SharePoint Integration for Single-sign On

views:

1455

answers:

+1 Q:

SharePoint Integration for Single-sign On

Let me preface this with I am an experienced .NET developer--but I have not yet worked with SharePoint, so this question relates directly to SharePoint and its features.

I'm working on a project that requires integration with SharePoint to the extent that a user can click some kind of redirect link that would allow them to authenticaate to my application without having to sign in every time.

I'll need the ability to specify which SharePoint users will have access to my application and then show those users a login. (So maybe 2 web parts, one for an administrator to assign SharePoint users to my app, and 1 for the actual app link?)

For the SharePoint-experienced devs out there, what are your thoughts on how to do this in the most simple, non-intrusive way?

Thanks for any help you're able to provide.

I'm not 100% sure I'm following what you want to do, but does this...

Implementing Single Sign On (SSO) with SharePoint Portal Server

http://blogs.msdn.com/roberdan/archive/2005/02/19/376629.aspx

... help at all?

Martin Peck 2009-04-29 13:57:24

Unfortunately, I don't have control over the existing SharePoint installation and won't be able to integrate a whole new SSO provider for SharePoint. Whatever solution I create needs to be contained in a web part or in my own application (using SharePoint web services or some such thing).

Adam Cuzzort 2009-04-29 14:09:59

You can build ASP.NET application integrated into SharePoint. See here detailed description on how it can be done http://rshelton.com/archive/2007/10/05/free-sharepoint-document-workflow-workshop---part-2-asp.net-workflow.aspx. Ignore workflow part. Just look how build and deploy "Association Form". This will give you a good idea on how to build you own SharePoint integrated web form.

Dmitri Kouminov 2009-04-29 13:58:45

+1 A:

This can be a tough nut to crack...

I used Microsoft Single Sign-on to integrate SharePoint and Confluence. What we did is had our web parts have the option to pre-authenticate to Confluence by performing a client-side HTTP request containing the SSO credentials to the other system (Confluence in our case). This would allow the browser to have the cookie necessary to pull up any images from the external system without them showing up as broken and allow for links to the other system to work without being redirected to a login page.

If you decide to do this pre-authentication, you need to realize that this causes extra network requests from the client. We didn't figure out a way to know if we needed to make this extra request or not, so if they were using SSO, we always do it on every page request that contains our web part (not ideal, I know).

From a security standpoint, one thing that we do is only have the SSO token in the page source and have client side code go request the password so it can pass it along to the other system. We also do some extra verification to make sure nobody is trying to spoof the token. Take a look at this link for some more details ("Confluence credentials when using Microsoft SSO" section).

Kirk Liemohn 2009-04-29 17:19:28

Thanks, Kirk. That's very close to what I'm trying to achieve. I appreciate the link and all the helpful insight.

Adam Cuzzort 2009-05-07 19:27:46

ansaurus

tags:

views:

answers:

SharePoint Integration for Single-sign On

related questions