AD FS 2.0: Auto-Populate the Username Field of the Forms Sign-in Page When Signing in to Office 365

AD FS 2.0: Auto-Populate the Username Field of the Forms Sign-in Page When Signing in to Office 365

When signing in to Office 365 and the "Keep me signed in" checkbox has not previously been checked, an external federated user must type the username two times: Once on the Office 365 sign-in page, and again on the forms-based sign-in page of the AD FS 2.0 Proxy server.

Federated users may also experience this behavior if the internal Federation Servers are configured to perform forms-based authentication. To check which authentication method your Federation Server or Federation Server Proxy is using, see the following article:
AD FS 2.0: How to Change the Local Authentication Type


Overview

The purpose of this article is to detail changes required in order to have the username sent from the Office 365 sign-in page to the AD FS 2.0 forms-based sign-in page, which allows the federated user to type the username just one time.

We will modify the global.asax.cs file which will cause AD FS 2.0 to look for the username value in the incoming request from Office 365, and use the value to set a cookie to the client. We will also make changes to the FormsSignIn.aspx.cs file which will cause AD FS 2.0 to look for the cookie set by global.asax.cs, and use that value to populate the username field on the forms page of AD FS 2.0.

The files we will be modifying are located in the inetpub\adfs\ls directory. Inetpub, by default, is located at C:\inetpub.


This sample solution includes a code sample, and this sample is being provided AS-IS with no warranties and confers no rights. For more information please visit http://www.microsoft.com/info/cpyright.mspx to find terms of use.


Modify global.asax.cs

1. Open global.asax.cs for editing
2. Find the following and set your cursor to the next line down:

     public void Application_BeginRequest()
        {

3. Paste the following code:

    HttpRequest request = HttpContext.Current.Request;
    HttpResponse response = HttpContext.Current.Response;

     if ( !String.IsNullOrEmpty( request.Params["username"] )  )
         {
            HttpCookie cookie = new HttpCookie( "Office365Username", request.Params["username"] );
             cookie.Expires = DateTime.UtcNow.AddMinutes( 10 );
             Response.Cookies.Add( cookie );
         }

4. Save and Close global.asax.cs


Modify FormsSignIn.aspx.cs

1. Open FormsSignIn.aspx.cs for editing
2. Find the following and set your cursor to the next line down:

    using System;

3. Paste the following code:

    using System.Web;

4. Find the following and set your cursor to the next line down:

    protected void Page_Load( object sender, EventArgs e )
        {

5. Paste the following code:

    HttpCookie cookie = Context.Request.Cookies.Get( "Office365Username" );

     if ( null != cookie && !String.IsNullOrEmpty( cookie.Value ) )
         {
             UsernameTextBox.Text = cookie.Value;
             cookie.Expires = DateTime.UtcNow.AddDays( -1 );
             cookie.Value = "";
            Context.Response.Cookies.Add( cookie );
         }

6. Save and Close FormsSignIn.aspx.cs


Test

1. Launch Internet Explorer and browse to https://portal.microsoftonline.com
2. Type the username and tab to the password field to cause the UPN suffix detection to trigger
3. Select the link which takes you to sign in at your AD FS 2.0 Federation Service
4. Observe the forms-based sign-in page presented to you. You should find that the username field is populated with the value used on the Office 365 sign-in page.

 

Sort by: Published Date | Most Recent | Most Useful
Comments
  • Great article. I will use that right now :)

  • I tried this and could not get it to work.