Tuesday, 15 March 2016

Retrieve Credentials from Secure Store Service

What is Secure Store Service ?

The Secure Store Service Application (SSS) was added in SharePoint 2010 as a replacement for 2007’s Single Sign On feature.

Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It enables you to securely store data that provides credentials required for connecting to external systems and associating those credentials to a specific identity or group of identities.

It is commonly used for access to data for Business Connectivity Services, Excel Service Applications and Visio Service Applications.

For example, if a user named JOHN has one account on the SharePoint server and another in a CRM application, the Secure Store mechanism enables his CRM credentials to be stored with his user profile in SharePoint Server. As a result, if he uses a Microsoft Business Connectivity Services (BCS) solution in SharePoint Server to obtain data from the CRM application, SharePoint Server looks up the Secure Store Service database on the server and provides his credentials to CRM. In in this manner, JOHN will automatically logs on to the CRM application without having to log onto the CRM application separately.

Don't remember Credentials ?
There is no way to retrieve the credentials from Central Admin that you set up in one of your Secure Store Application entries.

Just run the script below on your SharePoint server and this will list all Secure Store User Names and Passwords.

$serviceCntx = Get-SPServiceContext -Site http://SiteURL

$sssProvider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$sssProvider.Context = $serviceCntx

$marshal = [System.Runtime.InteropServices.Marshal]

try
{
    $applications = $sssProvider.GetTargetApplications()
    foreach ($application in $applications)
    {
       Write-Output "`n$($application.Name)"
        Write-Output "$('-'*80)"
        try
        {
            $sssCreds = $sssProvider.GetCredentials($application.Name)
            foreach ($sssCred in $sssCreds)
            {
                $ptr = $marshal::SecureStringToBSTR($sssCred.Credential)
                $str = $marshal::PtrToStringBSTR($ptr)

                Write-Output "$($sssCred.CredentialType): $($str)"
            }
        }
        catch
        {
            Write-Output "Error getting credentials!"
        }
        Write-Output "$('-'*80)"
    }
}
catch
{
    Write-Output "Error getting Target Applications."
}

$marshal::ZeroFreeBSTR($ptr)

Refer the below link to Create, Configure, Consume SharePoint 2010 Secure Store in Business Connectivity Services

No comments:

Post a Comment