Feb20

SharePoint: Leveraging Claims Authentication within ActiveX

Recently, one of our Microsoft SharePoint consultants in development of an ActiveX control needed to authenticate to a local SharePoint environment to download some files. This was easy enough using Windows-based NTLM authentication, however it became a challenge when the SharePoint farm started using a 3rd party claims provider to authenticate users instead of NTLM.

After a little research, it was determined that the Microsoft’s WinINet function InternetGetCookieEx sharepoint-2013-logo-png-i01would be sufficient for this purpose. This development was done specifically to leverage a claims token provided to SharePoint 2013 using an ActiveX control, but the process should be the same for any client-side Windows application to leverage an existing claim. Here’s how to use InternetGetCookieEx for authentication within ActiveX:

InternetGetCookieEx()

This function is part of the WinINet API, and targets a specified URL to retrieve the cookies associated with that URL. This will allow us to retrieve the claim token granted to a SharePoint site. The claim will likely be flagged as HTTPOnly, but this is why we need to use InternetGetCookieEx() rather than InternetGetCookie(), the latter of which does not allow you to obtain HTTPOnly cookies.

Implementation

First, this is how we imported the DLL in C#:

[DllImport("wininet.dll", SetLastError = true)]
private static extern bool InternetGetCookieEx(
string pchURL,
string pchCookieName,
StringBuilder pchCookieData,
ref System.UInt32 pcchCookieData,
int dwFlags,
IntPtr lpReserved
);

Below is a description of the arguments:

Type Argument Description
string url The URL for which to retrieve associated cookies
string cookieName A name of the cookie to retrieve
StringBuilder cookieData A container to place the cookie data into
int size Sets the maximum length of data to copy into the cookieData container. Upon a successful return this will contain the size of the data copied into cookieData.
int flags A flag parameter, this lets us specify that we want to be able to retrieve HTTPOnly cookies.
IntPtr reserved According to MSDN this is reserved for future use.

This is how we called the method. Point it to the SharePoint URL for which you wish to retrieve cookies from. Leaving the cookieName as null will return all associated cookies. The StringBuilder “sb” is the container that the cookie data will be placed into and the integer “size” will contain the size of the data upon a successful return. The flag for HTTPOnly is 0x00002000 (hex) or 8192 (decimal).

int size = 512;
StringBuilder sb = new StringBuilder(size);
InternetGetCookieEx(“http://sharepoint/”, null, sb, ref size, 0x00002000, IntPtr.Zero);

The cookie data returned to the StringBuilder “sb” will be separated by semi-colons. The final step is to parse out this data and use it to create new cookie objects which can then be added to your request’s CookieContainer.

So, what do you think?  Comment below to suggest additional recommendations on how to leverage an existing claims token using an ActiveX control. Check out our blog for additional SharePoint related advice.

Leave a Comment

Your email address will not be published. Required fields are marked *