Click here to Skip to main content
Click here to Skip to main content

Single Sign On for Intranet Environment

, 23 May 2014 CPOL
Rate this:
Please Sign up or sign in to vote.
Creating a Single Sign On for Intranet Environment through .NET web application

Introduction

The article provides a means to achieve Single Sign On capability in an intranet environment. It does so with the help of a .NET web application. This SSO facility can be extended to .NET/Java/PHP web applications

Background

In my organization, I was assigned the task of implementing SSO feature for all the web applications. The applications are not necessarily hosted under the intranet domain. The programming language varies from .NET to Java to PHP and the server varies from IIS to Tomcat to IBM WebSphere. My organization is a Windows driven one where all users use Windows XP / 7 / 8 operating system. I found out that achieving SSO capability in a .NET application is quite simple.

    WindowsPrincipal wp = new WindowsPrincipal(WindowsIdentity.GetCurrent());
    string username = wp.Identity.Name;

Will provide the logged in username, provided

  1. the user is logged into the domain.
  2. the user is using IE, Chrome.

If either of these conditions is unsatisfied, a pop up window will appear which asks the user to login with domain credentials. So .NET was done.

Now for Java applications, Google told me to use SPENGO/JOSSO. But I found it very difficult to implement. And I had no idea how to use PHP applications.

So I thought, "Why not extend the capabilities .NET single sign on to other programming languages via the use of HTTP query string?"

There are three parts in the .NET application :

  1. Code to get the logged in username
  2. Code that accepts a querystring which contains the URL of the web application that has called this SSO .net application
  3. Code that redirects to the URL which we get in the querystring

Using the Code

The First thing to do is to create a .net web application which gets the logged in username.

       WindowsPrincipal wp = new WindowsPrincipal(WindowsIdentity.GetCurrent());
       string username = wp.Identity.Name;

This gives the username as "domainname\\username". Extract the username

       string[] extractName = username.Split('\\');
       username = extractName[1];

Second part is to accept a HTTP query string

       string url = Request.QueryString["url"];

Third part is to call this url and pass the user name via HTTP query string

       Response.Redirect(url + "?username=" + username);

An example:

The user clicks on URL : http://xxx.xxx.xx.xxx/SSO/GetUserName.aspx?url=http://xxx.xxx.xx.xxx/TestSite/Login.aspx

http://xxx.xxx.xx.xxx/SSO/GetUserName.aspx is the .NET SSO provider URL
http://xxx.xxx.xx.xxx/TestSite/Login.aspx is the URL that the user actually wants to access.
http://xxx.xxx.xx.xxx/SSO/GetUserName.aspx gets the logged in username and redirects the user to http://xxx.xxx.xx.xxx/TestSite/Login.aspx?username=loggeduser
http://xxx.xxx.xx.xxx/TestSite/Login.aspx must have a code to process HTTP query string "username" and redirect the user to next valid page.

The server where this .NET SSO application is hosted should be connected to domain. Keep in mind the following points in setting up IIS as well:

  1. Anonymous Authentication must be disabled
  2. ASP.NET impersonation and Windows Authentication must be enabled

Points of Interest

If you want secure the username while passing from a .NET SSO application you may encrypt it. And call a decryption function in the client web application to get the original username.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Working with a leading Indian bank as Manager(IT).

Comments and Discussions

 
-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.150326.1 | Last Updated 23 May 2014
Article Copyright 2014 by Libesh K Babu
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid