Tuesday, December 9, 2014

Using Secure Store Service In SharePoint

Many times you need to work with external applications or services from SharePoint. These applications or services may require credentials to communicate. There are many ways to store the credential and pass it when needed. SharePoint provides Secure Store Service which can store credentials in an encrypted database. Credentials can be map to identity of SharePoint Users or Groups. Secure Store Service is an authorization service. You can create Target Application under Secure store service to hold and map the credential with user, group or claim which will be stored in encrypted database.

Create Target Application

  • Go to Central Administration Web site à Application Management à Manage Service Applications. Click on Secure Store Service

  • On the ribbon, click on New link in Manage Target Applications section

  • On the Create New Secure Store Target Application page set the following fields:
    1. Target Application ID : Unique Application ID
    2. Display Name : Display name for application
    3. Contact e-mail address : Primary contact for this target application.
    4. Target Application Type : Group or Individual. The Secure Store Service supports individual and group mappings. In group mapping, every member of domain group is mapped to the credentials. Group mapping is easy to maintain and can provide improved performace. In an idividual mapping, each user is mapped to unique set of credentials.

  • Provide fields. You can choose the field name and type.
    Note: Later you need this field name to access the value using code.
  • Provide Target Application Administrators and Members and click OK.
    1. Target Application Administrators : List of users who have access to manage the target application settings
    2. Members : List of user groups to map to a set of credentials for this target application

  • You can set credentials after creating target application. On Secure Store Service Application page, select created target application id and select Set Credentials on ECB menu.

  • Provide the user name and password.

Access credentials using code

  • Add reference - Microsoft.Office.SecureStoreService.Server namespace.