How To: Decode user name from claims format in SharePoint 2013

Intro

After converting a SharePoint web application to Claims Authentication mode, it is often required to write some code to decode and extract the regular user name in the way of domain\username. This is due to the fact that calling  SPContext.Web.CurrentUser.LoginName will now return an encoded string.

E.g: “i:0#.w|mydomain\luis.carrazana”.

A great explanation about how claims are formatted and how to identify the different claim types is provided by my colleague Wictor Wilén here.

In this post I’ll share a method for getting the regular user name without having to manually parse the encoded claim identity, and leveraging SharePoint built-in API. Here, I’m extending an original solution provided by Tobias Zimmergren, in order to address an issue when using HttppContext instead of SPContext.

Context about my scenario

In my case, I was maintaining a custom ASP.NET solution, which was originally built on top of SharePoint 2010. The platform was being upgraded to SharePoint 2013, and the web application was migrated to use claims authentication. The custom ASP.NET components made heavy used of the current logged in user name, which in some cases was retrieved using SPContext.Web.CurrentUser.LoginName and in other cases using HttpContext.Current.Identity.User.Name.

Tobias Zimmergren posted a great solution for getting the user name by leveraging the SharePoint built-in functions. I leveraged this solution in my project, but I faced the following issue:

When HttpContext.Current.Identity.User.Name is used to get the current user name, the encoded formatted string doesn’t contain the claim’s identity identifier. In this case, the encoded claim format for the user name will be something like “0#.w|mydomain\luis.carrazana” instead of “i:0#.w|mydomain\luis.carrazana” (notice how the “i:” is missing from the string). For this reason, the SharePoint built-in function SPClaimProviderManager.IsEncodedClaim will not work as intended.

Please share your comments if you know the reason behind this behavior and a better solution to address it.

Solution

To completely address this scenario and support both SPContex and HttpContext, I updated Tobias’ solution and added  another condition in case IsEncodedClaim method doesn’t work as expected. I check if the user name contains the ‘|’ character, in which case the string is converted back to the proper claims format and then decoded.

See the code below with my updated version.

public string GetUserLoginNameFromClaim(string userLoginName)
{
 using (new SPMonitoredScope("GetUserLoginNameFromClaim method called for " + userLoginName))
 {
 try
 {
 SPClaimProviderManager spClaimProviderMgr = SPClaimProviderManager.Local;
 if (spClaimProviderMgr != null)
 {
 if (SPClaimProviderManager.IsEncodedClaim(userLoginName))
 {
 // return the normal domain/username without any claims identification data
 userLoginName = spClaimProviderMgr.ConvertClaimToIdentifier(userLoginName);
 }
 else if (userLoginName.IndexOf('|') > -1)
 {
 //This case will occur if the user name was obtained from calling HttpContext.Current.User.Identity.Name
 //In this case, the encoded claim format for the user name will be something like "0#.w|mydomain\luis.carrazana" instead of "i:0#.w|mydomain\luis.carrazana"

 //This line will convert to the proper claim format, so we can later decode it.
 userLoginName = spClaimProviderMgr.GetUserIdentifierEncodedClaim(userLoginName);

 // return the normal domain/username without any claims identification data
 userLoginName = spClaimProviderMgr.ConvertClaimToIdentifier(userLoginName);
 }
 }
 }
 catch (Exception ex)
 {
 //Log exception here
 }

 return userLoginName;
 }
}

Summary

When a SharePoint web application is converted to use claims authentication, the current user name is encoded. This articles showed some code to properly use the SharePoint built-in methods for decoding the user name. It also addressed the issue when HttpContext is used, and the encoded string doesn’t contain the identity identifier.

Reference

How Claims encoding works in SharePoint 2010 – Wictor Wiléen

Tip: Getting the normal domain username from the claims username in SharePoint 2013 – Tobias Zimmergren

SPClaimProviderManager.GetUserIdentifierEncodedClaim method – MSDN Reference

Programmatically converting login name to claim and vice versa – Waldek Mastykarz