You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Introduction

SURFconext can be used as group provider for service providers. You can manage and use groups within SURFteams or within external group providers. This article describes how you can use SharePoint 2010 as external group provider from SURFconext. The interface of the group provider is based on the VOOT protocol. See: Microsoft Active Directory as a Group Provider for more information about the VOOT protocol.

What is the approach?

First I've searched for an answer to the following two questions:

  1. Where do we implement the VOOT REST interface?
  2. How do we get the group and user information from SharePoint?

Ad 1)

We have to choose to implement the VOOT REST interface inside or outside SharePoint. When the interface is implemented inside SharePoint, we have to create support for url rewriting. The required methods such as /groups/@me are not going to work without doing major rewrite surgery. Whether or not SharePoint 2010 supports url rewriting is point of discussion on the internet. For example, No support for rewrite in SharePoint and the more recent Support for rewrite in SharePoint. Apparently, it doesn't seem the way to go for me.

To walk around it a separate web service solves the url rewriting issues. The web service handles the VOOT REST interface and gets the required information from SharePoint. How this is done is the answer of the next question.

Ad 2)

SharePoint 2010 offers two ways to get the group and user information: SharePoint 2010 web services or the Client Object Model. Microsoft advises to use the Client Object Model whenever possible in stead of the SharePoint web services (see: Deciding which SharePoint 2010 API to use). The Client Object Model is a wrapper around a web service that calls the server-side object model. The result are of course objects from the object model hierarchy.

The web service

The web service will have the same functionality as the one described in the article Microsoft Active Directory as a Group Provider. You can use that article for more details.

Implementation of the VOOT interface

The following methods are currently implemented:

  • Get my groups - HTTP GET to /groups/@me
  • Get all members of one of my groups - HTTP GET to /people/@me/{group id}
  • Get a certain person - HTTP GET to /people/{user id}

These methods are explained in the next sections.

Get my groups

From SharePoint we get the list of groups together with the users within the specific group:

// Get the collection of groups including their list of users.
GroupCollection groupsColl = sharePointContext.Web.SiteGroups;
sharePointContext.Load(groupsColl,
    groupsinc => groupsinc.Include(groupinc => groupinc.Id,
    groupinc => groupinc.Title,
    groupinc => groupinc.Users.Include(userinc => userinc.Title)));
sharePointContext.ExecuteQuery();

In code we loop through the list of groups and search for the current user in the list of the group users.

Get all members of one of my groups

The list of members of a group is fetched in two steps. First we get the list of all SharePoint groups with the following code:

// Get the groups from sharepoint. Just the owner title property.
GroupCollection groupColl = sharePointContext.Web.SiteGroups;
sharePointContext.Load(groupColl, groups => groups.Include(incgroup => incgroup.Title));
sharePointContext.ExecuteQuery();

After that we find the matching group and get the users of the group by executing:

// Get the user collection.
UserCollection users = group.Users;
sharePointContext.Load(users);
sharePointContext.ExecuteQuery();

The list of users is returned as JSON string.

Get a certain person

The SharePoint Client Object Model has a SiteUserInfoList object in the site collection, but this property is an SPList object. Meaning we still have to go for caml query to fetch the user data. The implementation I used is the same as the code of "get my groups". Only, we don´t have to process all groups, but the code can stop after the first match of the requested user.

That's all folks

Have fun building your own group provider solution on top of Microsoft SharePoint 2010. If you have any question or remarks on this article, please contact: surfconext-beheer@surfnet.nl.

TO DO

  • OAuth basic authentication
  • No labels