Partilhar via


Getting the Current User Identity in a Low Trust App in SharePoint 2013

Today's post comes primarily because it's a common question, but not because it's a particularly brilliant answer; maybe just a bit unexpected. If you followed the some of the differences between low trust and high trust apps in SharePoint, you will know that in a low trust app, SharePoint knows who the user is, versus a high trust app where the app tells SharePoint who the user is - see Security in SharePoint Apps Part 3 for more details (https://blogs.technet.com/b/speschka/archive/2013/07/29/security-in-sharepoint-apps-part-3.aspx).

The common misconception here though is that you can look at the context token that SharePoint sends over to determine who the user is that is making the request. I explain more about the context token in Part 4 of the Security in SharePoint Apps series: https://blogs.technet.com/b/speschka/archive/2013/07/30/security-in-sharepoint-apps-part-4.aspx. If you look at the contents of the context token you'll see that there really isn't a single thing in there that uniquely identifies an individual. The solution to this problem then, is that you need to make a CSOM call to actually get the user's identity. Fortunately this actually pretty easy; what I've got here is a slightly modified version of the basic code that Visual Studio generates for you when you create a new low trust SharePoint App project in a provider hosted web:

var contextToken = TokenHelper.GetContextTokenFromRequest(Page.Request);
var hostWeb = Page.Request["SPHostUrl"];

using (var clientContext = TokenHelper.GetClientContextWithContextToken(hostWeb, contextToken, Request.Url.Authority))
{
 clientContext.Load(clientContext.Web, web => web.Title, user => user.CurrentUser);
 clientContext.ExecuteQuery();
 Microsoft.SharePoint.Client.User curUser = clientContext.Web.CurrentUser;
 Response.Write("Current user is " + curUser.Email);
}

I highlighted the parts there to illustrate the main difference with the code that you get out of the box. As you can see, you can just use the CurrentUser of the context web in order to get information about which user is actually using your application. As I said, not difficult, but maybe not the answer you were expecting.

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    January 01, 2003
    thanks for sharing.
  • Anonymous
    May 29, 2014
    I would love if you could guide me a bit further. I´m just about one week old in sharepoint, trying to make an app. first I want to get info of theuser so I can register him or her automatically in my backend.

    I put your snippet in the Index action of the controller of my app part. ButI can not debug it, it just write the text, with nouser info, but the debugger never stops. So I begun to think that the snippet may be placed somewhere else.

    can you tell a bit more about this scenario?
  • Anonymous
    September 18, 2014
    The comment has been removed
  • Anonymous
    January 08, 2015
    m88 : http://m88en.com
    M88.com offer online sports games Asia, Sports Betting Asia, Sports Betting Sites Asia.
    m88asia : http://m88en.net
    Link to M88BET phone: m88en.com. – Register and Open Betting Account and Membership M88BET.
    m88bet : http://www.linkm88vip.com
    MANSION88 the house is one of the largest and most prestigious. Appeared quite early in the Asian market, the so-MANSION88 currently attracts more players.
    link m88 : http://m88wiki.com
    Home the M88 is the official sponsor of the football club in the Premier League
    Wish you happy with the new M88
    m88 casino online : http://m88free.com

    Modern Thai restaurant combines outstanding traditional cuisine and a subtle modern decor with a warm welcoming ambience. Thai Restaurants in Brisbane :http://www.watersidethainoodles.com.au , traveller reviews of Brisbane Thai restaurants and search by price, location, and more..