I want to eliminate the Windows Authentication and FBA Authentication completely, and want to incorporate my own authentication process.
How'd i do that. I want to create a public facing website in sharepoint.
Any help or way points will be highly appreciated.
Thanx.
If you just need to use it for a public website you can allow anonymous access you don't have to add a custom authentication process.
But.. to enable a custom sql authentication provider take a look at these articles
http://www.sharepointchick.com/archive/2010/05/07/configuring-claims-and-forms-based-authentication-for-use-with-a.aspx
http://www.sunilyadav.net/2010/12/implement-multiple-authentication-providers-in-sharepoint-2010/
Another point for public SharePoint sites is licensing as you may need the Internet Site license for 2010.
http://sharepoint.microsoft.com/en-us/buy/pages/licensing-details.aspx
Related
We have built a portal in PHP(Laravel) + Angular for a client. User Authentication is done through LDAP.
Client also has a SAS solution for Analytics and it also has LDAP Authentication (SAS Viya).
We need to redirect the user from our portal to SAS portal and the user should get logged in automatically as both portals are authenticating the users through same LDAP.
We tried a few things, but it didn't help.
I am looking for some guidance on how to implement this and if there is any programming/configuration required on our side or on SAS side.
Hard to be specific without fully understanding your use case, but you could look to handle authentication to Viya using the SASjs Adapter (disclaimer - my team built it)
https://github.com/sasjs/adapter
Just set the LoginMechanism to REDIRECTED in the config object to support SSO or alternative login flows. If you need help, my team can be contact on https://sasapps.io/contact-us, else just raise an issue on the github.
We have an implementation on Angular that may help: https://github.com/sasjs/angular-seed-app
We have integrated a VIYA Visual Analytics report into a corporate web application, using the SDK (so not realy a redirect) with single sign on.
(I don't know all the details about how we did it. my roll was in the personalization of the report, where we went further than ordinary row level security.)
I am using Windows authentication on a website but want to have levels of access. Currently, I am using the [Authorize(Users = "userA")] syntax.
However, with upwards of twenty Windows accounts accessing a site, I don't want to have to hard-code in twenty users with each Authorize statement. What's more, some of the users need to have different access than others. I thought of having a list of users that a CustomAuthorizationAttribute iterates through to see if the desired user is among them.
Basically, I'm trying to get roles without using Forms authentication.
What is the most effective, most simple way of doing this?
Your answer lies within the ActiveDirectory domain. Since you are using MVC 3 you should have access to the following namespace "Directory Services Account Management":
http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.aspx
You can see this article for describing the whole process underneath, it provides sample code for you to use immediately out of the box:
http://msdn.microsoft.com/en-us/magazine/cc135979.aspx
Forwarning:
You will also have to establish an LDAP connection string. LDAP is a protocol used for retrieving that information from the secured windows database.
http://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx
To see the code being used in action:
http://www.willasrari.com/blog/query-active-directory-users-using-c/000133.aspx
I've done something similar to this in a .NET 3.5 environment using IIS 7.
One of the best articles I've ever read about Role-based Authorization is:
Role-Based Authorization With Forms Authentication (Part 2) By Darren Neimke and Scott Mitchell. They wrote it for ASP.NET 2.0, and no concept has been changed in version 4.0 (and 4.5 as far as I know).
To become a master in this field, read this MSDN and all of it chapters:
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
I need an application to run under Forms authentication, but automatically log someone in via their pass-through Windows credentials. So, essentially, I need both -- Forms authentication with no login screen, just pass-through from Windows.
Obviously, I can't run both methods. I had an idea of setting the app to Forms, with a login page that's protected by Windows, then detected their Windows username from there and then manually logging them into Forms behind-the-scenes.
How reasonable is this idea?
Much to my surprise there is no "automatic" support for this "mixed" authentication model in ASP.NET but there are several known work-arounds that you can implement to give you what you need.
Here is a good article that discusses the relevant factors and served as a "guide" for how I recently addressed this same requirement for an MVC 3 application I was writing:
http://www.codeguru.com/csharp/.net/net_security/authentication/article.php/c19559/ASPNET-Mixed-Mode-Authentication.htm
I did not follow this article to the letter as I had slightly different requirements around how I dealt with roles and session timeout management but this article was a great start! Pay close attention to thew configuration of the forms authentication keys in the machine.config and web.config files...
Good luck!
I have successfully configured FBA for my sharepoint application. So i want to create new user from sharepoint site so that they can login & see their profiles. I found webpart solutions from Here but i want to create by myself.
So how can i do this?
My another ouestion is once i create users then my users need to chane their password as well as what if they forget their password. So i need to create those webparts or application pages in visual studio.
So can anyone tell me how can i do all this stuff?
Thanks in advance.
Assuming that you are talking about SQL based FBA. Implementing these solutions is matter of calling appropriate API in SqlMembershipProvider class of System.Web.Security.
For ex, for change password, see this function:
http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.changepassword.aspx
Similarly, you would many functions in SqlRoleProvider class:
http://msdn.microsoft.com/en-us/library/system.web.security.sqlroleprovider.aspx
Our company has a web application that is only used internally by our employees. We also have Google Apps Premier Edition. We would like to make it so our employees can log into our private web application using the Google Apps account that they already have.
Requirements: We want to display our own login form. We don't want to pass the email/password in plain text through the internet.
Which authentication mechanism should we use to achieve this?
Note: our application is written in PHP using Zend Framework (if that matters).
I would look into some combination of OpenID and your domain users (i.e. only let those at domain.com can log in).
Google API
They also have libraries for PHP and other languages that you can leverage to make this happen.
EDIT:
Some more info
When it comes to integrate Google Apps and an internally used private system, we simply have two options.
Use Google as the authentication center. Modify the private system to authenticate at Google's server. We could use OpenID or AuthSub. Check http://code.google.com/apis/accounts/docs/OpenID.html and http://code.google.com/apis/accounts/docs/AuthSub.html for more information.
Use the private system as the authentication center. In this case, we have to implement SAML protocol in the private server and configure Google Apps's SSO settings. Check http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html for more information.
It is easier to accomplish SSO with the first method since there's already bunch of OpenID libraries out there. But, as you described in the requirements, you want to use your own login form. So I guess you have to go with the second method.
BTW, if your private system has to get or set information from Google, you may want to use OAuth for authorization. See http://code.google.com/apis/accounts/docs/OAuth.html for more information.
Use the ClientLogin API, it does exactly what you're after: allow you to verify username and password. (the link goes to provisioning API doco but that is not relevant here)
Pro's:
you get to use you own login form
Cons:
you don't get SSO with Google Apps, i.e. users already in Apps will be prompted to login again (you didn't mention that as a requirement, but it seems a reasonable thing to want)
Google won't like you (they're trying to discourage ProgrammaticLogin.
you will get occasional CAPTCHA tests you'll need to show your users.
OpenID specifically prevents you from displaying your own login page, so if that's a hard requirements, Programmatic Login is really your only choice.
Going the SSO route let's you do pretty much anything, but may be a bit of overkill to take on authentication for the whole domain to make one app authenticate in a nicer fashion? If you really want to go down this route, check out SimpleSAMLphp.