SPClaimProvider.FillClaimsForEntity Method

When implemented in a derived class, augments custom claims into a claims token.

Namespace:  Microsoft.SharePoint.Administration.Claims
Assembly:  Microsoft.SharePoint (in Microsoft.SharePoint.dll)


Protected MustOverride Sub FillClaimsForEntity ( _
    context As Uri, _
    entity As SPClaim, _
    claims As List(Of SPClaim) _
Dim context As Uri
Dim entity As SPClaim
Dim claims As List(Of SPClaim)

Me.FillClaimsForEntity(context, entity, _
protected abstract void FillClaimsForEntity(
    Uri context,
    SPClaim entity,
    List<SPClaim> claims


  • context
    Type: System.Uri

    The context, as a URI. This must be a properly formatted URI.


When you include additional claims in a user's security token, you are augmenting claims. If you want to augment claims, you must implement this method. In addition, you must also set the SupportsEntityInformation property to true in the SPClaimProvider class. In order for this method to be invoked, the SupportsEntityInformation must return true.

For more information about claims augmentation, see How to: Create a Claims Provider and Claims Provider.

The following code example shows support for claims augmentation and how to augment claims. For demonstration purpose, this claims provider example only supports claims augmentation for two users “contoso\spuser1” and “contoso\spuser2”. When the claims provider sees these two users login to a SharePoint site, the claims provider will add two additional claims to the user token: CRMClaimType.Role and CRMClaimType.Region which are defined in a separate class (not shown here).

DecodeUserIdentifierClaim() is a static method that can be used to decode the user identity claims.

Sample code provided by: Andy Li, Microsoft Corporation.


public override bool SupportsEntityInformation
    get { return true; }

protected override void FillClaimsForEntity(Uri context, SPClaim entity, List<SPClaim> claims)
    if (null == entity)
        throw new ArgumentNullException("entity");
    if (null == claims)
        throw new ArgumentNullException("claims");

    // Adds the role claim.
    SPClaim userIdClaim = SPClaimProviderManager.DecodeUserIdentifierClaim(entity);

    //Adds claims for SPUSER1 with CONTOSO as the domain.
    if (userIdClaim.Value.ToUpper() == "CONTOSO\\SPUSER1")
        claims.Add(CreateClaim(CRMClaimType.Role, CRMRoleValue.SalesManager, Microsoft.IdentityModel.Claims.ClaimValueTypes.String));
        claims.Add(CreateClaim(CRMClaimType.Region, CRMRegionValue.NorthWest, Microsoft.IdentityModel.Claims.ClaimValueTypes.String));

    // Adds claims for CONTOSO\SPUSER2
    if (userIdClaim.Value.ToUpper() == "CONTOSO\\SPUSER2")
        claims.Add(CreateClaim(CRMClaimType.Role, CRMRoleValue.RegionManager, Microsoft.IdentityModel.Claims.ClaimValueTypes.String));
        claims.Add(CreateClaim(CRMClaimType.Region, CRMRegionValue.NorthWest, Microsoft.IdentityModel.Claims.ClaimValueTypes.String));

See Also


SPClaimProvider Class

SPClaimProvider Members

Microsoft.SharePoint.Administration.Claims Namespace