Sharepoint 2010 Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint 2010       RSS Feeds

Auto-login a user into SharePOint 2010 using an LDAP query against AD

  Date: Feb 20    Category: Sharepoint 2010    Views: 2634

We will have external users logging into a system that is unrelated to
SharePoint 2010. We will have our external user's accounts in our Active
Directory. My requirement is to have these external users log into this other
application and then have the application using c# code, redirect the user to
SharePoint 2010 and auto log the user into the site by using an LDAP query to
get the userid and password from AD.

First, does anyone have any suggestions on the best approach to auto-log a user
into Sharepoint using c# code?

Second, I am not sure which authentication provider would be the best option for
this scenario...windows?



4 Answers Found

Answer #1    Answered On: Feb 20    

I think the scenario at a high level would be something like:

* User logs into "other system"
* "Other system" creates an encrypted cookie and redirects user to SharePoint
* SharePoint and "other system" need to share the same domain name (e.g.
*.yourcompany.com) so that the cookie created by "other system" is visible to
* SharePoint web application is configured to be claims-enabled with
forms-based-authentication, so user will be automatically redirected to
* You put custom code on login.aspx that can decrypt the cookie created by
"other system", identify the user, and create an authenticated session
(transparent to the user, so no login prompt appears)
* SharePoint is connected to the AD via the LDAP user and membership provider (I
think you might be able use the Windows authentication provider in this scenario
if you passed the user's password in the encrypted token but I would not be
comfortable with a solution that passes a password around like that)

This is similar to a custom claims-based authentication solution. An alternate
approach that might be easier to support in the longer term would be to build a
real claims-based authentication solution using something like ADFS, and use
SharePoint 2010's built-in support instead of custom code. The downside would be
more complex infrastructure and possibly licensing fees.

Answer #2    Answered On: Feb 20    

Another solution which may or may not fit your situation is to use an ISA or TMG
server to accomplish this. You can have TMG authenticate the user in a web form
with listener using single sign-on. Then tmg server will take care of the ntlm
or kerb communication to all servers routed to from behind that listener. I
guess it would require that your custom application uses windows authentication

Of course this means licensing TMG and having an additional server to run it on,
but if you are developing an enterprise solution, this would probably end up
being the most scalable approach.

Answer #3    Answered On: Feb 20    

A few more details about the custom application:
-it is not a windows authentication application
-it stores userids and passwords in a database.
-we do not own that custom application...it is an application in the "cloud" so
to speak.
-we cannot connect to their database to use forms authentication

Answer #4    Answered On: Feb 20    

Given those constraints it's unlikely you'll be able to get this to
work. The details you added pretty much kill all the standard SSO
solution scenarios.