Archive for November, 2011

Creating Secure Store Service Application through Powershell

November 24, 2011

SSSA is a good way how to store credentials for accessing external systems.
Here is a script that will help you to create such a service application through powershell.
Thanks to the codeplex project autospinstaller for the inspiration.

Add-PsSnapin Microsoft.SharePoint.PowerShell
$serviceApplicationPool  = "SecurityTokenServiceApplicationPool" #name of the application pool under which the application should run
$secureStoreDatabaseName  = "SecureStoreServiceDatabase" #the sharepoint database where the service app will store the data
$secureStoreApplicationName  ="Secure Store Service Application" #name of the service application
$secureStoreApplicationProxyName  ="Secure Store Service Application Proxy" #name of the service application proxy
$secureStoreAdministrator = "domain\administrator" #the administrator of the application
$secureStoreUser = "domain\user" #the group or user that will have access to service application. I use the group configuration
$secureStoreAdministratorEmail = "adminemail" #email of the administrator
$serviceContext = "http://localhost" # the url for getting the service application context
$targeApplicationUserName= "administrator" #user name which will be used to access the external application
$targetApplicationUserPassword = "password"
#password which will be used to access the external application
$passPhrase = "PassPhrase" #passphrase for securing the application

If ($secureStoreApplicationName -eq $null) {$secureStoreApplicationName = "State Service Application"}
# Get the service instance
$SecureStoreServiceInstances = Get-SPServiceInstance | ? {$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceInstance])}
$SecureStoreServiceInstance = $SecureStoreServiceInstances | ? {$_.Server.Address -eq $env:COMPUTERNAME}
If (-not $?) { Throw " - Failed to find Secure Store service instance" }
# Start Service instance
If ($SecureStoreServiceInstance.Status -eq "Disabled")
	Write-Host  " - Starting Secure Store Service Instance..."
	If (-not $?) { Throw " - Failed to start Secure Store service instance" }
	# Wait
	Write-Host  " - Waiting for Secure Store service..." -NoNewline
	While ($SecureStoreServiceInstance.Status -ne "Online")
	   Write-Host  "." -NoNewline
		Start-Sleep 1
		$SecureStoreServiceInstances = Get-SPServiceInstance | ? {$_.GetType().ToString() -eq "Microsoft.Office.SecureStoreService.Server.SecureStoreServiceInstance"}
		$SecureStoreServiceInstance = $SecureStoreServiceInstances | ? {$_.Server.Address -eq $env:COMPUTERNAME}
	Write-Host  $($SecureStoreServiceInstance.Status)
			# Create Service Application
			$GetSPSecureStoreServiceApplication = Get-SPServiceApplication | ? {$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplication])}
			If ($GetSPSecureStoreServiceApplication -eq $Null)
				Write-Host  " - Creating Secure Store Service Application..."
				New-SPSecureStoreServiceApplication -Name $secureStoreApplicationName -PartitionMode:$false -Sharing:$false -DatabaseName $secureStoreDatabaseName -ApplicationPool $serviceApplicationPool -AuditingEnabled:$true -AuditLogMaxSize 30 | Out-Null
				Write-Host  " - Creating Secure Store Service Application Proxy..."
				Get-SPServiceApplication | ? {$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplication])} | New-SPSecureStoreServiceApplicationProxy -Name $secureStoreApplicationProxyName -DefaultProxyGroup | Out-Null
				Write-Host  " - Done creating Secure Store Service Application."
			Else {Write-Host  " - Secure Store Service Application already provisioned."}

			$secureStore = Get-SPServiceApplicationProxy | Where {$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy])}
			Start-Sleep 5
			Write-Host  " - Creating the Master Key..."
			Update-SPSecureStoreMasterKey -ServiceApplicationProxy $secureStore.Id -Passphrase $passPhrase
			Start-Sleep 5
			Write-Host  " - Creating the Application Key..."
			Update-SPSecureStoreApplicationServerKey -ServiceApplicationProxy $secureStore.Id -Passphrase $passPhrase -ErrorAction SilentlyContinue

$usernameField = New-SPSecureStoreApplicationField –Name “UserName” -Type UserName –Masked:$false
$passwordField = New-SPSecureStoreApplicationField –Name “Password” –Type Password –Masked:$true
$fields = $usernameField,$passwordField

$adminClaim = New-SPClaimsPrincipal –Identity $secureStoreAdministrator –IdentityType  WindowsSamAccountName
$userClaim = New-SPClaimsPrincipal –Identity $secureStoreUser –IdentityType  WindowsSamAccountName
$targetApp = new-spsecurestoretargetapplication -name "externalApplication" -friendlyname "externalApplication" -contactemail $secureStoreAdministratorEmail -applicationtype Group -timeoutinminutes 3
$ssApp = New-SPSecureStoreApplication –ServiceContext $serviceContext –TargetApplication $targetApp –Field$fields –Administrator $adminClaim -CredentialsOwnerGroup $userClaim
$firstCredential = ConvertTo-SecureString $targeApplicationUserName –AsPlainText –Force
$secondCredential = ConvertTo-SecureString $targeApplicationUserPassword –AsPlainText –Force
$credentialValues = $firstCredential,$secondCredential
Update-SPSecureStoreGroupCredentialMapping  –Identity $ssApp –Values $credentialValues

Start content type synchronisation from within a feature

November 7, 2011

The standard way to consume the content types from content type hub in your site collection. It is described for example here.  If you want  the content types available direct during creating of the site collection, this will not work for you. You try to start the Timer Job programmatically, but you will receive access denied exception. Because starting timer jobs is not allowed during feature activation. Here is a sample how you can consume content types immediately only for a specific site collection without permissions problems. However it includes a little bit of reflection.

using System;
using Microsoft.SharePoint;
using System.Reflection;

namespace NameSpace
public class ContentTypeSubscriber
public void Execute(SPSite site)
var taxonomyAssembly = Assembly.Load("Microsoft.SharePoint.Taxonomy, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c");
var subscriberType = taxonomyAssembly.GetType("Microsoft.SharePoint.Taxonomy.ContentTypeSync.Internal.Subscriber");

var processSiteMethodInfo = subscriberType.GetMethod("ProcessSite",
BindingFlags.NonPublic | BindingFlags.Instance,
new[] { typeof(SPSite) },

var subscriberTypeConstructor = subscriberType.GetConstructor(
BindingFlags.NonPublic | BindingFlags.Instance,
null, new Type[] { }, null

var subscriberInstance = subscriberTypeConstructor.Invoke(new object[] { });
processSiteMethodInfo.Invoke(subscriberInstance, new Object[] { site });