I have claims-based authentication using a Trusted Identity Provider (more precisely: it's SAML-based authentication) and a custom claims provider that augments the user's claim with additional attributes.
Now there is a strange behavior when I add the claims augmented by the claims provider to an existing group using code. The claims appears in the group collection of the site (_layouts/groups.aspx) as soon as it is added to the group. Since I have lot of claim values the list gets quite lenthy and the "regular" groups are hard to find in the groups collection (have to page one by one to find the regular groups).
The code (inspired by this blog post):
spGroup = SPContext.Current.Web.SiteGroups["MyGroup"];
SPClaimProviderManager claimMgr = SPClaimProviderManager.Local;
if (legalEntities != null)
{
foreach (string legalEntity in legalEntities)
{
SPClaim claim = new SPClaim(ClaimTypesKeys.Entity,
legalEntity,
Microsoft.IdentityModel.Claims.ClaimValueTypes.String,
SPOriginalIssuers.Format(SPOriginalIssuerType.ClaimProvider, CustomClaimsProviderKeys.Name));
string userName = claimMgr.EncodeClaim(claim);
SPUserInfo info = new SPUserInfo
{
LoginName = userName,
Name = legalEntity
};
spWeb.EnsureUser(userName);
spGroup.AddUser(info.LoginName, info.Email, info.Name, info.Notes);
spGroup.Update();
}
}
When browsing to _layouts/groups.aspx the legal entities (my custom claims) appear as:
Due to whatever reason they appear twice in this list, but that's not the issue.
When I click on the Edit icon of a claim, the legal entity is treated as a user (url that is opened: _layouts/useredit.aspx). Also note the "Delete user from site collection" link.
So that's kind a strange behavior. Any idea how to hide the claims from the groups collection or why they are appearing at all?
0 commentaires:
Enregistrer un commentaire