Home » SharepointRSS

Single Sign On between an ASP.NET application and SharePoint


Single Sign On between an ASP.NET application and SharePoint

I'm using a ASP.NET site with link to an  SharePoint site,
 Both SharePoint and the ASP.NET application are running in the same domain. When a user starts ASP.NET application, they are presented with a logon dialog (windows authentication).  When they click the link to the  sharepoint , they are presented with the same dialog again.

I want to prevent additional login prompt that occurs after the user is logged into ASP.NET application (when they are launching the  SharePoint).  I want the sharepoint to know that login credentials for that user have already been authenticated and the user is valid.

Additional info for the ASP.NET Application
The ASP.NET application is using windows authentication in the web.config file with inpersonation enabled.
IIS Security settings for the ASP.NET application - "integrated windows authentication" (no anonymous access).

 

9 Answers Found

 

Answer 1

Hi,

ASP.NET application  and SharePoint site  cannot share their credentials  directly.

As you have enabled  the Integrated windows  Authentication (IWA), I suggest you to check your IE configurations to enable automatically logon:

1.Disable or uninstall Internet Explorer Enhanced Security.

2.Add the SharePoint site to your Intranet zone in IE.

3.Check automatically logon  only in Intranet Zone or automatically logon with current user  name and password in Internet properties > Security > Local Intranet > Security Setting.

If you want to get more information about SSO, please refer to:

Configure single  sign-on (Office SharePoint Server) (http://technet.microsoft.com/en-us/library/cc262932.aspx)

Hope the information can be helpful.

-lambert

 

Answer 2

Hi,
   Thanks for your response....
I am yet to try what you have suggested....

before that I wanted to clarify one thing....
I want to ask whether this will work for internet

i have 2 sites  
1) http://xyz.abc.com   (ASP.NET website)
2) http://aaa.abc.com (Sharepoint website)

They are internet websites not intranet
 the domain  is same

So, When I enter the first website (asp.net website), I am prompted for username and password (windows account)
there is a link  for sharepoint  website in my asp.net website....
when i click  on that hyperlink, I am asked for credentials....

Can u briefly tell me the following
1) what settings  should be done in IIS of both the websites
2) what authentication  modes should be set in web.config files of both the websites
3) is there any other specific setting that should be done

Thanks again, waiting for your reply.
 

Answer 3

Hi, 

For your situation, I think you should configure Form authentication  in the web.config for your SharePoint site  and ASP.NET application.

Basically, the most suitable solution reflected in my mind is sharing cookies between the two sites.

For more information and detailed configuration, please refer to:

1.Single Sign-on in ASP.NET and Other Platforms

2.Understanding Single Sign-On in ASP.NET 2.0

Hope the information can be helpful.

-lambert

 

Answer 4

Hello

I have implemented this successfuly long back but for Form Based Users. See following code may it wil give you an idea

First you will have to check/update you web  config specially db connection information

*---------Start --- Web.Config

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file  you can use the
    web admin tool to configure settings  for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
 <appSettings/>
  <connectionStrings>
    <add name="FBA_SQLConnectionString" connectionString="server=PRODCTSERV;database=PortalUsers;User id=sa;password=sa;" providerName="System.Data.SqlClient" />
  </connectionStrings>
    <system.web>
      <!-- Membership Provider-->
      <membership defaultProvider="FBA_AspNetSqlMembershipProvider">
        <providers>
          <add name="FBA_AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBA_SQLConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
        </providers>
      </membership>
      <!-- Role Provider -->
      <roleManager enabled="true" defaultProvider="FBA_AspNetSqlRoleProvider">
        <providers>
          <add name="FBA_AspNetSqlRoleProvider" connectionStringName="FBA_SQLConnectionString" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" />
        </providers>
      </roleManager>
      <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
  <compilation debug="true"/>
  <!--
            The <authentication> section enables configuration
            of the security authentication  mode used by
            ASP.NET to identify an incoming user.
        -->
  <authentication mode="Forms"/>
  <!--
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs  
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
 </system.web>
</configuration>

*---------End --- Web.Config

Now create default.aspx page and see its CS file as mentioned below

*-------- Start -- Default.aspx.cs
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        Response.Redirect("
http://portal/_Layouts/Mylogin.aspx?uid=test&pwd=test");

    }
}


*-------- End -- Default.aspx.cs

Now you need to create another page lets say MyLogin.aspx

*-------- Start -- MyLogin.aspx

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="MyLogin.aspx.cs" Inherits="_MyLogin" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Login ID="Login1" runat="server" MembershipProvider="FBA_AspNetSqlMembershipProvider"
            OnLoggingIn="Login1_LoggingIn" OnLoggedIn="Login1_LoggedIn">
        </asp:Login>

    </div>
    </form>
</body>
</html>

*-------- End -- MyLogin.aspx

Here is Mylogin.aspx.cs code

*-------- Start -- MyLogin.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Net.Security;

public partial class _MyLogin : System.Web.UI.Page
{
    private bool bLoggedIn;
    protected void Page_Load(object sender, EventArgs e)
    {
        string uid = Request.QueryString["uid"];
        string pwd = Request.QueryString["pwd"];
        bLoggedIn = true;
        try
        {
            if (Membership.ValidateUser(uid, pwd))
            {
                FormsAuthentication.RedirectFromLoginPage(uid, false);

            }
        }
        catch (Exception ex)
        {
            bLoggedIn = false;
        }
        if (bLoggedIn)
        {
            Response.Redirect("
http://portal/");
        }
    }

    protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
    {

    }
    protected void Login1_LoggedIn(object sender, EventArgs e)
    {
        Response.Redirect("
http://portal/");
    }
}

*-------- End-- MyLogin.aspx.cs

Now you will have to copy both Mylogin file under 12 hive/_Layout folder

Now run you project, and see the magic, the only concern is that both the database (asp.net) and Sql Server (FBA user  should have same username and password.

Let me know it works for you or not.

Ashish


 
 

Answer 6

hi...
thanks for ur help...
but my problem is I am not using the userid and password by storing them in table of database
I am using windows  authentication for ASP.net website and Integrated Windows authentication  for sharepoint  website....

Now in my asp.net website http://abc.xyz.com there is a link  to the sharepoint website http://aaa.xyz.com ... both are in same domains but different hostname....

these are Internet websites and not Intranet....

When I open http://abc.xyz.com I am prompted with windows logon  credentials
Domain Name\Username and Password  .... I get authenticated

Now, when I click  the link of sharepoint website it opens in a new window (I have used target="_blank" to open it in new window)

this new window (sharepoint website) prompts for the same login  credentials

I want to use the credentials  that I entered in asp.net website to authenticate internally so as to the sharepoint website should not prompt  for authentication again.

can u help me with this...Thanks again..
 

Answer 7

OK another option is you can impersonate your web  config with hardcoded username/password, however that is not recommended.

You can use following in portal web.config next to </authentication>

    <identity impersonate="true" userName="portal\spadmin" password="spadmin" />

You need to change username and password.

However I tested this long back that time it was working. Let me know it works or not.

 

Answer 8

Hi...
I will try this out.....
The username and password should be hardcoded in the sharepoint  website's web.config right?
also, is there any way to dynamically acquire the userid and password (windows login  credentials) that are entered in asp.net site  and use them in sharepoint's web.config dynamically....since there are multiple users for the site,
and like you said, hard coding the credentials  is not recommended..
thanks for ur help again.
 

Answer 9

We have sharepoint  2010 based portal and we would like to connect to 3 external asp.net based sites and 2 internal asp.net based sites using single  sign on.

So when logs in to sharepoint 2010 portal, he should be able to login  to all 5 external/internal sites without need to enter login credentials.

How we can achieve this using sso or any other approach?

All other systems have their own credentails for username and password.

 
 
 

<< Previous      Next >>


Microsoft   |   Windows   |   Visual Studio   |   Follow us on Twitter