What You Need to Know About Using EnsureUser In Claims-Based Web Apps in SharePoint 2010 and SharePoint 2013


We ran across an interesting wrinkle in some code last week where someone was using the EnsureUser API, which is a method off of the SPWeb.  Yes, we are talking about full trust code again, something which we haven't talked about as much lately but which still has a role in certain circumstances in SharePoint 2013 and which had a major role in SharePoint 2010.  This scenario has to do with calling EnsureUser for Windows claims users.  The key to understand here is that you should NOT be passing in the user name in the format domain\username when you are using a claims-based web application.  If you are only using Windows claims on the zone then the call will likely succeed when you pass in domain\username.  However if you add other authentication types like FBA or SAML, then this call will typically fail with a "user not found" error.

To be safe, you need to get the encoded claim value for the user and pass that into the EnsureUser method.  Here's an example of how you would do that doing full trust code:        

SPClaimProviderManager cpm = SPClaimProviderManager.Local;

SPClaim userClaim = cpm.ConvertIdentifierToClaim("domain\\username",

SPIdentifierTypes.WindowsSamAccountName);

using (SPSite theSite = newSPSite("https://www.contoso.com"))

{

     SPWeb theWeb = theSite.OpenWeb();

     SPUser theUser = theWeb.EnsureUser(userClaim.ToEncodedString());

}

If you wanted to do this in PowerShell, it would look something like this:

$claim = New-SPClaimsPrincipal -Identity corp\servero -IdentityType WindowsSamAccountName
$web.EnsureUser($claim.ToEncodedString());

The ToEncodedString() method returns a value like this:  i:0#.w|domain\\username

It's very important you follow this advice, or you will in all likelihood end up in a broken state when your code is used on a zone with more than one authentication method.

Comments (9)

  1. alexandrad9x says:

    Tao http://dichvuketoanlongbien.com/
    Rủa
    http://dichvuketoanlongbien.com/a2-96-dich-vu-ke-toan-tron-goi.html
    Thằng http://dichvuketoanlongbien.com/a2-98-dich-vu-ke-toan-thue.html
    Cờ
    http://dichvuketoanlongbien.com/a2-103-dich-vu-bao-cao-tai-chinh.html
    http://dichvuketoanlongbien.com/a2-97-dich-vu-quyet-toan-thue.html
    Nào
    http://dichvuketoanlongbien.com/a2-114-dich-vu-ke-toan-tai-29-quan-huyen.html
    Soi
    http://dichvuketoanlongbien.com/i780-dich-vu-ke-toan-thue-tron-goi-tai-bac-ninh.html
    Tài
    http://dichvuketoanlongbien.com/i779-dich-vu-ke-toan-thue-tron-goi-tai-bac-giang.html
    Khoản
    http://dichvuketoanlongbien.com/i778-dich-vu-ke-toan-thue-tron-goi-tai-phu-tho.html

    http://dichvuketoanlongbien.com/i781-dich-vu-ke-toan-thue-tron-goi-tai-hung-yen.html
    Link
    http://dichvuketoanlongbien.com/i782-dich-vu-ke-toan-thue-tron-goi-tai-vinh-phuc.html
    Của
    http://dichvuketoanlongbien.com/i783-dich-vu-ke-toan-thue-tron-goi-tai-hai-phong.html
    Tao. http://www.trungtamketoan.com.vn/
    Chúng
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-ha-noi.html
    Mày
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-tp-hcm.html
    Đủ
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-quang-ninh.html
    Trình
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-duong.html
    Thì
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-giang.html
    Tự
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-ninh.html
    Đi
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-phong.html

    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-nam-dinh.html
    Làm.
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thai-binh.html
    Việc
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thanh-hoa.html

    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-vinh-phuc.html
    Phải
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hung-yen.html
    Rẻ
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-phu-tho.html
    Rách
    http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-binh-duong.html
    Như http://www.tosvn.com
    Thế. http://iketoan247.blogspot.com
    Loại http://tailieuveketoan.blogspot.com
    Chó http://mauhinhnendep.blogspot.com
    Má. http://www.tosvn.com/search/label/Hack%20CF
    Tao http://www.tosvn.com/search/label/Hack%20AvatarStar
    Rủa http://www.tosvn.com/search/label/Hack%20Warcraft-Dota2
    Những http://hocketoan360.com/category/tai-lieu-ke-toan/
    Thằng http://iketoan247.blogspot.com/search/label/thong-tin-kinh-te
    Soi http://iketoan247.blogspot.com/search/label/tin-bai-ve-thue
    Tao http://hoclamketoan.edu.vn/
    Sẽ http://hoclamketoan.edu.vn/category/khoa-hoc-ke-toan
    Tan http://hoclamketoan.edu.vn/category/dich-vu-ke-toan
    Cửa http://hoclamketoan.edu.vn/category/hoc-lam-ke-toan
    Nát http://hoclamketoan.edu.vn/category/tai-lieu-ke-toan
    Nhà http://hocketoan360.com/
    Haha http://hocketoan360.com/category/khoa-hoc-ke-toan/
    http://hocketoan360.com/category/dich-vu-ke-toan/

  2. Anonymous says:

    Good work on including a PowerShell example in addition to C#!

  3. PeachMoose says:

    Thank you for adding the powershell script as well. Very helpful and Much appreciated!

  4. PaulE says:

    Excellent point, Steve! Thanks.

  5. SDF says:

    http://www.shopbestgoods.com/
    http://www.nike-jordanshoes.com/
    http://www.beatsbydreoutlet.net/
    http://www.michaelkorsus.com/
    http://www.polo-tshirts.com/
    http://www.northsclearance.com/
    http://www.ralph-laurensale.com/
    http://www.gucci-shoesuk2014.com/
    http://www.michael-korsusa.com/
    http://www.polo-outlets.com/
    http://www.ralphslauren.co.uk/
    http://www.marcjacobsonsale.com/
    http://www.mcmworldwides.com/
    http://www.salongchamppairs.com/
    http://www.canada-gooser.com/
    http://www.burberryoutlet2014.com/
    http://www.michaelkors.so/
    http://www.hermes-outletonline.com/
    http://www.oakley-sunglassoutlet.com/
    http://www.north-faceoutlets.net/
    http://www.moncler-clearance.com/
    http://www.woolrich-clearance.com/
    http://www.barbour-jacketsoutlet.com/
    http://www.moncler-jacketsoutletonline.com/
    http://www.monsterbeatsbydres.net/
    http://www.louis-vuittonblackfriday.com/
    http://www.lv-guccishoesfactory.com/
    http://www.mcmoutlet-jp.com/
    http://www.cheapdiscountoutlet.com/
    http://coachoutlet.iwopop.com/
    http://www.coachsfactoryoutlet.com/
    http://www.coach-blackfriday2014.com/
    http://www.coach-storeoutletonline.com/
    http://www.coach-factorysoutletonline.com/
    http://www.coachccoachoutlet.com/
    http://www.coach-factories.net/
    http://www.coach-pursesoutletonline.com/
    http://www.llouisvuitton-factory.net/
    http://www.coach-outletsusa.com/
    http://www.mksfactoryoutlet.com/
    http://www.zxcoachoutlet.com/
    http://www.mischristmas.com/
    http://www.misblackfriday.com/
    http://www.bestcustomsonline.com/
    http://www.newoutletonlinemall.com/
    http://www.clickmichaelkors.com/
    http://www.cmichaelkorsoutlet.com/
    http://www.ralphlaurenepolo.com/
    http://michaelkorsoutlet.mischristmas.com/
    http://mcmbackpack.mischristmas.com/
    http://monsterbeats.mischristmas.com/
    http://northfaceoutlet.mischristmas.com/
    http://mk.misblackfriday.com/
    http://coachoutlet.misblackfriday.com/
    http://coachfactory.misblackfriday.com/
    http://uggaustralia.misblackfriday.com/
    http://coachpurses.misblackfriday.com/
    http://coachusa.misblackfriday.com/
    http://coach.misblackfriday.com/
    http://michaelkorss.misblackfriday.com/
    http://michaelkors.misblackfriday.com/
    http://airmax.misblackfriday.com/
    http://michael-kors.misblackfriday.com/

    http://t.co/1PJuejI1ys
    http://t.co/FYm2MxWwLM
    https://twitter.com/CoachOutlet2014
    https://www.facebook.com/pages/Coach-Factory-Outlet-Online-Store-Michael-Kors-Outlet-Online-Sale-75-Off/712060898859091
    https://www.facebook.com/pages/Ralph-Lauren-Polo-Outlet-Online-Sale/1404100279810690

  6. m88 says:

    After 10 La Liga highlights the most notable are oriented M88:http://www.m88no.com/Main/Home.aspx?affiliateId=99156">m88
    performance of two leading stars Ronaldo and Messi, as well as the two giants of Spanish football. While Ronaldo’s Real flying high at the opposite Barca and Messi are off balance after the results are not as standard.

    A round face showing the stark contrast of the two giant bull origin. While Ronaldo Real to the top of the M88, opposite Barca and Messi himself is not climate "and the classic Superman". In addition, the champions Atletico showed strong breakthrough.

    The most noticeable thing is the decline of the Argentine star in M88 rounds recently. Especially after Barca’s 1-3 defeat before rival Real, scoring instincts "Rooftop excess" Messi does not exist. Phase miss the M10 somewhat ungainly lead Casillas, after
    the applicant has Suarez was the beginning of the team’s disappointing Camp Nou later.

  7. jitendra says:

    Hi,

    I am trying to add users to SharePoint 2013 Group.

    Lets say my user name is (jitendra-1987jitendra) and Group is testing_Group.

    I have used .Net Client Object model. The user is add to testing_Group. But when i tried to open the SharePoint Site, access denied error is coming(Site is not shred).

    To figure out the issue, i have deleted the user and added the same user (jitendra-1987jitendra) to the same group manually(SharePoint UI). I can able to access the SharePoint Site.

    Here i have seen the small difference, that is Account value of the User(Click on the User–> Account is the column).

    If add user manually, the Account value is like showing like (.xw|jitendra-1987jitendra).I can access site collection.

    If i add user via code the Account value is like showing like (jitendra-1987jitendra).I am unable to access site collection.

    So as i said earlier, i am using SharePoint 2013. I am able to add users to sharepoint group. but the users are unable to access SharePoint site.

    Do i need to do anything else??

    Please share me if any one have the code snippet(server object model code also fine) to this email id jitendra.sampath@gmail.com.

    Thanks in advance.

  8. Anonymous says:

    NOTE: Please download the attachment to get a Word doc with this posting in human readable format.

  9. Anonymous says:

    I had a friend send me kind of an interesting problem the other day. He was trying to add a new user