Implementation of SharePoint-based Single Sign-on

Single Sign On (SSO. SSO is defined in multiple application systems. Users only need to log on once to access all mutually trusted application systems.

Microsoft Office SharePoint Server 2007 provides a single sign-on function.

 

The following is a specific example. In fact, there are many similar implementations on the Internet.

1. Configure the data source

Used to store user login creden for third-party enterprise applications. This creden。 can be recorded in databases, sharepoint list items, and sharepoint databases. The following describes how to store data in an SSO database.

1. Enable Microsoft Single Sign-on Service.

SSO applications use Microsoft Single Sign-on Service, which is stopped by default. Select Start program management tools and select Microsoft Single Sign-on Service ,;

 

The service is disabled by default. Double-click the service. For example, select the logon tab, select "this account" as the logon identity, and enter the account and password. Note that this account is a domain user. (Otherwise, the SSO call will fail ).

Select the General tab, set the Startup Type to automatic, and start the service. The status is as follows:

 

2. Configure "manage Single login Settings ".

2.1 configure "Server Settings"

After the SSO service is configured, configure and manage the Single login settings. Start → program → Microsoft Office ServerSharePoint 3.0 management center. In the management center, select the "operations tab" and select "manage single Logon Settings" in "Security Configuration ". For example:

 

By default, "Server Settings" and "enterprise application definition Settings" are not set. First, set the server settings and select "Manage Server Settings ". As follows:

Enter the corresponding account name in "Single login Administrator Account" and "enterprise application definition Administrator account. "Database Settings" and "timeout settings" are both default values ,.

NOTE: If "database error" is displayed after confirmation, modify "server name" in "database Settings" to the name of your SQL2005 server that accesses MOSS.

The "manage encryption keys" feature is not added to this test. This encryption key pair is used to encrypt the credential. Use this function in common applications.

2.2 configure "enterprise application definition Settings ".

"Management of Enterprise Application definition Settings" refers to the configuration of backend applications integrated with SSO, such as ERP, OA, Mail, and other application systems.

Go to "manage settings defined by enterprise applications", for example:

Select new project, enter "application and contact information", and select "Account type. Take Sina mail as an example,

"Display name:" indicates the name of the backend application system, and "display name:" indicates the value obtained by GetCredentials. Select "personal" for the Account type, because the SSO account is mapped between the MOSS user and the backend application system. For other information, the default value is OK.

Configure "manage account information defined by enterprise applications", and select "enterprise application definition:" to enter

"User Account name ". Note: (if the account type is determined to be "group" in the corresponding "settings defined for managing enterprise applications", enter the group account .)

Select "update account information" and click OK.

On the "provide Netease 163 email account information" Page, enter the account and password of the 163 email account corresponding to the MOSS account, and click OK,

2. Write a program to complete single-point logon.

1. Get the connection string

First, go to the 163 logon email page, enter your username and password, open the HttpWatchPro software (which can be downloaded online), click the start record button → click the logon button of the 163 email address. After Successful Logon, stop the HttpWatchPro record. Copy the retrieved Http request string as follows: "http://reg.163.com/login.jsp? Url = & type = 1 & product = & savelogin = & outfoxer = & domains = & syscheckcode = & username = mossadmin@163.com & password = 111111 & Submit = ". The string contains two parameters: username and password, which are the user name and password entered when logging on to the mailbox.

2. Create a webpart logon program.

Open Microsoft Visual Studio 2005 and create an ASP. NET Web application named FirstSSO. Visual Studio 2005 Service Pack 1 (SP1) is installed ).

Delete the Default. aspx page.

Add a Web user control page in this project and name it MeSSO as follows:

Add a button to the MeSSO design attempt. The interface is as follows:

Source code:

<% @ Control Language = "C #" AutoEventWireup = "true" CodeFile = "MeSSO. ascx. cs" Inherits = "MeSSO" %>

<Asp: Button ID = "Btn163" runat = "server" Text = "Netease 163 email => enter" Width = "130px"/>

Double-click the button control to go to the source code compiling page. Add references to this project to Microsoft. SharePoint. dll, microsoft. sharepoint. portal. dll, and Microsoft. SharePoint. Portal. SingleSignon. dll.

The directory is in the C: \ Program Files \ Common Files \ Microsoft Shared \ web server extensions \ 12 \ ISAPI folder.

Add a reference to Microsoft. SharePoint, microsoft. sharepoint. portal, Microsoft. SharePoint. Portal. SingleSignon. The source code is as follows:

using System; using System.Data; using System.Configuration; using System.Collections; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using Microsoft.SharePoint; using Microsoft.SharePoint.Portal; using Microsoft.SharePoint.Portal.SingleSignon; namespace FirstSSO { public partial class MeSSO : System.Web.UI.UserControl {protected void Page_Load(object sender, EventArgs e){}protected override void OnInit(EventArgs e){base.OnInit(e);SSOCanaryChecker.AddCanary(Page);}protected void BtnGoogle_Click(object sender, EventArgs e){IntPtr pUserName = IntPtr.Zero;IntPtr pPassword = IntPtr.Zero;try{ISsoProvider isso = SsoProviderFactory.GetSsoProvider();SsoCredentials myCreds = isso.GetCredentials("GoogleMail");pUserName = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(myCreds.UserName);String userName = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pUserName);pPassword = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(myCreds.Password);String Password = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pPassword);String strHttpUrl ="http://reg.163.com/login.jsp?url=&type=1&product=&savelogin=&outfoxer=&domains=&syscheckcode=&username=" + userName + "@163.com&password=" + Password +"&Submit=";Response.Redirect(strHttpUrl)} catch (Exception exx) { Response.Write(exx.Message); Response.Write(exx.InnerException); } finally { if (IntPtr.Zero != pUserName) { System.Runtime.InteropServices.Marshal.ZeroFreeBSTR(pUserName); System.Runtime.InteropServices.Marshal.ZeroFreeBSTR(pPassword); } } }}}

 

3. Deploy the completed webpart to the sharepoint website.