Hi We are building apps with sharepoint 2013. Currently we have them setup as two web applications with two separate domain names -
Wep App 1 - www.webapp1.com
Web App 2 - www.webapp2.com
We also have ASP.net membership role provider database which we use for authentication.
right now we want to implement Single Sign On for both the Web App. If i Authenticate with one web app and i try to navigate to the other web app i should not be asked to re-authenticate again.
How can i achieve this. i cannot use ADFS as we maintain a separate database with all the user info as a part of asp.net membership role provider.
Can someone guide me on how this can be achieved.
Appreciate your time.
You are right, the SP2007 model was a lot easier but not extensible.
Are these web applications on the same SharePoint farm?
The SharePoint STS can be shared across multiple web apps as long they live within the same farm. You can configure your webapps and the Sharepoint STS to use FBA with your custom membership/role provider.
We managed to implement a similar scenario but the webapp1 was living on Sharepoint 2010/2013 and the webapp2 was an standard ASP.NET app. The user logs in on webapp1 and the ticket was shared across to webapp2. The same scenario can be used to share tokens between Sharepoint web apps as long they live within the farm. (Your Sharepoint STS will internally talk to your membership/role provider however behind the scenes a FedAuth token will be created as your SP web apps only understand claims)
Hope this makes sense, if not let me know.
Gerardo Diaz
Related
We have a .NET Core web application with an AngularJS SPA front-end. We also have a Power BI Report Server with a few dozen Paginated Reports (SSRS). We would like for the web app users to be able to view/save/print the reports from the web app, without having to authenticate again into the Power BI Report Server. We also don't want to maintain two user lists (one for the web app, and one for the PBIRS). I have been told that they want us to use a single service account for PBIRS, and have the web app authenticate in to PBIRS, and serve up the reports to the user.
Unfortunately, Microsoft's official SSRS Report Viewer control (which allows you to enter authentication info), only supports Web Forms, which is not compatible with .NET Core. I have tried a few .NET Core wrappers for it, but I was not able to get them working.
Then I had another idea. Can I have my .NET code create a client, authenticate into PBIRS, and maybe get an authentication cookie, then somehow attach that cookie to the user's browser, so that if the user goes directly to the PBIRS, the cookie is valid and they are authenticated in as the service account user? How can I do this?
These two servers might be in different subdomains, but I think they will be in the same domain. I need to verify this. I think it might not be possible at all if they are on different domains, correct?
I am completely a novice about Asp.net and Azure platform. I created a simple web application in VS2013 and deployed it to Azure web application. When I try to open my url (xxx.azurewebsites.net) it shows me a login page that my local application does not consist.
I digged some info about it, but due my knowledge level of web development and Azure platform, I did not understand the problem. It seems Azure Active Directory should be used, but I am not certain about it.
My question is, is there a way to skip the login page? If not, how can I define credentials to my application to be accessed?
Thank you.
As far as I know, Visual Studio 2013 offers several authentication options (No Authentication, Individual User Accounts, Organizational Accounts and Windows Authentication) for the Web Forms, MVC, and Web API templates.
According to your description, it seems that you select Organizational Accounts option for your application, which will configure the application to use Windows Identity Foundation (WIF) for authentication based on user accounts in Azure Active Directory (Azure AD, which includes Office 365) or Windows Server Active Directory. If you don’t want authentication for your application, please choose No Authentication option when you create the project.
I have an application built in .NET (C# and ASP.NET). We offer our own register/login login, but a client that just signed up with us requested support for ADFS since that's the authentication service they use across their company. This is brand new to me.
How can I add support for ADFS on my application? I'm guessing my client will provide the new users a link to click that I'll have to process for the SSO?
What would my client need to do on their end? (i.e. add groups and assign our future users to those groups?)
What .NET (or 3rd party) libraries can I use?
Thank you!
You could do this with OpenID Connect OWIN but ADFS 3.0 doesn't support this. So you need WS-Fed (WIF).
The easiest way to do this is with VS.
Create a new ASP.NET project and for "Change Authetication" select the on-premises option.
Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET in Visual Studio 2013.
Obviously ADFS needs to be configured. You need to find out what attributes the application requires in the form of claims.
Code sample which is similar for Azure AD - Integrating a web app with Azure AD using WS-Federation.
I am trying to figure this one out. I am using a simple web service that is hosted by an asp.net web application that is going to be used for authentication for a mobile client and a desktop client and it will also be used to send/receive information to and from the clients.
Right now the service uses custom username and password authentication that is hard coded into the service. I need some kind of authentication though. So I figured I could just add the asp.net membership provider to the web application that is hosting the service, and I could use that database for the members for the service.
This would provide a way for me to manage the users as well. Could anyone tell me if this would work and if so how could it be implmented?
Here is the service I am using: http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti
It is easy to do. Assuming you're using Visual Studio I suggest using the web site administration tool. A MSDN article describing adding ASP.NET Membership Provider can be found at http://msdn.microsoft.com/en-us/library/6e9y4s5t(v=vs.100).aspx
I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs to be the same level of security and data access based on roles that is already stored in the asp.net application.
So now it's time to make authentication work across both applications.
I would like to take advantage of the asp.net authentication by prompting a login when a user first opens the WinForms application and the calls possibly a web service to authenticate the user, get the users role, and profile.
I'm sure this has done and or asked about.. I'm just not finding the question/answer in SO.
First: Use WCF for your web services. It's a better framework than the old ASMX services.
Second: WCF can utilize the same RoleProvider and MembershipProvider classes that your ASP.NET application utilizes. It's a simple configuration switch. Use them both and your web service requires the same credentials as the web application.
And... that's pretty much it.
For more info, see:
Implementing a Role Provider
Implementing a Membership Provider
How to: Use the ASP.NET Membership Provider
To add to Randolpho's answer: another feature users might like is the ability to save their credentials rather than entering them every time they start your application. You can use the Credential Management API for this as described in this answer.