How to: Create a claims provider in SharePoint 2013
Learn how to create and implement a SharePoint 2013 claims provider that fulfills the requirements for claims augmentation and claims picking.
Last modified: September 17, 2015
Applies to: SharePoint Foundation 2013 | SharePoint Server 2013
A claims provider issues claims and packages claims into security tokens. A claims provider has two roles: augmentation and picking.
Claims augmentation enables an application to augment additional claims into the user's token. For example, with Windows-based log-in, the Active Directory directory service can augment all of a user's security groups into the user's Windows token. With claims-based log-in, a customer relationship management (CRM) application can augment roles from a CRM database. By having these claims in the user's token, resources can be authorized against these claims. That is, these claims are used to determine whether a particular user has access to specific resources.
Claims can be displayed in the people picker control through claims picking. Claims picking enables an application to surface claims in the people picker, for example, when configuring the security of a SharePoint site or SharePoint service. This functionality enables you to provide search, resolve, and friendly display of claims.
A people picker with claims picking functionality is sometimes referred to as a claims picker. For more information, see People picker and claims provider planning.
To write a claims provider, your first step is to create a class that derives from the SPClaimProvider class.
For a code example and more information about the SPClaimProvider class and its members, see SPClaimProvider. For walkthroughs, tips, and code samples, see Claims and Security: Technical articles and code samples on MSDN.
The following are required methods and properties when writing a claims provider.
The following Name property is a required property. The name should be unique across the farm.
Required for claims picker
Claims can be displayed in the people picker control through claims picking. The following methods in the SPClaimProvider class are required methods if you want to implement claim picking in the people picker control.
Required for claims augmentation
When you include additional claims in a user's security token, you are augmenting claims. If you want to augment claims, you must implement the following methods in the SPClaimProvider class.
Required for displaying hierarchy on the left pane of the claims picker
If you want to display hierarchy on the left pane of the claims picker, you must implement the following methods in the SPClaimProvider class.
Required for resolving claims in the type-in control of the claims picker
If you want to be able to resolve claims by using the type-in control of the claims picker, you must implement the following methods in the SPClaimProvider class.
Required for searching for claims in the claims picker
If you want to be able to search for claims in the claims picker, you must implement the following property and method in the SPClaimProvider class.
You can also implement a helper method to help you create SPClaim objects.