Some time ago I wrote how to get login name for special group “Everyone except external users” in Sharepoint Online: Get login name of special group “Everyone except external users” programmatically in Sharepoint. To remind: it is constructed like this:
"c:0-.f|rolemanager|spo-grid-all-users/” + tenantId
Today we faced with scenario when such login name could not be resolved on one customer’s tenant. After research it was found that similar issue was also reported on OfficeDevPnP github project page (see here). So as it turned out on old tenants this way of getting “Everyone except external users” may not work. As workaround you may use the following solution from OfficeDevPnP:
public override string GetEveryoneExceptExternalUsersName(Web web)
{
string userIdentity = "";
try
{
// New tenant
userIdentity = $"c:0-.f|rolemanager|spo-grid-all-users/{web.GetAuthenticationRealm()}";
var spReader = web.EnsureUser(userIdentity);
web.Context.Load(spReader);
web.Context.ExecuteQueryRetry();
}
catch (ServerException)
{
// Old tenants
string claimName = web.GetEveryoneExceptExternalUsersClaimName();
var claim = Utility.ResolvePrincipal(web.Context, web, claimName, PrincipalType.SecurityGroup, PrincipalSource.RoleProvider, null, false);
web.Context.ExecuteQueryRetry();
userIdentity = claim.Value.LoginName;
}
return userIdentity;
}
I.e. at first we try to get login name using "c:0-.f|rolemanager|spo-grid-all-users/” + tenantId and try to resolve group with this name. If it fails we call GetEveryoneExceptExternalUsersClaimName() extension method which returns localized name of “Everyone except external users” group for current tenant (it has translations of group name for all supported languages) and tries to resolve this special group using this name. This code will work both on new and old tenants.
No comments:
Post a Comment