Home » Sharepoint

Single Sign On between an ASP.NET application and SharePoint

Single Sign On between an ASP.NET application and SharePoint

I'm using a ASP.NET site with link to an  SharePoint site,
 Both SharePoint and the ASP.NET application are running in the same domain. When a user starts ASP.NET application, they are presented with a logon dialog (windows authentication).  When they click the link to the  sharepoint , they are presented with the same dialog again.

I want to prevent additional login prompt that occurs after the user is logged into ASP.NET application (when they are launching the  SharePoint).  I want the sharepoint to know that login credentials for that user have already been authenticated and the user is valid.

Additional info for the ASP.NET Application
The ASP.NET application is using windows authentication in the web.config file with inpersonation enabled.
IIS Security settings for the ASP.NET application - "integrated windows authentication" (no anonymous access).


9 Answers Found


Answer 1


ASP.NET application  and SharePoint site  cannot share their credentials  directly.

As you have enabled  the Integrated windows  Authentication (IWA), I suggest you to check your IE configurations to enable automatically logon:

1.Disable or uninstall Internet Explorer Enhanced Security.

2.Add the SharePoint site to your Intranet zone in IE.

3.Check automatically logon  only in Intranet Zone or automatically logon with current user  name and password in Internet properties > Security > Local Intranet > Security Setting.

If you want to get more information about SSO, please refer to:

Configure single  sign-on (Office SharePoint Server) (http://technet.microsoft.com/en-us/library/cc262932.aspx)

Hope the information can be helpful.



Answer 2

   Thanks for your response....
I am yet to try what you have suggested....

before that I wanted to clarify one thing....
I want to ask whether this will work for internet

i have 2 sites  
1) http://xyz.abc.com   (ASP.NET website)
2) http://aaa.abc.com (Sharepoint website)

They are internet websites not intranet
 the domain  is same

So, When I enter the first website (asp.net website), I am prompted for username and password (windows account)
there is a link  for sharepoint  website in my asp.net website....
when i click  on that hyperlink, I am asked for credentials....

Can u briefly tell me the following
1) what settings  should be done in IIS of both the websites
2) what authentication  modes should be set in web.config files of both the websites
3) is there any other specific setting that should be done

Thanks again, waiting for your reply.

Answer 3


For your situation, I think you should configure Form authentication  in the web.config for your SharePoint site  and ASP.NET application.

Basically, the most suitable solution reflected in my mind is sharing cookies between the two sites.

For more information and detailed configuration, please refer to:

1.Single Sign-on in ASP.NET and Other Platforms

2.Understanding Single Sign-On in ASP.NET 2.0

Hope the information can be helpful.



Answer 4


I have implemented this successfuly long back but for Form Based Users. See following code may it wil give you an idea

First you will have to check/update you web  config specially db connection information

*---------Start --- Web.Config

<?xml version="1.0"?>
    Note: As an alternative to hand editing this file  you can use the
    web admin tool to configure settings  for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    <add name="FBA_SQLConnectionString" connectionString="server=PRODCTSERV;database=PortalUsers;User id=sa;password=sa;" providerName="System.Data.SqlClient" />
      <!-- Membership Provider-->
      <membership defaultProvider="FBA_AspNetSqlMembershipProvider">
          <add name="FBA_AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBA_SQLConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
      <!-- Role Provider -->
      <roleManager enabled="true" defaultProvider="FBA_AspNetSqlRoleProvider">
          <add name="FBA_AspNetSqlRoleProvider" connectionStringName="FBA_SQLConnectionString" type="System.Web.Security.SqlRoleProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" applicationName="/" />
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
  <compilation debug="true"/>
            The <authentication> section enables configuration
            of the security authentication  mode used by
            ASP.NET to identify an incoming user.
  <authentication mode="Forms"/>
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs  
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />

*---------End --- Web.Config

Now create default.aspx page and see its CS file as mentioned below

*-------- Start -- Default.aspx.cs
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class _Default : System.Web.UI.Page
    protected void Page_Load(object sender, EventArgs e)


*-------- End -- Default.aspx.cs

Now you need to create another page lets say MyLogin.aspx

*-------- Start -- MyLogin.aspx

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="MyLogin.aspx.cs" Inherits="_MyLogin" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Untitled Page</title>
    <form id="form1" runat="server">
        <asp:Login ID="Login1" runat="server" MembershipProvider="FBA_AspNetSqlMembershipProvider"
            OnLoggingIn="Login1_LoggingIn" OnLoggedIn="Login1_LoggedIn">


*-------- End -- MyLogin.aspx

Here is Mylogin.aspx.cs code

*-------- Start -- MyLogin.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Net.Security;

public partial class _MyLogin : System.Web.UI.Page
    private bool bLoggedIn;
    protected void Page_Load(object sender, EventArgs e)
        string uid = Request.QueryString["uid"];
        string pwd = Request.QueryString["pwd"];
        bLoggedIn = true;
            if (Membership.ValidateUser(uid, pwd))
                FormsAuthentication.RedirectFromLoginPage(uid, false);

        catch (Exception ex)
            bLoggedIn = false;
        if (bLoggedIn)

    protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)

    protected void Login1_LoggedIn(object sender, EventArgs e)

*-------- End-- MyLogin.aspx.cs

Now you will have to copy both Mylogin file under 12 hive/_Layout folder

Now run you project, and see the magic, the only concern is that both the database (asp.net) and Sql Server (FBA user  should have same username and password.

Let me know it works for you or not.



Answer 6

thanks for ur help...
but my problem is I am not using the userid and password by storing them in table of database
I am using windows  authentication for ASP.net website and Integrated Windows authentication  for sharepoint  website....

Now in my asp.net website http://abc.xyz.com there is a link  to the sharepoint website http://aaa.xyz.com ... both are in same domains but different hostname....

these are Internet websites and not Intranet....

When I open http://abc.xyz.com I am prompted with windows logon  credentials
Domain Name\Username and Password  .... I get authenticated

Now, when I click  the link of sharepoint website it opens in a new window (I have used target="_blank" to open it in new window)

this new window (sharepoint website) prompts for the same login  credentials

I want to use the credentials  that I entered in asp.net website to authenticate internally so as to the sharepoint website should not prompt  for authentication again.

can u help me with this...Thanks again..

Answer 7

OK another option is you can impersonate your web  config with hardcoded username/password, however that is not recommended.

You can use following in portal web.config next to </authentication>

    <identity impersonate="true" userName="portal\spadmin" password="spadmin" />

You need to change username and password.

However I tested this long back that time it was working. Let me know it works or not.


Answer 8

I will try this out.....
The username and password should be hardcoded in the sharepoint  website's web.config right?
also, is there any way to dynamically acquire the userid and password (windows login  credentials) that are entered in asp.net site  and use them in sharepoint's web.config dynamically....since there are multiple users for the site,
and like you said, hard coding the credentials  is not recommended..
thanks for ur help again.

Answer 9

We have sharepoint  2010 based portal and we would like to connect to 3 external asp.net based sites and 2 internal asp.net based sites using single  sign on.

So when logs in to sharepoint 2010 portal, he should be able to login  to all 5 external/internal sites without need to enter login credentials.

How we can achieve this using sso or any other approach?

All other systems have their own credentails for username and password.



I am working on a solution where we need to implement Single Sign On across some SharePoint 2010 sites and some other ASP.Net sites.  The environment is set up is follows:

1) Active Directory with Kerberos running Windows 2008
2) Farm with Sharepoint 2010 with Kerberos Authentication
3) ASP.Net websites (.Net 3.5) on the same domain (set up as sub domains) of the AD and Sharepoint but on a different machines.

Basically an authenticated user will have a selection of links - lets call it a central portal, and when clicked, he will be redirected to the appropriate sub domain - being sharepoint site or asp.net site.  These are completely separate systems.

If the user is not authenticated, he will be redirected to the login page (the same behaviour of Form Authentication), and when authenticated he will be redirected to the central portal.

From my understanding Secure Store Service is not an option for me since I will not be pulling data from the ASP.Net sites, but I may be completely wrong.

Any tips of on the strategy I need to use?  Right now I am at completly lost, so any help will be greatly appreciated.


Here is my scenario:

* We have a main web application written in ASP.NET that uses forms authentication (uses the default asp.net membership and role provider)

* We have a 2010 sharepoint portal that is configured to use forms authentication (it points to the same AspNetDB that our main web application does)


We would like to link from our main application (the regular ASP.NET one) to the sharepoint app and not have to re-login.  Both sites have the same top level domain and machineKey web.config settings.  I figured all of this would 'just work' because the forms authentication cookie would sent to the SP site and it would recognize that this is an already authenticated user.  This doesn't work and I am not exactly sure why.  I noticed the SP site writes the FedAuth cookie, and I wasn't expecting that.

Any idea's/links/hints.  Anything would be appreciated.  










I desperately need some help with understanding how to implement SSO in a web application that I am developing in Visual 2008. I have worked through the “AD FS in Windows Server 2008 R2 Step-by-Step Guide” and have a good understanding of setting up a claims app and a trust relationship between two domains. I tried to connect to the ADFS service from inside Visual Studio 2008 on my development laptop (Windows 7) and could not get it to work. Am I right to say that a person needs to use Windows Identity Foundation to accomplish this? I also would like to know what is difference between  Active Directory Federation services role on Windows 2008 R2 and the ADFS 2.0 download and the license requirements for the above mentioned services as the AD FS in Windows Server 2008 R2 Step-by-Step Guide specifies Windows 2008 R2 Enterprise edition but when I looked at standard edition the role is available.


Thank You




Hello friends 

I am trying to use the concept of Single Sign On (SSO) in my asp.net application. 

for the purpose i have created a main domain say mydomain.com

now i have 2 subdomains sub1.mydomain.com & sub2.mydomain.com. 

I am running these very fine. But now I want to have a SSO for my domains. For the same have 

googled lot and found some stuff such as adding machine key to web.config and specifying domain names in cookies. 

But it is not at all working for me. when I specify the domain name for cookies i am unable to sign out. 

I am using FormsAuthentication in asp.net. 

Following is the code I have in my web.config.

<authentication mode="Forms">
	<forms name=".ASPXFORMSAUTH" path="/" loginUrl="myHome.aspx" protection="All" timeout="1339" domain="mydomain.com">
<machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D"
				decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F" validation="SHA1"/>

         <deny users="?"/>

I have the same code in web.config of each domain. 

I have placed the code for each domain in different directory on my website. 

for ex. mydomain.com ---------> F:/HostedSites/mydomain

sub1.mydomain.com ---------> F:/HostedSites/subdomain1

sub2.mydomain.com ---------> F:/HostedSites/subdomain2

my Authentication code is 

        int userId = int.Parse(userInfo[1].ToString());
        string userName = userInfo[0].ToString();
        cookieUserInfo = string.Concat(userName, ";", userId);

        int timeoutPeriod = UtilityLibrary.Helper.GetAuthenticationTimeout();

        string userRole = userInfo["Role"].ToString();

        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, cookieUserInfo,
            DateTime.Now, DateTime.Now.AddMinutes(timeoutPeriod), true,
            userRole, FormsAuthentication.FormsCookiePath);

        string hash = FormsAuthentication.Encrypt(ticket);

        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);


and sign out code is 


Can anybody tell me where exactly I am wrong ? what changes do i need to do at server end also. 

I am checking this on my testing domain ie. mydomain.tv. can this be a problem ?


I am working on a web application that need to serve intranet users.
For intranet, users log in to their machines (AD accounts/windows user acc) as per normal and when they open up the web application, system will check for the windows logon and let them thru (was thinking of using WindowsIdentity/WindowsPrincipal). And aslo need to save the username to db for future


How this possible?

Anybody having idea about how to achieve this.


We would like to set up our Sharepoint 2010 Server to allow for single sign on. Right now when a user accesses the site, they are prompted for their username and password, whenever they open a file from a document library they have to put in their username and password. I am sure there is a way that we can set up Sharepoint to not require this every time they access the site and/or documents, by using their windows login like Dynamics CRM does.


Can anyone assist us in getting this set up properly? Thanks in advance!




I want to use my asp.net mvc application with multiple domains (maybe of hundreds),

so I have created custom Route class that matches requests including domain.

Each domain could has different routes, so the number of routes in RouteTable can be huge

(eg 500 domains, each 20 routes = 10000 routes in RouteTable).

I am considering how it will be efficient?


I have an idea to replace RouteTable.Routes (of type RouteCollection)

with custom one (of type Dictionary<string, RouteCollection>).

But how I can override default route matching mechanism with my custom mechanism which will be two step:

1) retrieve RouteCollection from dictionary based on domain name

2) retrieve specyfic Route object (standard route matching mechanism)

How can I do this?


Maybe someone has better idea for solving this problem?


Thanks in advance




Hi all, We have a client/server (C/C++/MFC/Win32) application that historically has used an internal table for managing users/passwords/product permissions etc. We've had a request from a customer to manage these types of things via Active Directory and take advantage of Single Sign-on etc. I know very little about Active Directory since we don't use it here in our office, but I've done a fair amount of reading and managed to set one up in a VM for testing purposes.


1) Since much of our product depends on OUR UserID table and we have SOME customers that want to use AD/SSO, I'm thinking we should be importing account information FROM Active Directory periodically.  How do other applications go about handling both scenarios?

2) How do I authenticate against AD?  Would the ADMIN just create "Groups" of users and I simply check to see if user X is part of Group Y? How do I do this pro grammatically?

3) Does Active Directory have a means for me to define a list of permission options for each user of the product? ie: Add Record, Delete Record, Update Record, that I can check against when one of these operations are performed in our product. .. Or will I have to continue doing this from within our app?

4) I have found a lot of AD code in C# but, having a harder time finding stuff in C++.

Anyone have any good examples? It's all mumbo jumbo at the moment, I'm hoping someone can point me in the right direction.





I am using Microsoft Single Sign On service in context to Sharepoint server 2007.

I want the external applications to use the single sign on service for authentication within a secure Enterprise portal environment.

Here the external application should be authenticated via single sign-on. But while configuring SSO in Share point central admin, it offers two methods of "Manage settings for enterprise application definitions" which is Individual and Group .

According to my requirements,

1. I need some set of users (may be a group of users) to make use of credential1 to authenticate the external application. so Group should be mapped to one common external credential1 .

2. I need rest of the users who does not belong to the above said user group should use individual external credentials mapped to Individual user .

I need both of these scenarios to be handles using a single Application definition created for my external application.

So suggest me an ideal way to achieve this mixed Individual and Group credential mapping in SSO




We migrated our web server to window server 2008, IIS 7.

We have single sign on application - that we login through one application called "users" and then no need to login to other applications, they all use the same machine key and cookie.

it works fine when all then applications under the same application pool.

but we have one application that is asp.net 2005.  (the rest are asp.net 2003)

 the user application is in asp.net 2003 and that  other application is in asp.net 2005.

so each application is in a different application pool. -

one pool to asp.net 1.1 and other pool to asp.net 2.

when I run the asp.net 2005 application

I get the login page and after I  login  I get the following errer:

HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Requested Url: /users/Unauthorised.aspx


Important: If I switch the "user" application (the login) to work under the same pool as my asp.net 2005 application, then it works fine with the asp.net 2005 application,but I get the above error for the asp.net 2003 applications

All this happened after we switched to IIS 7 Windows 2008, with IIS 6 it works great!!!

Thank you





I am logged on to the domain.  I open an ASP.Net page, hosted on a development machine, which redirects me to an ADFS2 server in the domain which prompts me for credentials.  Why, when I am already logged on?  Or is this not what single sign on means?

I would love to hear from anyone with a thought on this.


We have sharepoint 2010 based portal and we would like to connect to 3 external asp.net based sites and 2 internal asp.net based sites using single sign on.

So when logs in to sharepoint 2010 portal, he should be able to login to all 5 external/internal sites without need to enter login credentials.

How we can achieve this using sso or any other approach?

All other systems have their own credentails for username and password.


Can i use Single Sign on Sharepoint 2010?


I got a requirement from the client i.e implementing single sing on using SAML 1.1( LDAP & X.509)in .net. I searched almost entire internet but no use. I have perfect knowledge regarding SAML but i dont know how to implement it in C#.net. Where do i get any papers or document that tells how to implement SSO using SAML in .net . What are the key steps involved in implementing it? What are the topics i need to cover to complete this task. I am literally struck at this point, any help would be apprciated.

Thanks in advance



Dear All,

One of my customer is having 12 Locations connected to their Head Office (HO) through MPLS Link. I have configured Domain Controller at HO on MS-Windows 2008 Server. My Customer has 12 License Copy of MS-Windows 2003 for each location.

If i configure Child domain controller on these 12 Locations,then is it possible to integrate all these 12 Child Domain Controllers with MOSS 2007 and Project Server 2007 for Single Sign On Purpose...?

Your Help is highly appreciated.




Dear All,

I have two SharePoint 2010 web application App1 and App2 and I have used Form base authentication for App1.

On the home page of App1 I have Link of App2, when I am clicking on App2 link it is redirecting me to App2 but asking user credential. I want to supress the credential. Can you please help me on this.  


I've run into an issue where I'm trying to use SSO for access to a SQL server DB.  The problem is that we have two domains, and I'm wondering how to include two domains such that they can authenticate to SQL using the udcx file in a Data Connection library.

One domain works fine because I just create the EA Definition in SSO Admin and then add the domain1\domain users  -- when I have to add domain2\domain users I'm not really sure how/where to go about it or if its even possible.

Any help is appreciated - let me know if you need clarification. Thanks!


I have a requirement to display an ASP.NET page that will autheticate users. If the user is validated they will be pushed to our Sharepoint server and will already be autheticated. I've read that the new concept is SSS. I've read some high overviews of how to do this single sign on concept, but I haven't found anything that gotten me up and going on this task.

Has anyone accomplished this with SP2010 or know of any resources that might help me get started?

Thank you.




I am also very interested to know, when the first service pack of Visual Studio 2010 will be released, because I encountered a serious bug when remote debugging an asp.net or asp.net mvc application.

This bug is reported, see:

Without beeing able to remote debug I cannot develop my next (big) project.
So when there is "no service pack timeline for Visual Studio 2010" I need another way to get this bug fixed as soon as possible, because I simply cannot wait an indefinite time.

What can I do for a solution of this problem?

Horst Seyfried


hi all,

i am new to web developement... 

i just want to follow a tutorial that guide through how to create a asp webpage

i have VS2005 and microsoft .net framework 3.5 installed 

but when i click on NEW Website in VS2005, i cannot find teh new ASP.Net Web Application like in this articale is showing


but i can only see  ASP.Net Web Site + ASP.Net Web Services + Personal Web Site Starter Kit + Empty Website + ASP.Net Crystal Report Web Site


PS. when i intalled Vs2005, I choosed Full Install.


please let me know if i am missing something. or, does a ASP.Net Web Application and ASP.Net Web Site will bring you the same thing.

however, one thing i notice is that after i create new ASP.Net Web Site, i can't find the Property and or Refference NODE in the Website project-node anywhere. (figure 2 in the above link will give you a better picture of what i am trying to explain)



<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure