able to call “SecureStoreUtility.GetConnectionString(SPServiceContext.Current, “DatabaseConnectionString”)” from elsewhere in your application and you will be returned the full connection string to your database generated from the information in the Target Application we created earlier.
stringconnectionString=SecureStoreUtility.GetConnectionString(SPServiceContext.Current,"DataBaseConnectionString");

SharePoint Workflow History Explained

Microsoft's Productivity Future Vision (2011) Video