I am looking into option on using Single Sign On (SSO) from a SAP Portal to a Non-SAP ASP .Net application. Reading through the documents and online searches, I found there are couple of approaches
1. Use "SAPSSOEXT" to evaluate the Logon ticket in the .Net application.
2. Use "SSO22KerbMap" ISAPI module.
The .Net application is already configured to use Integrated Windows Authentication using Active Directory. But, now we need to support SSO from SAP Portal. Without SSO, if a User A signs into the .net app from a User B's system, the .net app would Windows authentication and treat the user B as the logged in User.
Option 1 involves developing new code for the .net application as it currently does not support it and it may not be possible in my case.
Option 2 sounds very promising, but I am not very clear on how this would work. It sounds like the module verifies the SAP Logon ticket and acquires a constrained kerberos ticket. But, I am confused as how would the .Net application use this constrained kerberos ticket. Is Option 2 a seamless bridge that I could just install and suddenly the .net app support SSO like Magic? I would love if it did that, but sounds too good to be true.
Related
I have a big MVC 4 application that uses Form authentication.
It has its own user and privileges management using a custom database.
Now I need to adapt this application to allow integration with customer AD and allow SSO using their users.
All the guides I found online assume the creation of a brand new project.
I tried to add support using Connected Services, but I cannot find AD service (Only Office 365 Services with Microsoft Graph, but that's not the case).
I would like to make it configurable so I can choose to deploy in both in its own legacy user management scenario or the AD integration scenario.
Can anyone point me in the right direction?
This question has been asked so many times, and a quick search came up with lot of results. But I haven’t gotten satisfactory answer yet.
We have 2 web applications ( and we may have more in future) App1 is .Net 4 Silverlight Application and App2 is Node.js/Angular application. Both applications have different domains. www.app1.com and www.app2.com The App1 is hosted in IIS and App2 is NOT in IIS
Now, we have to implement Single Sign On Feature to support these applications. I was looking into ASP.NET Identity which is available in .Net 4.5.
Questions
1. So I thought of creating new MVC 5 application using .Net 4.5 that could serve as SSO site. If possible I wanted to use our own SQL server to maintain the credentials. But I am not sure how to share authentication ticket/cookie between sites. I have done this before using Forms Authentication where I had to use same machine key on all websites. But those were all .net applications. However with new identity framework and OWIN and with different types of applications i am not sure. So before I jump into it and start developing I wanted to know is it recommended approach, and if yes, can someone point me in the right direction. An article would greatly help.
2.Second options is to use Azure AD, but I am assuming we have to pay for it( we have MSDN sub) and we do not have local active directory either. Is Azure AD is the right option here? Does it work with Node.Js/Angular application. With Azure AD I guess App1 I may have to upgrade it to .Net 4.5
I'm building a website from scratch using ASP.NET MVC 4.
The application is hosted on Windows Azure.
It's a rather basic website application.
Next, I would like to authenticate my users.
The authentication requirements are, again, rather basic and straight forward.
I did some reading, and it seems that the best two options for me to achieve users authentication are:
1. ASP.NET SimpleMembership
2. Windows Azure Active Directory Access Control
Now, my questions are, which one should I choose? which one is more secured?
It is dependent on what you want. WAAD -ACS gives you option to integrate various identity providers like google,yahoo etc or federate with Active directory services.
But if do not want such options and simply use your existing asp.net membership you can do that as well.
I have a scenario whereby i need to build a WCF service to provide custom authentication to 3rd parties non-web application connecting in an "Active" mode - i.e. i cannot present a web login page.
The login mechanism is also custom (i.e. not necessarily username/password), and so i cannot use ADFS or ACS.
I have read up on building active STS using WCF, but they mostly relate to .NET 3.5 and not much has been written around using .NET 4.5 since WIF has been integrated into the framework.
I have read Examples of how to a STS in .Net 4.5 using WCF but it doesn't seem to fit my scenario.
Any pointers appreciated.
Maybe you want to have a look at
http://thinktecture.github.com/Thinktecture.IdentityServer.v2/
This is an open source STS that includes active endpoints.
I have a Silverlight RIA application that uses Forms authentication. We want to pass users of a certain domain through Windows authentication and if that fails or user is not part of that domain it falls back to Forms authentication.
Most of the stuff I've found was for aspx sites using methods not available in Silverlight. Many others say it isn't possible. Has anybody managed to do this without to much trouble?
The app is based on the Silverlight Business Application template in VS2010 (SL4).
I don't think this is possible. Ran into the same issue and decided to turn off windows authentication.
See:
http://forums.silverlight.net/forums/t/228703.aspx
http://connect.microsoft.com/VisualStudio/feedback/details/566410/enable-wcf-ria-services-with-forms-authentication-and-integrated-windows-authentication
The second link seems to indicate this is a bug that may be resolved in a future release