While working with SharePoint Secure Store Service, it is hard to remember what credential you have stored. I have faced the same situation when client asked me to use the previous Secure Store Service which was configured almost 6 month before. I have no clue what the credential I have set there.
Then I start googling to get some help how to retrieve information from there and I got some good solutions.
For others I am posting two solutions, one is code based solution and other is PowerShell cmdLet (Actually, I love this one because it makes life easy)
1- PowerShell cmdLet:
$serviceCntx = Get-SPServiceContext -Site http://<server>
$sssProvider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$sssProvider.Context = $serviceCntx
$marshal = [System.Runtime.InteropServices.Marshal]
try
{
$applicationlications = $sssProvider.GetTargetApplications()
foreach ($application in $applicationlications)
{
Write-Output "`n$($application.Name)"
Write-Output "$('-'*100)"
try
{
$sssCreds = $sssProvider.GetCredentials($application.Name)
foreach ($sssCred in $sssCreds)
{
$ptr = $marshal::SecureStringToBSTR($sssCred.Credential)
$str = $marshal::PtrToStringBSTR($ptr)
Write-Output "$($sssCred.CredentialType): $($str)"
}
}
catch
{
Write-Output "(Something went wrong) - Error getting credentials!"
}
Write-Output "$('-'*100)"
}
}
catch
{
Write-Output "(Something went wrong) - Error getting Target Applications."
}
$marshal::ZeroFreeBSTR($ptr)
2- Code based Solution
Create a console application and add a new class retSecureStoreUtils:
using System; using System.Collections.Generic; using System.Linq; using System.Text; using Microsoft.SharePoint; using System.Runtime.InteropServices; using System.Security; using Microsoft.BusinessData.Infrastructure.SecureStore; using Microsoft.Office.SecureStoreService.Server;
(Both highlighted dlls are Available in SharePoint file System)
namespace RetrieveSecureStoreCredentials
{
public static class retSecureStoreUtils
{
public static Dictionary<string, string> GetCredentials(string applicationID)
{
var credentialMap = new Dictionary<string, string>();
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite site = SPContext.Current.Site;
SPServiceContext serviceContext = SPServiceContext.GetContext(site);
var secureStoreProvider = new SecureStoreProvider { Context = serviceContext };
using (var credentials = secureStoreProvider.GetCredentials(applicationID))
{
var fields = secureStoreProvider.GetTargetApplicationFields(applicationID);
for (var i = 0; i < fields.Count; i++)
{
var field = fields[i];
var credential = credentials[i];
var decryptedCredential = ToClrString(credential.Credential);
credentialMap.Add(field.Name, decryptedCredential);
}
}
});
return credentialMap;
}
public static string ToClrString(this SecureString secureString)
{
var ptr = Marshal.SecureStringToBSTR(secureString);
try
{
return Marshal.PtrToStringBSTR(ptr);
}
finally
{
Marshal.FreeBSTR(ptr);
}
}
}
}
Use the below code to retrieve credentials from secure store service as follows:
Dictionary<string, string> sssCredentials = retSecureStoreUtils.GetCredentials("SecureStoreId");
string strDU = sssCredentials.ElementAt(0).Value;
int SlashPosition = strDU.IndexOf('\\');
this.strDomainName = strDU.Substring(0, SlashPosition);
this.strUserName = strDU.Substring(SlashPosition + 1, strDU.Length - this.strDomainName.Length - 1);
this.strPassword = sssCredentials.ElementAt(1).Value;