tags:

views:

54

answers:

4
+2  Q: 

Possible to reuse logged-in Sharepoint authentication?

Looking for a pointer in the right direction ...

Is there a mechanism which allows you to configure SharePoint in such a way that:

if a user has been successfully authenticated within a SharePoint site that there is some kind of "authentication token" what can be passed or is available to 3rd party sites

or a way for 3rd party sites to "recognize" that the user is currently authenticated within a sharepoint environment

all 3rd party apps can be modified to accommodate whatever needs to be done but the constraint is: SharePoint may or may not be a hosted (by a separate service provider) and how the original authentication took place is irrelevant i.e. just need to know they authenticated ok, not how

EDIT scenario to help clarify: authenticated SP users require access to a 3rd party service provider for additional content. a "link" on their SP site redirects through to the 3rd party. the 3rd party needs to recognize the referrer (based on a collection of evidence supplied by the request) so that it need not challenge for a secondary authentication process.

one of the 3rd parties is me. the SP instances are many and varied and would be any one of my clients (which i don't offer support to, just provide a content service to).

so the attempt is to solve more of a general "community/ecosystem" problem.

+1  A: 

Your question is very confusing.

SharePoint may or may not be a hosted

What do you mean by that?

Are you invoking a 3rd party web app from a SharePoint page? You can get the current user using

SPWeb.CurrentUser

property and make use of it.

NLV

NLV  2010-06-23 09:02:25
SharePoint may or may not be a hosted: by that i mean with a service provider like rackspace as opposed to within a corporate network..
bryanallott  2010-06-23 18:48:01
+1  A: 

Your requirements are a little vuage but this should point you in the right direction.

Plan authentication methods (SharePoint Server 2010)

Specifically Claims based authentication.

Ryan  2010-06-23 09:54:38
+3  A: 

Going on the small amount of information available here.... You are probably going to use Windows Authentication (via Active Directory) or Forms based authentication.

If you are using AD within your organization and the other server you are authenticating to is using the same AD, it's a no brainer. If it's AD based but both servers are using different domains, it's much more complex. One option would be to setup a trusted share between the ADs.

If you are using Forms Based authentication it becomes a bit more of an issue. If both servers are using the same FBA, you could create the authentication cookie in SharePoint and then add the cookie as a header to a Request object and then redirect to the server.

If they are different authentication methods totally, you need to determine if your security requirements will allow users to authenticate via some URL based mechanism (like querystrings) and then develop the logic on your SP box to create the URL to authentication.

John Ptacek  2010-06-23 13:27:59
the url-based mechanism is what i was thinking... the direction i would need is how much dev would that require on the SP box.. but from the SP front-end only?
bryanallott  2010-06-23 18:49:48
"...add the cookie as a header to a Request object and then redirect to the server..."mm... is adding javascript to a web (part) page (or even writing some server side scripts (ie. runat="server") fairly straightforward from within the SP front end?
bryanallott  2010-06-23 20:14:26
Is all of this client side based? What I described was server based.In regards to the URL mechanism, it's all a function of the business rules you need to implement to create a querystring that will authenticate to the destination server.
John Ptacek  2010-06-23 20:24:39
the javascript add-in was just a thought as a means of interrogating cookies... it's implementing the creation of the querystring. ie. server-side code on a web page inside SP?
bryanallott  2010-06-23 20:44:25
It may be worthwhile to look at Ted Pattison's book on SP programming. There are several ways to create the server side code; embedded user controls, web parts, in line script in ASPX page, etc. Without a better idea of what you are trying to accomplish, it is difficult to answer. And no, nothing is really ever straight forward in when it comes to SharePoint :)
John Ptacek  2010-06-24 03:45:12
in line scripting with aspx- or application pages (i'm starting to get a feel for SP jargon now- oh dear :p)all the solutions require some sort of access to the SP box in order to deploy an artifact (ie. a dll or an aspx page) which i was hoping to avoid
bryanallott  2010-06-24 04:39:29
SharePoints Safe mode parser will stop most code if you havent deployed it to the box directaly.
JC Vivian  2010-06-25 09:41:56
+1  A: 

I'm guessing that by "3rd party sites" you mean sites that aren't hosted in your domain. If that's the case, then the servers won't be able to use your AD authentication (unless you share them, which probably isn't worth it).

I would suggest modifying the way users are authenticated on the 3rd party servers, as you have control over how you send your users over there. You could easily encrypt their usernames/emails/unique IDs and a timestamp (to make sure they can't bookmark that link) in a query string.

The information is then decrypted on the 3rd party server. Invalid information and they are redirected to your login page. Valid information and the 3rd knows that they were authenticated in your sharepoint app.

Hugo Migneron  2010-06-23 15:10:40
the trick here would then be to create that request "token" on the SP box- and if i could do that without requiring a dll-deploy to said SP instance... ?
bryanallott  2010-06-23 19:51:51
Well I think you will need custom code running somewhere on your SP box. It's not built to share it's authentication with other web sites without custome code added to it. If you go down the encryption in query string road, you could deploy or feature that takes care of it for example.
Hugo Migneron  2010-06-23 19:55:47
i was hoping not to resort to that... but i'm thinking it might be the only way.creating server-side code from within SP on one of the webpages.. is something like that doable?
bryanallott  2010-06-23 20:10:13
Absolutely, it's not that difficult either. I did something similar on a website to pass credentials across different web applications. You could create a web part that takes care of redirecting the users (and encrypting the credentials in the query string at the same time). Deploy that web part on a page, and that will run your server-side code for you. From inside a web part, you have access to both your authentication (AD or FBA) and the SP context.
Hugo Migneron  2010-06-23 20:14:16
ah superb :) any specific keywords or jargon used in SP (for googling the subject matter further). even a "hello world" web part would be a great place to start...?
bryanallott  2010-06-23 20:18:06
reading your response more carefully: "web part" - thanks, Hugo.i was hoping to avoid deployment to the SP box(es) (as in shell access in order to drop files in the layouts or bin directories) but it seems this might be the _only_(?) way
bryanallott  2010-06-24 04:42:05
I think it will be the only way. Creating your first web part will take a bit of time, but once it is developped, you will only have to access your server to run one exe file and that should be it for the deployment. There are tons of tools out there to help you with the deployment. WSPBuilder : http://wspbuilder.codeplex.com/ will help you create a web part (integrates in visual studio, etc.). http://sharepointinstaller.codeplex.com/ SharePoint installer will create the deployment .exe for you.
Hugo Migneron  2010-06-25 14:11:26
Also, this is a fantastic tutorial : http://www.greggalipeau.com/2009/05/18/developing-sharepoint-webparts-using-user-controls-and-web-applications/Step by step instructions on how to create a custom web parts with WSPBuilder (the tool that I linked to in the other comment). With these tools / tutorials, you should be OK (at least to know what to google for). Good luck!
Hugo Migneron  2010-06-25 14:16:57

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?