How To Get All Claims Providers Associated with a Web Application in SharePoint 2010


I’ve been asked this question a couple times before, which is I want to be able to programmatically find out what claims providers are being used with my web application.  This question is usually asked to mean what SPTrustedIdentityTokenIssuers are being used, but the method I’ll demonstrate will reveal those as well as custom claims providers that are not enabled by default (because if it’s enabled by default then it’s used everywhere).
The first thing to understand is that if you are wondering what’s enabled for a web application, you are thinking about it wrong (and probably why folks have had a hard time finding this info).  Your claims providers are going to be applied at the zone level, not the web application level.  So given a SharePoint Url, how do we figure out this information? 
To start with, get a new SPSite based on the Url in which you are interested:
using (SPSite theSite = new SPSite("http://someUrl"))
{
}
 
Once you have the SPSite object you can get the web application and zone:
//get the web app
SPWebApplication wa = theSite.WebApplication;
 
//get the zone for the site
SPUrlZone theZone = theSite.Zone;
 
With that information, you can get the SPIisSettings for the zone, which is where most of the good stuff resides:
//get the settings associated with the zone
SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);
 
Once I have the zone information, I can get both the authentication providers and claims providers for that zone.  They are found in these two properties:  ClaimsAuthenticationProviders and ClaimsProviders.  Now keep in mind that each ClaimsAuthenticationProvider has only a very small subset of the information that you get when you do something like Get-SPTrustedIdentityTokenIssuers in PowerShell.  If you really want to get the core underlying object, then you need to take your ClaimsAuthenticationProvider and get a SPTrustedLoginProvider from it.  Fortunately that is not too hard either.  Here’s an example where I’m basically querying for a list of SPTrustedLoginProviders using LINQ; note that in this example I’m only interested in the SAML claims providers (A.K.A. SPTrustedIdentityTokenIssuer):
//get the token service manager so we can retrieve the appropriate
//trusted login provider
SPSecurityTokenServiceManager sptMgr = SPSecurityTokenServiceManager.Local;
                                 
//get the list of authentication providers associated with the zone
foreach (SPAuthenticationProvider prov in theSettings.ClaimsAuthenticationProviders)
{
//make sure the provider we're looking at is a SAML claims provider
       if (prov.GetType() == typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider))
       {
              //get the SPTrustedLoginProvider using the DisplayName
              var lp =
                     from SPTrustedLoginProvider spt in
                     sptMgr.TrustedLoginProviders
                     where spt.DisplayName == prov.DisplayName
                     select spt;
 
              //there should only be one match, so retrieve that
              if ((lp != null) && (lp.Count() > 0))
              {
                     //get the login provider
                     SPTrustedLoginProvider loginProv = lp.First();
 
              }
       }
}
 
For completeness, I’ll paste in the entire code block below here.  In this particular scenario I was looking for all the SPTrustedIdentityTokenIssuers associated with a zone and for each one I was creating a string with the name of the provider and the Url to which you would get redirected to authenticate when using that provider.
using (SPSite theSite = new SPSite("http://someUrl"))
{
//get the web app
       SPWebApplication wa = theSite.WebApplication;
 
       //get the zone for the site
       SPUrlZone theZone = theSite.Zone;
 
       //get the settings associated with the zone
       SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);
 
       //if this isn't a claims auth site then bail out
       if (!theSettings.UseTrustedClaimsAuthenticationProvider)
       {
              MessageBox.Show("This is not a SAML claims auth site");
              return;
       }
                                 
       //clear the list of providers out
       ProviderLst.Items.Clear();
 
       //get the token service manager so we can retrieve the appropriate
       //trusted login provider
       SPSecurityTokenServiceManager sptMgr = SPSecurityTokenServiceManager.Local;
                                 
       //get the list of authentication providers associated with the zone
       foreach (SPAuthenticationProvider prov in
              theSettings.ClaimsAuthenticationProviders)
       {
              //make sure the provider we're looking at is a SAML claims provider
              if (prov.GetType() ==
       typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider))
              {
                     //get the SPTrustedLoginProvider using the DisplayName
                     var lp =
                           from SPTrustedLoginProvider spt in
                           sptMgr.TrustedLoginProviders
                           where spt.DisplayName == prov.DisplayName
                           select spt;
 
                     //there should only be one match, so retrieve that
                     if ((lp != null) && (lp.Count() > 0))
                     {
                           //get the login provider
                           SPTrustedLoginProvider loginProv = lp.First();
 
                           //get the login info
                           string provInfo = prov.DisplayName + " – " +
                                  loginProv.ProviderUri.ToString();
 
                           //add the login info to the list
                           ProviderLst.Items.Add(provInfo);
                     }
              }
       }
}
 

How To Get All Claims Providers Associated with a Web Application in SharePoint 2010.docx

Comments (6)

  1. Anonymous says:

    FYI: A slicker way to do this:

          if (prov.GetType() == typeof(Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider))

    is

          if (prov is Microsoft.SharePoint.Administration.SPTrustedAuthenticationProvider)

    Thanks again for another great article!

  2. Anonymous says:

    how about using this process? Will this work?just curious…

    $webapplication = Get-SPWebApplication -Identity "http://sp2010"

    $site = Get-SPSite -Identity "http://sp2010"

    $settings = $webapplication.GetIisSettingsWithFallback($site.Zone)

    $cap=$settings.ClaimsAuthenticationProviders[0]

    $cap.ClaimProviderName = "XXXXX"

    $webapplication.update()

  3. alexandrad9x says:

    Tao http://dichvuketoanlongbien.com/
    Rủa
    http://dichvuketoanlongbien.com/a2-96-dich-vu-ke-toan-tron-goi.html
    Thằng http://dichvuketoanlongbien.com/a2-98-dich-vu-ke-toan-thue.html
    Cờ
    http://dichvuketoanlongbien.com/a2-103-dich-vu-bao-cao-tai-chinh.html
    http://dichvuketoanlongbien.com/a2-97-dich-vu-quyet-toan-thue.html
    Nào
    http://dichvuketoanlongbien.com/a2-114-dich-vu-ke-toan-tai-29-quan-huyen.html
    Soi
    http://dichvuketoanlongbien.com/i780-dich-vu-ke-toan-thue-tron-goi-tai-bac-ninh.html
    Tài
    http://dichvuketoanlongbien.com/i779-dich-vu-ke-toan-thue-tron-goi-tai-bac-giang.html
    Khoản
    http://dichvuketoanlongbien.com/i778-dich-vu-ke-toan-thue-tron-goi-tai-phu-tho.html

    http://dichvuketoanlongbien.com/i781-dich-vu-ke-toan-thue-tron-goi-tai-hung-yen.html
    Link
    http://dichvuketoanlongbien.com/i782-dich-vu-ke-toan-thue-tron-goi-tai-vinh-phuc.html
    Của
    http://dichvuketoanlongbien.com/i783-dich-vu-ke-toan-thue-tron-goi-tai-hai-phong.html
    Tao. http://www.trungtamketoan.com.vn/
    Chúng
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-ha-noi.html
    Mày
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-tp-hcm.html
    Đủ
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-quang-ninh.html
    Trình
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-duong.html
    Thì
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-giang.html
    Tự
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-ninh.html
    Đi
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-phong.html

    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-nam-dinh.html
    Làm.
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thai-binh.html
    Việc
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thanh-hoa.html

    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-vinh-phuc.html
    Phải
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hung-yen.html
    Rẻ
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-phu-tho.html
    Rách
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-binh-duong.html
    Như http://www.tosvn.com
    Thế. http://iketoan247.blogspot.com
    Loại http://tailieuveketoan.blogspot.com
    Chó http://mauhinhnendep.blogspot.com
    Má. http://www.tosvn.com/search/label/Hack%20CF
    Tao http://www.tosvn.com/search/label/Hack%20AvatarStar
    Rủa http://www.tosvn.com/search/label/Hack%20Warcraft-Dota2
    Những http://hocketoan360.com/category/tai-lieu-ke-toan/
    Thằng http://iketoan247.blogspot.com/search/label/thong-tin-kinh-te
    Soi http://iketoan247.blogspot.com/search/label/tin-bai-ve-thue
    Tao http://hoclamketoan.edu.vn/
    Sẽ http://hoclamketoan.edu.vn/category/khoa-hoc-ke-toan
    Tan http://hoclamketoan.edu.vn/category/dich-vu-ke-toan
    Cửa http://hoclamketoan.edu.vn/category/hoc-lam-ke-toan
    Nát http://hoclamketoan.edu.vn/category/tai-lieu-ke-toan
    Nhà http://hocketoan360.com/
    Haha http://hocketoan360.com/category/khoa-hoc-ke-toan/
    http://hocketoan360.com/category/dich-vu-ke-toan/

  4. Anonymous says:

    No way I'm aware of to make a custom provider the default provider for a zone only; you can only configure that through the SPTrustedIdentityTokenIssuer itself.

    Steve

  5. Kartik Anand says:

    This is a great article. Is it possible, I can make the custom claims provider DEFAULT for a ZONE?

  6. SDF says:

    http://www.shopbestgoods.com/
    http://www.nike-jordanshoes.com/
    http://www.beatsbydreoutlet.net/
    http://www.michaelkorsus.com/
    http://www.polo-tshirts.com/
    http://www.northsclearance.com/
    http://www.ralph-laurensale.com/
    http://www.gucci-shoesuk2014.com/
    http://www.michael-korsusa.com/
    http://www.polo-outlets.com/
    http://www.ralphslauren.co.uk/
    http://www.marcjacobsonsale.com/
    http://www.mcmworldwides.com/
    http://www.salongchamppairs.com/
    http://www.canada-gooser.com/
    http://www.burberryoutlet2014.com/
    http://www.michaelkors.so/
    http://www.hermes-outletonline.com/
    http://www.oakley-sunglassoutlet.com/
    http://www.north-faceoutlets.net/
    http://www.moncler-clearance.com/
    http://www.woolrich-clearance.com/
    http://www.barbour-jacketsoutlet.com/
    http://www.moncler-jacketsoutletonline.com/
    http://www.monsterbeatsbydres.net/
    http://www.louis-vuittonblackfriday.com/
    http://www.lv-guccishoesfactory.com/
    http://www.mcmoutlet-jp.com/
    http://www.cheapdiscountoutlet.com/
    http://coachoutlet.iwopop.com/
    http://www.coachsfactoryoutlet.com/
    http://www.coach-blackfriday2014.com/
    http://www.coach-storeoutletonline.com/
    http://www.coach-factorysoutletonline.com/
    http://www.coachccoachoutlet.com/
    http://www.coach-factories.net/
    http://www.coach-pursesoutletonline.com/
    http://www.llouisvuitton-factory.net/
    http://www.coach-outletsusa.com/
    http://www.mksfactoryoutlet.com/
    http://www.zxcoachoutlet.com/
    http://www.mischristmas.com/
    http://www.misblackfriday.com/
    http://www.bestcustomsonline.com/
    http://www.newoutletonlinemall.com/
    http://www.clickmichaelkors.com/
    http://www.cmichaelkorsoutlet.com/
    http://www.ralphlaurenepolo.com/
    http://michaelkorsoutlet.mischristmas.com/
    http://mcmbackpack.mischristmas.com/
    http://monsterbeats.mischristmas.com/
    http://northfaceoutlet.mischristmas.com/
    http://mk.misblackfriday.com/
    http://coachoutlet.misblackfriday.com/
    http://coachfactory.misblackfriday.com/
    http://uggaustralia.misblackfriday.com/
    http://coachpurses.misblackfriday.com/
    http://coachusa.misblackfriday.com/
    http://coach.misblackfriday.com/
    http://michaelkorss.misblackfriday.com/
    http://michaelkors.misblackfriday.com/
    http://airmax.misblackfriday.com/
    http://michael-kors.misblackfriday.com/

    http://t.co/1PJuejI1ys
    http://t.co/FYm2MxWwLM
    https://twitter.com/CoachOutlet2014
    https://www.facebook.com/pages/Coach-Factory-Outlet-Online-Store-Michael-Kors-Outlet-Online-Sale-75-Off/712060898859091
    https://www.facebook.com/pages/Ralph-Lauren-Polo-Outlet-Online-Sale/1404100279810690