Saturday, February 28, 2015

Single SignOn (SSO)

SSO (Single SignOn)

   Single Sign On is process to login in multiple sites/application using single set of user credentials. For example google, we logged in google and able to access all service of google as email, analytics, g+, news ,youtube etc etc.

  This post is about

  • SSO in web applications on same .NET Framework
  • SSO in web applications on different.NET Framework
  • SSO between SharePoint application and asp.net application.


How we can perform single sign on :- 

    Form authentication is cookie based, as ASP.NET places a cookie in the client machine in order to track the user. If the user requests a secure page and has not logged in, then ASP.NET redirects him/her to the login page. Once the user is authenticated, he/she will be allowed to access the requested page.This cookie helps to trace user information over number of webs. So  Form authentication  is answer to sso.


How to implement :-

  Web.config in asp.net application store all configuration detail for a web application.

  It contain tag <form> if form authentication is enabled. This tag attribute along with machine key attributes help in sso.


  (1) Set attribute of form tag
  (2) Set attributes for machine key
  (3) copy same for web application in which you are going to implement sso.

For Example :- 
  same machinekey and form tag attribute for web1.sunitkanyan.in and web2.sunitkanyan.in

<machineKey
validationKey="818B77A6AFBF5E0B82B7FBE6F992E1733986DAEF81D1EB107B55D6F68EB6FEC6097349A9E37A407A6B5CF2FA1AB9327CA182A2C999A768C14B146036420203F9"
decryptionKey="45798D54477D1D11BFC16733786AABB50E7FD5DDB3F8F46A"
validation="SHA1"/>


 <authentication mode="Forms">
 <forms loginUrl="~/Account/LogOn" name="SunitKanyanIn.Auth" timeout="2880" domain=".sunitkanyan.in" cookieless="UseCookies" />
 </authentication> 


here :-
machine key attribute helps to provide encryption algorithm name including encryption,decyption key which are being used for cookie encyption /decryption

 and attributes of form tag helps to set cookie specfication as

 domain :- which site can access/see this cookie, .sunitkanyan.in means any subdomain of sunitkanyan.in can access it
 name :- name of auth cookie


Demonstration :-

  Two web web1.sunitkanyan.in & web2.sunitkanyan.in have same machine key and form tag's attributes
 I logged in through web1.sunitkanyan.in and get automatically logged in web2.sunitkanyan.in


Web2.SunitKanyan.in

Web1.SunitKanyan.in 

currently no user is logged in both application , auth cookies also not present

Web1.sunitkanyan.in  click signin screen appear ,provide username click log in


Screen show logged in as sunit , and browser is showing cookie with domain .sunitkanyan.in

Now refresh browser for web2.sunitkanyan.in
Its show Welcome Sunit , the single sign on performed for two mvc application , similarly we can perform sso between webform application and  mvc application


Imp:-
   These application are on same .net framework so sso performed easily.but when .netframework for application are not same then cookie generate will not accept by another application .

For different .Net Framework Application:-

 Use compatibilityMode attribute of machine key. set same compatibilityMode for machine key in web.config files

SSO Between .Net(Webform/asp.net application) and SharePoint Application:-

  Till date SharePoint use .net framework 3.5 below. So I had tried sso with .NET FRAMEWORK 4.5.1 application , was failed untill set compatibilityMode 

Step to perform SSO in .Net Application and SharePoint Application:-
  1. Perform form based authentication for SharePoint Application.
  •        set Provide and membership detail in application and central admin and in services web.config files .
  •       set form tag in all application and central admin  web.config
  •       set connection string in application and central admin  web.config
  2.Set  compatibilityMode="Framework20SP2" in machine key for sharepoint application web.config and copy machine key from SharePoint to .Net application

Note:- Set carefully domain for form-auth token.

~
Sunit
technocrats@sunitkanyan.in