在 SharePoint 2010 中使用外部身份验证时出现的问题

发布于 2024-09-13 02:49:53 字数 575 浏览 3 评论 0原文

我们正在使用 Jasig 开发的“CAS”单点登录系统。并尝试针对 SharePoint 2010 网站对用户进行身份验证。主要问题是我们正在外部站点上验证用户的用户名和密码，该外部站点通过查询字符串将“票据”发送回我们的 SP2010 站点。然后，我们的应用程序会根据 CAS 系统重新验证该票证，以确保该票证有效。如果票证有效，我们就会说用户已通过身份验证。在 .NET 应用程序中，此时我需要做的就是调用此命令：

FormsAuthentication.RedirectFromLoginPage(username, false);

然后，我们的“用户名”用户经过身份验证，一切都运行良好。然而，在 SharePoint 中，这还不够。我只能让 SP 2010 来验证我的用户，如果在调用上一行之前，我调用：

SPClaimsUtility.AuthenticateFormsUser(Request.Url, username, password);

显然这是一个大问题，因为此时我没有他们的密码。我只有 CAS 服务器的票证。我需要一种方法来“强制”SharePoint 中的用户身份验证。

原文

We are using the “CAS” Single Sign-On system that was developed by Jasig. And trying to authenticate users against it for a SharePoint 2010 site. The main issue is that we are validating the user’s username and password on an external site that sends a “ticket” back to our SP2010 site via query string. Our app then revalidates this ticket against a CAS system to make sure the ticket is valid. If the ticket is valid, we go ahead and say the user is authenticated. In a .NET app, at this point all I need to do is call this:

FormsAuthentication.RedirectFromLoginPage(username, false);

Then, our “username” user is authenticated, and everything works just great. In SharePoint, however, this isn’t enough. I can only get SP 2010 to authenticate my user if before calling the previous line, I call:

SPClaimsUtility.AuthenticateFormsUser(Request.Url, username, password);

Obviously this is a huge problem, because at this point, I do not have their password. I only have a ticket from the CAS server. I need a way to “force” the authentication of a user in SharePoint.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

人心善变 2024-09-20 02:49:53

微软通过 SP2010 Beta 到 RTM 对自定义身份验证进行了一些巨大的更改，我们通过艰难的方式发现了这一点。无论如何，我们遇到了基本相同的挑战，使用票证作为身份验证手段，并且我们让它工作起来：

您的 customlogin.aspx 通常会包含类似

var ticket = SecurityProvider.GetTicketForCurrentUser(Session);
var credentials = SecurityProvider.ValidateTicket(ticket);
var username = credentials.Username;
var password = credentials.Password;
var securityToken = GetClaimsToken(username, password);
var fam = Context.ApplicationInstance.Modules["FederatedAuthentication"] as
                    SPFederationAuthenticationModule;
fam.SetPrincipalAndWriteSessionToken(securityToken);
SPUtility.Redirect(SPContext.Current.Site.Url, SPRedirectFlags.Trusted, Context);

包含 ValidateTicket 的 SecurityProvider

   public static UserCredentials ValidateTicket(string ticket)
    {
        UserCredentials creds = UserWSClient.GetUserCredentials(ticket);
        return creds;
    }

之类的内容。您最大的挑战可能是编写一个接收票证的 Web 服务，并且返回凭证而不是布尔值，说明票证是否有效。
祝你好运！

Microsoft did some huge changes to custom auth with SP2010 Beta to RTM as we found out the hard way. Anyway, we got basically the same challenge, using a ticket as the means of authentication, and we got it working:

Your customlogin.aspx will typically contain something like

var ticket = SecurityProvider.GetTicketForCurrentUser(Session);
var credentials = SecurityProvider.ValidateTicket(ticket);
var username = credentials.Username;
var password = credentials.Password;
var securityToken = GetClaimsToken(username, password);
var fam = Context.ApplicationInstance.Modules["FederatedAuthentication"] as
                    SPFederationAuthenticationModule;
fam.SetPrincipalAndWriteSessionToken(securityToken);
SPUtility.Redirect(SPContext.Current.Site.Url, SPRedirectFlags.Trusted, Context);

The SecurityProvider containing ValidateTicket

   public static UserCredentials ValidateTicket(string ticket)
    {
        UserCredentials creds = UserWSClient.GetUserCredentials(ticket);
        return creds;
    }

Your biggest challenge might be writing a webservice that recieves the ticket and returns the credentials instead of a boolean stating wether the ticket was valid or not.
Best of luck!

回复收藏 0 原文

~没有更多了~