0

I am attempting to create a single sign on SharePoint portal. I have tried a variety of methods so if someone has a better suggestion then I am all ears, but I am attempting to do this via claims based authentication. I have a SharePoint Web Service site setup with a Security Token Service running. It is currently being used by other SharePoint sites on my SharePoint server and works fine. What I am attempting to do is utilize this same Security Token Service to issue tokens to Web Application to be used as claims to achieve single sign on for these Web Applications from my SharePoint portal.

Firstly, is this possible?

Second, how do I generate a token to be used by my ASP .NET MVC applications?

I don't know much about the Security Token Service, it was set up by someone else who is no longer employed at my place of work and I cannot consult them unfortunately. Thanks in advance.

UPDATE: I have am getting the following error now:

Parser Error Message: ID1024: The configuration property value is not valid.
Property name: 'certificateReference'
Error: 'ID1025: Cannot find a unique certificate that matches the criteria.
StoreName: 'CertificateAuthority'
StoreLocation: 'CurrentUser'
X509FindType: 'FindByThumbprint'
FindValue: '‎mythumbprint'

I installed my certificate and verified it is in Root\Certificates in the Trusted Root Certification Authority. Any ideas what the issue could be?

NOTE:

Thank you for your help, this should have been mentioned from the start but I am using .NET Framework 4.5 in Visual Studio 2013 so please answer with that in mind. The answers and comments so far may work for earlier versions of .NET and VS but don't seem to work in my case.

UPDATE:

I seem to have fixed at least part of my problem. It appears I am getting authenticated but the screen is blank. I am still working through this but anyone having similar issues this helped me a lot. Upon further inspection I get a 500 Internal Server Error (after ADFS successfully authenticates me) but that error doesn't appear in browser I only see it in firebug.

mgrenier
  • 1,409
  • 3
  • 21
  • 45

2 Answers2

2

Yes you can achieve single sign on between SharePoint and your ASP.Net MVC application.

Since your SharePoint has already setup with STS, you need to setup your MVC application for STS. You don't need to generate a token, the token is generated and returned to your MVC application by STS.

To configure you MVC for STS, you will need Windows Identity Framework. Next configure your MVC application to use Claim based Authentication, see http://msdn.microsoft.com/en-us/library/hh291061(v=vs.110).aspx

Also if you are using ADFS for your SharePoint, have a read on ADFS Federation

john
  • 581
  • 4
  • 9
  • I found the federation metadata, but get this error now my new problem is: when I put the path with https:// it works in my browser but I get an error in my app complaining about the ":" saying its should be a relative path. If I remove the https:// it give me a file not found error (both in a browser and in my app). I must be doing something wrong here but I am not sure what??? – mgrenier Jan 16 '15 at 19:25
  • not sure how you are doing it, I find it easier to create a blank asp.net application, and then let the FedUtil to create the config for you, see this one http://msdn.microsoft.com/en-au/library/ee517285.aspx, refer to part 2. Register an existing production STS – john Jan 18 '15 at 21:36
  • I am using VS 2013 and .NET 4.5 I don't see the option to "create a claims aware ASP .NET website" not do I have the "Add STS Reference" option. – mgrenier Jan 19 '15 at 13:58
  • I figured out the claims aware issue, got the SDK installed. Still no STS reference though. – mgrenier Jan 19 '15 at 15:16
  • With VS2013, STS reference is called Identity and Access, see http://bartwullems.blogspot.com.au/2013/03/where-is-add-sts-reference-option-in.html – john Jan 21 '15 at 04:41
  • Do you still have the Cert problem, check the permission for your cert and/or the location, refer to http://stackoverflow.com/questions/1786019/where-did-my-certificate-store-go and https://claimsid.codeplex.com/discussions/236936 – john Jan 21 '15 at 04:48
  • Identity and Access is in 2012 not 2013 – mgrenier Jan 21 '15 at 13:13
  • I may very well have a Cert problem, and likely do but I don't know what the problem is. I find very little documention on .NET 4.5 and VS 2013...and tons for earlier versions of each. – mgrenier Jan 21 '15 at 14:30
  • lol its' fun when you are the first one... With the server 500 error, do you know if you are getting it from your MVC application or the ADFS server? see if you can find anything is logged on your ADFS server, you can also enable ADFS tracing https://jorgequestforknowledge.wordpress.com/2014/02/05/enabling-debug-tracing-in-adfs-v2-1-and-v3-0/ – john Jan 22 '15 at 21:45
  • I believe from my MVC app, ADFS authenticates me but there is an issue loading my MVC app after authentication. I am thinking it has something to do with teh application originally using forms authentication then me switching it. I am now starting from scratch with an blank MVC app that uses ADFS from the start (which is working for me) and slowly adding components of my existing system to the working MVC app to see if I can get it working. When I added the whole thing existing code to the working MVC app I got the same error. – mgrenier Jan 23 '15 at 18:57
0

It seems my blank page issue is a result of the combination of claims based authentication and remaining forms based authentication code being mixed together in my application. I have decided to create a simple federated MVC application (which I am able to get working) then slowly transfer the code from my existing app into the simple app and see where it breaks. My suggestion for anyone trying to accomplish something similar is not to try and simply change authentication methods like I was trying to do but to get the desired authentication working in a new simple application and port your existing application into the new one. It is a longer and more painstaking way of you it, but in my case it would have been quicker if I just started that way. If I come up with any new and useful information I will update this answer.

Thanks to all who offered their assistance with this, it did help me arrive to where I am now!

mgrenier
  • 1,409
  • 3
  • 21
  • 45