Issues using external authentication with SharePoint 2010

1
votes

We are using the “CAS” Single Sign-On system that was developed by Jasig. And trying to authenticate users against it for a SharePoint 2010 site. The main issue is that we are validating the user’s username and password on an external site that sends a “ticket” back to our SP2010 site via query string. Our app then revalidates this ticket against a CAS system to make sure the ticket is valid. If the ticket is valid, we go ahead and say the user is authenticated. In a .NET app, at this point all I need to do is call this:

FormsAuthentication.RedirectFromLoginPage(username, false);

Then, our “username” user is authenticated, and everything works just great. In SharePoint, however, this isn’t enough. I can only get SP 2010 to authenticate my user if before calling the previous line, I call:

SPClaimsUtility.AuthenticateFormsUser(Request.Url, username, password);

Obviously this is a huge problem, because at this point, I do not have their password. I only have a ticket from the CAS server. I need a way to “force” the authentication of a user in SharePoint.

1
sharepointauthenticationsharepoint-2010external

1 Answers

1
votes

Microsoft did some huge changes to custom auth with SP2010 Beta to RTM as we found out the hard way. Anyway, we got basically the same challenge, using a ticket as the means of authentication, and we got it working:

Your customlogin.aspx will typically contain something like

var ticket = SecurityProvider.GetTicketForCurrentUser(Session);
var credentials = SecurityProvider.ValidateTicket(ticket);
var username = credentials.Username;
var password = credentials.Password;
var securityToken = GetClaimsToken(username, password);
var fam = Context.ApplicationInstance.Modules["FederatedAuthentication"] as
                    SPFederationAuthenticationModule;
fam.SetPrincipalAndWriteSessionToken(securityToken);
SPUtility.Redirect(SPContext.Current.Site.Url, SPRedirectFlags.Trusted, Context);

The SecurityProvider containing ValidateTicket

   public static UserCredentials ValidateTicket(string ticket)
    {
        UserCredentials creds = UserWSClient.GetUserCredentials(ticket);
        return creds;
    }

Your biggest challenge might be writing a webservice that recieves the ticket and returns the credentials instead of a boolean stating wether the ticket was valid or not. Best of luck!