More Information on Adding and Changing Custom Claims Providers in SharePoint 2010


This is a topic that continues to generate swirl, because as soon as you make one change you may want to make another or remove a change you made.  I've blogged about this topic before: http://blogs.technet.com/speschka/archive/2010/04/28/how-to-override-the-default-name-resolution-and-claims-provider-in-sharepoint-2010.aspx and http://blogs.technet.com/b/speschka/archive/2010/05/25/replacing-the-out-of-box-name-resolution-in-sharepoint-2010-part-2.aspx.  I thought I'd try to summarize and add a few final thoughts here.  So here are the main scenarios that I current think are interesting.

$trusted = Get-SPTrustedIdentityTokenIssuer -Identity "Trusted Login Provider Name Goes Here"
$trusted.ClaimProviderName = “name of your custom claim provider”  //in your claim provider you need to override the SPClaimProvider.Name; use that value here
$trusted.Update()

  • I want to update a custom claims provider I developed:  this is just the more common case where I've written a custom provider, and now I've made changes to it (bug fixes, changes in functionality, etc.).  In that case you do something like this:

1.  Re-add the assembly to the GAC.  I usually remove it and add it again, but doing both isn't necessarily required..
2.  Reset IIS

  • I've configured my SPTrustedIdentityTokenIssuer to use my custom claims provider as the default provider, but now I want to remove it and use the out of the box claims provider.  This one is unfortunately more difficult – there isn't a direct way to change it back.  So you have to go through this process:

1.  Change your web apps to no longer use the SPTrustedIdentityTokenIssuer.  For example, change them to use Windows claims.
2.  Delete the SPTrustedIdentityTokenIssuer.
3.  Create a new SPTrustedIdentityTokenIssuer with the same settings, only don't configure it to use your custom claims provider as the default provider.
4.  Reconfigure your web apps to use the recreated SPTrustedIdentityTokenIssuer.

The takeaway from this last point is that you want to make sure you wrap up your steps for creating a new SPTrustedIdentityTokenIssuer into a PowerShell cmdlet that you can re-run as needed.

Those are the basic options and steps.  Hopefully this topic is covered sufficiently now.

Comments (7)

  1. Anonymous says:

    I seem to remember that there was a Search Service (PowersShell) only setting/property that controls how the security trimming is stored ( force claims ).

    But cannot seem to find it anymore on the web.

    Do you know of this?

  2. hassan sayed issa20014 says:

    thanks

  3. alexandrad9x says:

    http://dichvuketoanlongbien.com/
    http://dichvuketoanlongbien.com/a2-96-dich-vu-ke-toan-tron-goi.html
    http://dichvuketoanlongbien.com/a2-98-dich-vu-ke-toan-thue.html
    http://dichvuketoanlongbien.com/a2-103-dich-vu-bao-cao-tai-chinh.html
    http://dichvuketoanlongbien.com/a2-97-dich-vu-quyet-toan-thue.html
    http://dichvuketoanlongbien.com/a2-114-dich-vu-ke-toan-tai-29-quan-huyen.html
    http://dichvuketoanlongbien.com/i780-dich-vu-ke-toan-thue-tron-goi-tai-bac-ninh.html
    http://dichvuketoanlongbien.com/i779-dich-vu-ke-toan-thue-tron-goi-tai-bac-giang.html
    http://dichvuketoanlongbien.com/i778-dich-vu-ke-toan-thue-tron-goi-tai-phu-tho.html
    http://dichvuketoanlongbien.com/i781-dich-vu-ke-toan-thue-tron-goi-tai-hung-yen.html
    http://dichvuketoanlongbien.com/i782-dich-vu-ke-toan-thue-tron-goi-tai-vinh-phuc.html
    http://dichvuketoanlongbien.com/i783-dich-vu-ke-toan-thue-tron-goi-tai-hai-phong.html
    http://www.trungtamketoan.com.vn/
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-ha-noi.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-tp-hcm.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-quang-ninh.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-duong.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-giang.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-ninh.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-phong.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-nam-dinh.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thai-binh.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thanh-hoa.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-vinh-phuc.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hung-yen.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-phu-tho.html
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-binh-duong.html
    http://www.tosvn.com
    http://iketoan247.blogspot.com
    http://tailieuveketoan.blogspot.com
    http://mauhinhnendep.blogspot.com
    http://www.tosvn.com/search/label/Hack%20CF
    http://www.tosvn.com/search/label/Hack%20AvatarStar
    http://www.tosvn.com/search/label/Hack%20Warcraft-Dota2
    http://www.tosvn.com/2014/12/hack-truy-kich-mien-phi-hack-truy-kich.html
    http://iketoan247.blogspot.com/search/label/thong-tin-kinh-te
    http://iketoan247.blogspot.com/search/label/tin-bai-ve-thue
    http://hoclamketoan.edu.vn/
    http://hoclamketoan.edu.vn/category/khoa-hoc-ke-toan
    http://hoclamketoan.edu.vn/category/dich-vu-ke-toan
    http://hoclamketoan.edu.vn/category/hoc-lam-ke-toan
    http://hoclamketoan.edu.vn/category/tai-lieu-ke-toan
    http://hocketoan360.com/
    http://hocketoan360.com/category/khoa-hoc-ke-toan/
    http://hocketoan360.com/category/dich-vu-ke-toan/
    http://hocketoan360.com/category/tai-lieu-ke-toan/
    http://me.zing.vn/zb/u/htdung2281990
    http://me.zing.vn/zb/c/htdung2281990/6594341
    http://me.zing.vn/zb/c/htdung2281990/1

  4. Peter Meloun says:

    Hello,

    Can you help me?

    I tried to create a provider like your. I have a problem with compile this piece of code.

    protected override void FillSearch(System.Uri context, string[] entityTypes, string searchPattern, string hierarchyNodeID, int maxCount, SPProviderHierarchyTree searchTree)

    {

    .

    .

    matchNode = searchTree.Children.Where(…….

    }

    Error message:

    'System.Array' does not contain a definition for 'Where' and no extension method 'Where' accepting a first argument of type 'System.Array' could be found (are you missing a using directive or an assembly reference?)

    Pls, Help me!!!!

    R

  5. Huh Huh Huh Huh Huh says:

    Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh

  6. Sven says:

    There's a simpler way to restore the out-of-the box provider:

    $ti = Get-SPTrustedIdentityTokenIssuer XXXX

    $ti.GetType().GetField("m_ClaimProviderName","NonPublic,Instance").SetValue($ti, $null)

    $ti.Update()

    Without needing to delete and create a new SPTrustedIdentityTokenIssuer

  7. Matthieu says:

    @Sven: brilliant idea to use reflection here. Thanks!