24 February, 2014

Claims Encoding for SharePoint 2013 and 2010

On a recent SharePoint 2013 project a question came up "How do you read those funny looking user ids?" After a bit of research, the claims identity breaks down in the following format:
<IdentityClaim>:0<ClaimType><ClaimValueType><AuthMode>|<OriginalIssuer (optional)>|<ClaimValue>

How it breaks down

For the IdentityClaim acceptable values are:
  • "i" for identity claim
  • "c" for any other claim
For the ClaimValue acceptable values are:
  • “#” for a user logon name
  • “.” for  an anonymous user
  • “5” for an email address
  • “!” for an identity provider
  • “+” for a Group security identifier (SID)
  • “-“ for a role
  • “%” for a farm ID
  • “?” for a name identifier
  • "\" for a private personal identifier (PPID)
For the ClaimValueType acceptable values are:
  • “.” for a string
  • “+” for an RFC 822-formatted name
For the AuthMode acceptable values are:
  • “w” for Windows claims (no original issuer)
  • “s” for the local SharePoint security token service (STS) (no original issuer)
  • “t” for a trusted issuer
  • “m” for a membership issuer
  • “r” for a role provider issuer
  • “f” for forms-based authentication
  • “c” for a claim provider
The option field of OriginalIssuer tells us who the original issuer of claim is

The value for ClaimType is the the user id when the IdentityClaim is "i".

Example

i:0#.f|mymembershipprovider|wick

I am reading the above example as Identity Claim ("i") that contains the username ("#") of type string (".") with an authmode of Forms Based Authentication ("f"). The member provider being used is "mymembershipprovider" and the user id is "wick".

Resources / References

No comments:

Challenging myself to learn something new

I have recently set a big challenge for myself. I want to know about Machine Learning . To add to the challenge, I am trying out usin...