Print Shortlink

How To: Automatically add All Authenticated Users to SharePoint security group

When performing SharePoint 2010 enterprise solution deployment with Visual Studio, you’re likely to pre-create many of your solution artifacts such as pages with the right web parts on them etc. Security groups is not an exception. Recently I needed to pre-populate my custom security groups with All Authenticated Users.

You can add an All Authenticated Users reserved “user” to any security group which means that anyone who is authenticated will have access to the resource that this group governs with the permissions levels you choose to give it.

Below I’ll demonstrate how we can create a custom security group with the Read permission level and how that group will automatically have All Authenticated Users reserved “user” added to it.

The code below can run as a part of the feature receiver or a console application or PowerShell (obviously for PowerShell you will need to convert this code to a similarly-looking commands).
In my case, I used feature receiver with the following in FeatureActivated event:

SPWeb web = properties.Parent as SPWeb; permissionLevel = "Read"; SiteGroups.Add("My Special Group", owner, owner, "My Category");
SPRoleAssignment roleAssignment = new SPRoleAssignment(web.SiteGroups["My Special Group"]);
roleAssignment.RoleDefinitionBindings.Add(web.RoleDefinitions[permissionLevel]);
web.RoleAssignments.web.Update();
// "c:0(.s|true" = All authenticated users
web.SiteGroups["My Special Group"].AddUser("c:0(.s|true", string.Empty, 
 string.Empty, string.Empty);

That’s it, the reserved user id c:0(.s|true, will resolve to All Authenticated Users when the feature is activated.

If you found this tip handy, as they say, there is more where that came from; it’s in my book here, where you’ll find development approaches is a cookbook style for your everyday SharePoint 2010 development.

Enjoy!