I have an ASP.NET website which users log into etc., and also a SharePoint site. The SharePoint site authenticates users using Active Directory. For each user in the ASP.NET website we are planning to create (the first time they log in) and store a corresponding Active Directory account/username.
Once the user is signed in to the ASP.NET website, is there any way that we can send them to the SharePoint site without them having to log in?
I am looking at creating a Trusted Login Provider using the documentation here: http://msdn.microsoft.com/en-us/library/ff955607.aspx - when a user tries to access the sharepoint site they would:
- Choose the login type (either Windows Authentication or the CustomSTS)
- If choosing CustomSTS, be sent to a Security Token Service within the ASP.NET web site
- ASP.NET web site would authenticate the user (if not already logged in) and send the user back to SharePoint, passing the user's Name and WindowsUserName claims
It looks like this should work, and this is what I am trying to do, but I am concerned that using this method the user will only be known to SharePoint as a user within the Custom STS, and not the Active Directory. The SharePoint site will contain Analysis Services stuff which for which we need the user to be authenticated against AD, not just custom STS, so will this not work?
Any help or advice would be greatly appreciated. It may be that there is a completely different and better way to approach this problem.
