Introduction

This CaseStudy will helps to implement singe-sign on between multiple asp.net web applications & share point web application based on form authentication.

This is been divided into two parts

  • Login Page Implementation
  • Web Applications

Login Page Implementation

  1. Open the Deployment Folder TechInvo.SSO
  1. Creating the Virtual Directory of the Web Application
    1. Go to Start -> Run -> Type inetmgr and Click Ok



    1. Expand the Web Sites where you will find in the Left Navigation.

    1. Right click on the Default Web Site , Go to New -> Virtual Directory

    1. You will get the Virtual Directory Creation Wizard. Click on Next button.

    1. Type the Alias Name as TechInvo.SSOWebApplication and Click on Next button

  

    1. Now you have to give the Path of the Application Existing. Use Browse Button to go to the Deployment Folder and in that upto TechInvo.SSO\TechInvo.SSOWebApplication\

    1. Now Check all the boxes and Click on Next

    1. You will prompted by a Popup say Yes.
    1. Now you will get the Successfully Completed Wizard as below, say Finish.
    1. Now you will observe the Application in the IIS Manager
  1. Open the Web.Config file of this Application
    1. Logging  Configuration Section

      Add the below one in the Config Sections Tag
      <section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

    1. Logging Application Block

      Add the below lines immediate after the Config Sections tag end
      <loggingConfiguration name="Logging Application Block" tracingEnabled="false" defaultCategory="General" logWarningsWhenNoCategoriesMatch="false">
          <listeners>
              <add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="SSP" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener" />
              <add fileName="c:\Test\rolling.log" footer="----------------------------------------" formatter="Text Formatter" header="----------------------------------------" rollFileExistsBehavior="Overwrite" rollInterval="None" rollSizeKB="500" timeStampPattern="yyyy-MM-dd" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Rolling Flat File Trace Listener" />
          </listeners>
          <formatters>
              <add template="Timestamp: {timestamp} Message: {message} Category: {category} Priority: {priority} EventId: {eventid} Severity: {severity} Title:{title} Machine: {machine} Application Domain: {appDomain} Process Id: {processId} Process Name: {processName} Win32 Thread Id: {win32ThreadId} Thread Name: {threadName} Extended Properties: {dictionary({key} - {value} )}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter" />
          </formatters>
          <categorySources>
              <add switchValue="All" name="SSOApp">
                  <listeners>
                      <add name="Rolling Flat File Trace Listener" />
                  </listeners>
              </add>
              <add switchValue="All" name="General">
                  <listeners>
                      <add name="Formatted EventLog TraceListener" />
                  </listeners>
              </add>
          </categorySources>
          <specialSources>
              <allEvents switchValue="All" name="All Events" />
              <notProcessed switchValue="All" name="Unprocessed Category" />
              <errors switchValue="All" name="Logging Errors & Warnings">
                  <listeners>
                      <add name="Formatted EventLog TraceListener" />
                  </listeners>
              </errors>
          </specialSources>
      </loggingConfiguration>
       
    1. appSettings Tag

      Find the appSettings tag in the file and add the below lines in the appSettings Tag
      <add key="DefaultURL" value="http://srvssp.com/TechInvo/Home/Home.aspx" />
      <add key="ADAttribute" value="wwwHomePage" />

                Change the DefaultURL value accordingly to the Environment

    1. connectionStrings Tag

      Find the “connectionStrings” tag and add the below lines in the “connectionStrings”. 

      If the Users are in the Separate Organizational Unit, add as below

      <add name="LocalSqlServer" connectionString="LDAP://srvssp.com/OU=TechInvoUsers,DC=srvssp,DC=com" />

      If the Users are in the Users Folder, add as below

      <add name="LocalSqlServer" connectionString="LDAP://srvssp.com/CN=Users,DC=srvssp,DC=com" />


      srvssp.com
      is the domain name of the machine, LocalSqlServer is the name of the connection string that should be maintained acroos different tags in web.config like membership provider & role manager. Do the same for all the web applications.
    2. Authentication Tag

      Find the “authentication” tag and replace that tag with below lines

      <authentication mode="Forms">
          <forms loginUrl="Login/Login.aspx" protection="All" timeout="1000" domain="srvssp.com" name=".ADAuthCookie" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" />
      </authentication>
    3. Authorization Tag

      Find the “authorization” tag and replace that tag with below lines

      <authorization>
          <deny users="?" />
      </authorization>
                   
    1. Machine Key Tag

      Add the machineKey tag, after the end of “httpModules” tag and before the end of “System.web” tag. [Take from SharePoint Web Application, where we are going to integrate with SSO]

      <machineKey validationKey="508B6F34BD558AD4013FD2A88A7E5D73FF858EAC859E82D1" decryptionKey="A81DBE9EF757D2AD9DAE8D6678B25CF06B065C99D352D592" validation="SHA1" />
          
    1. Membership Tag

      Add the “membership” tag after the “machinekey” tag

      <membership defaultProvider="MyADMembershipProvider">
          <providers>
              <clear />
              <add applicationName="/TechInvo.SSOWebApplication" connectionStringName="LocalSqlServer" connectionUsername="srvssp\Administrator" connectionPassword="Admin123" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
          </providers>
      </membership>


      Change the Application Name, ConnectionUsername and ConnectionPassword accordingly to the Environment roleManager Tag Add the “roleManager” tag below the “membership” tag

      <roleManager enabled="true" defaultProvider="ActiveDirRP">
          <providers>
              <clear />
              <add applicationName="/TechInvo.SSOWebApplication" name="ActiveDirRP" type="TechInvo.Roles.ADRoleProvider" activeDirectoryConnectionString="LocalSqlServer" groupMode="Additive" groupsToUse="" />
          </providers>
      </roleManager>

    

Web Applications

Here we have the two sub parts as ASP.NET Web Applications and SharePoint Web Application

ASP.NET Web Application Implementation

  1. Open the Respective ASP.NET Application
  2. Open the Web.Config file of this Application
    1. Logging Section Tag

      Add the below one in the Config Sections Tag

      <section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
          
    1. Logging Application Block

      Add the below lines immediate after the Config Sections tag end

      <loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true">
          <listeners>
              <add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener" />
              <add fileName="c:\TechInvoLog\TechInvo.log" footer="----------------------------------------" formatter="Text Formatter" header="----------------------------------------" rollFileExistsBehavior="Overwrite" rollInterval="None" rollSizeKB="500" timeStampPattern="yyyy-MM-dd" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Rolling Flat File Trace Listener" />
          </listeners>
          <formatters>
              <add template="Timestamp: {timestamp} Message: {message} Category: {category} Priority: {priority} EventId: {eventid} Severity: {severity} Title:{title} Machine: {machine} Application Domain: {appDomain} Process Id: {processId} Process Name: {processName} Win32 Thread Id: {win32ThreadId} Thread Name: {threadName} Extended Properties: {dictionary({key} - {value} )}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter" />
          </formatters>
          <categorySources>
              <add switchValue="All" name="TechInvo">
                  <listeners>
                      <add name="Rolling Flat File Trace Listener" />
                  </listeners>
              </add>
              <add switchValue="All" name="General">
                  <listeners>
                      <add name="Formatted EventLog TraceListener" />
                  </listeners>
              </add>
          </categorySources>
          <specialSources>
              <allEvents switchValue="All" name="All Events" />
              <notProcessed switchValue="All" name="Unprocessed Category" />
              <errors switchValue="All" name="Logging Errors & Warnings">
                  <listeners>
                      <add name="Formatted EventLog TraceListener" />
                  </listeners>
              </errors>
          </specialSources>
      </loggingConfiguration>
       
    1. appSettings Tag

      Find the appSettings tag in the file and add the below lines in the appSettings Tag

      <appSettings>
          <add key="AccessDeniedPage" value="http://srvssp.com/TechInvo.SSOWebApplication/AccessDenied.aspx" />
          <add key="GroupName" value="TechInvo" />
      </appSettings>
                                       

Change the GroupName as the value accordingly to the Active Directory Role Name

    1. connectionString Tag

      Find the “connectionStrings” tag and add the below lines in the “connectionStrings”

      If the Users are in the Separate Organizational Unit, add as below

      <add name="LocalSqlServer" connectionString="LDAP://srvssp.com/OU=TechInvoUsers,DC=srvssp,DC=com" />

      If the Users are in the Users Folder, add as below

      <add name="LocalSqlServer" connectionString="LDAP://srvssp.com/CN=Users,DC=srvssp,DC=com" />

      srvssp.com
      is the domain name of the machine, LocalSqlServer is the name of the connection string that should be maintained acroos different tags in web.config like membership provider & role manager. Do the same for all the web applications.
    1. authentication Tag

      Find the “authentication” tag and replace that tag with below lines

      <authentication mode="Forms">
          <forms loginUrl="http://srvssp.com/TechInvo.SSOWebApplication/Login/Login.aspx" protection="All" timeout="1000" domain="srvssp.com" name=".ADAuthCookie" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="~/Home/Home.aspx" />
      </authentication>


    2. authorization Tag

      Find the “authorization” tag and replace that tag with below lines

      <authorization>
          <deny users="?" />
      </authorization>
                   
    1. machineKey Tag

      Add the machineKey tag, after the end of “httpModules” tag and before the end of “System.web” tag. [Take from SSO Web Application, where we are going to integrate]

      <machineKey validationKey="508B6F34BD558AD4013FD2A88A7E5D73FF858EAC859E82D1" decryptionKey="A81DBE9EF757D2AD9DAE8D6678B25CF06B065C99D352D592" validation="SHA1" />
          
    1. membership Tag

      Add the “membership” tag after the “machinekey” tag

      <membership defaultProvider="MyADMembershipProvider">
          <providers>
              <clear />
              <add applicationName="/TechInvo" connectionStringName="LocalSqlServer" connectionUsername="srvssp\Administrator" connectionPassword="Admin123" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
          </providers>
      </membership>
          

Change the Application Name, ConnectionUsername and ConnectionPassword accordingly to the Environment

    1. roleManager Tag

      Add the “roleManager” tag below the “membership” tag

      <roleManager enabled="true" defaultProvider="ActiveDirRP">
          <providers>
              <clear />
              <add applicationName="/TechInvo" name="ActiveDirRP" type="TechInvo.Roles.ADRoleProvider" activeDirectoryConnectionString="LocalSqlServer" groupMode="Additive" groupsToUse="TechInvo" />
          </providers>
      </roleManager>
        

Change the groupsToUse value accordingly to the application using.

Logout Functionality

The below will explains the Log Out functionality implemented in Forms Authentication.

Logout Implementation

  1. Open the respective .aspx Page and add the ASP Button as follows

    <asp:Button runat="server" ID="btnLogOut" Text="Log Out" onclick="btnLogOut_Click"></asp:Button>

  2. Open the Code behind Page .aspx.cs file and add the below lines

    protected void btnLogOut_Click(object sender, EventArgs e)
    {
        FormsAuthentication.SignOut();
        FormsAuthentication.RedirectToLoginPage();
    }

    The
    RedirectToLoginPage redirect the user to the page that is given in LoginURL of the Forms tag in web.config.

Role Check

The following steps explain the Role Check functionality implemented in Forms Authentication.

  1. Add Reference ADRoleProvider.dll

    Get the ADRoleProvider.dll from the TechInvo.Roles/bin/debug folder

  2. Add Global.asax to the Web Application
  3. Add the below Code to Global.asax.cs

    protected void Application_AuthorizeRequest(object sender, EventArgs e)
    {
        string UserName = System.Threading.Thread.CurrentPrincipal.Identity.Name;
        if (!String.IsNullOrEmpty(UserName))
        {
            UserName = UserName.Split('@')[0];
            bool test = Roles.IsUserInRole(UserName, ConfigurationManager.AppSettings["GroupName"]);
            if (!test)
            {
                Response.Redirect(ConfigurationManager.AppSettings["AccessDeniedPage"]);
            }
        }
    }

SharePoint Web Application IMPLEMENTATION

  1. Open the SharePoint Web Application

    Find the respective application in C:\Inetpub\wwwroot\wss\VirtualDirectories\[Port Number/Name]
  1. Open the Web.Config file of this Application
    1. Logging Section Tag

      Add the below one in the Config Sections Tag

      <section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />


      For reference
    1. Logging Application Block Tag

      Add the below lines immediate after the Config Sections tag end

      <loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true">
          <listeners>
              <add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener" />
              <add fileName="c:\WebPart\TechInvoSystems.log" footer="----------------------------------------" formatter="Text Formatter" header="----------------------------------------" rollFileExistsBehavior="Overwrite" rollInterval="None" rollSizeKB="500" timeStampPattern="yyyy-MM-dd" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Rolling Flat File Trace Listener" />
          </listeners>
          <formatters>
              <add template="Timestamp: {timestamp} Message: {message} Category: {category} Priority: {priority} EventId: {eventid} Severity: {severity} Title:{title} Machine: {machine} Application Domain: {appDomain} Process Id: {processId} Process Name: {processName} Win32 Thread Id: {win32ThreadId} Thread Name: {threadName} Extended Properties: {dictionary({key} - {value} )}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter" />
          </formatters>
          <categorySources>
              <add switchValue="All" name="TechInvo">
                  <listeners>
                      <add name="Rolling Flat File Trace Listener" />
                  </listeners>
              </add>
              <add switchValue="All" name="General">
                  <listeners>
                      <add name="Formatted EventLog TraceListener" />
                  </listeners>
              </add>
          </categorySources>
          <specialSources>
              <allEvents switchValue="All" name="All Events" />
              <notProcessed switchValue="All" name="Unprocessed Category" />
              <errors switchValue="All" name="Logging Errors & Warnings">
                  <listeners>
                      <add name="Formatted EventLog TraceListener" />
                  </listeners>
              </errors>
          </specialSources>
      </loggingConfiguration>
       
    1. appSettings Tag

      Find the appSettings tag in the file and add the below lines in the appSettings Tag

      <appSettings>
          <add key="AccessDeniedPage" value="http://srvssp.com/TechInvo.SSOWebApplication/AccessDenied.aspx" />
          <add key="GroupName" value="TechInvo,PricingTool,OMSApp" />
      </appSettings>
                                       

                Change the GroupName as the value accordingly to the Active Directory Role Name

    1. connection Strings Tag

      Find the “connectionStrings” tag and add the below lines in the “connectionStrings”

      If the Users are in the Separate Organizational Unit, add as below

      <add name="LocalSqlServer" connectionString="LDAP://srvssp.com/OU=TechInvoUsers,DC=srvssp,DC=com" />

      If the Users are in the Users Folder, add as below

      <add name="LocalSqlServer" connectionString="LDAP://srvssp.com/CN=Users,DC=srvssp,DC=com" />

      srvssp.com
      is the domain name of the machine, LocalSqlServer is the name of the connection string that should be maintained acroos different tags in web.config like membership provider & role manager. Do the same for all the web applications.
    1. authentication Tag

      Find the “authentication” tag and replace that tag with below lines

      <authentication mode="Forms">
          <forms loginUrl="http://srvssp.com/TechInvo.SSOWebApplication/Login/Login.aspx" protection="All" timeout="1000" domain="srvssp.com" name=".ADAuthCookie" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="http://ssp:22267/default.aspx " />
      </authentication>
         
    1. authorization Tag

      Find the “authorization” tag and replace that tag with below lines

      <authorization>
          <deny users="?" />
      </authorization>
                
    1. membership Tag

      Add the “membership” tag after the “machinekey” tag

      <membership defaultProvider="MyADMembershipProvider">
          <providers>
              <clear />
              <add applicationName="/" connectionStringName="LocalSqlServer" connectionUsername="srvssp\Administrator" connectionPassword="Admin123" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
          </providers>
      </membership>
         

Change the Application Name, ConnectionUsername and ConnectionPassword accordingly to the Environment

    1. roleManager Tag

      Add the “roleManager” tag below the “membership” tag

      <roleManager enabled="true" defaultProvider="ActiveDirRP">
          <providers>
              <add name="DemoRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider,System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
              <add applicationName="/" name="ActiveDirRP" type="TechInvo.Roles.ADRoleProvider, ADRoleProvider" activeDirectoryConnectionString="LocalSqlServer" groupMode="Additive" groupsToUse="TechInvo,OMSApp,PricingTool" />
          </providers>
      </roleManager>

            

Change the groupsToUse value accordingly to the Active Directory.

Encrypting the Membership and Rolemanager Tags

Configuration files such as the web.config file are often used to hold sensitive information, including user names, passwords, database connection strings, and encryption keys. If we do not protect this information, our application is vulnerable to attackers or malicious users obtaining sensitive information such as account user names and passwords, database names and server names.

Encrypting and decrypting data incurs performance overhead. To keep this overhead to a minimum, encrypt only the sections of your configuration file that store sensitive data.`

 The Aspnet_regiis.exe utility tool is located in the following directory:

%WinDir%\Microsoft.NET\Framework\<versionNumber>

  • The -pe switch specifies the configuration section to encrypt.
  • The -pef switch specifies the configuration section to encrypt and allows you to supply the physical directory path for your configuration file.
  • The -app switch specifies your Web application's virtual path. If it is a nested application, you need to specify the nested path from the root directory; for example, "/test/aspnet/MachineDPAPI".
  • The -prov switch specifies the provider name.

If the command is successful, you will see the following output:

Encrypting configuration section...

Succeeded!

 

Note   The DPAPI machine key is stored at the following location:

%windir%\system32\Microsoft\Protect\S-1-5-18

1.       Use the aspnet_regiis tool for Encrypting the Membership and Rolemanager tags.

To find aspnet_regiis navigate to the following folder C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727, here you will find the aspnet_regiis.exe tool.

  1. Open the Command Prompt and go to the above folder by typing the below command line.

cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

  1. Now type the below command

aspnet_regiis –pef “system.web/membership” “Web.config file path”

For Eg:- aspnet_regiis –pef “system.web/membership” “C:\Deliverable_25_03_2010\TechInvo.SSO\TechInvo.SSOWebApplication”

Change the Folder name to locate exactly the web.config file

Follow the same procedure for all the other Asp.Net Web applications and SharePoint Web Application where changing the Folder Path respective to the environment.

  1. For Encrypting the roleManager tag

Use the same tool and type as below

aspnet_regiis –pef “system.web/roleManager” “Web.config file path”

For Eg:- aspnet_regiis –pef “system.web/roleManager” “C:\Deliverable_25_03_2010\TechInvo.SSO\TechInvo.SSOWebApplication”

Change the Folder name to locate exactly the web.config file

Follow the same procedure for all the other Asp.Net Web applications and SharePoint Web Application where changing the Folder Path respective to the environment.

If need for Decrypting the Tags Please do as below

Use the same aspnet_regiis tool and change the –pef to –pdf and the respective tag needed according to the requirement.

aspnet_regiis –pdf “system.web/roleManager” “Web.config file path”

For Eg:- aspnet_regiis –pdf “system.web/roleManager” “C:\Deliverable_25_03_2010\TechInvo.SSO\TechInvo.SSOWebApplication”

Follow the same procedure for all the other Asp.Net Web applications and SharePoint Web Application where changing the Folder Path respective to the environment.

Troubleshooting Points

  1. Scenario:-

Not able to login with credentials created using ASP.NET application. [SQL membership Provider]

Event Type:        Information

Event Source:    ASP.NET 2.0.50727.0

Event Category:                Web Event

Event ID:              1315

Date:                     2/25/2010

Time:                     6:36:45 PM

User:                     N/A

Computer:          SSP

Description:

Event code: 4006

Event message: Membership credential verification failed.

Event time: 2/25/2010 6:36:45 PM

Event time (UTC): 2/25/2010 1:06:45 PM

Event ID: 49ac92e0e53d4803a5e6ce7ae7c67e39

Event sequence: 9

Event occurrence: 4

Event detail code: 0

 

Application information:

    Application domain: /LM/W3SVC/1657492262/Root-1-129115762208906250

    Trust level: WSS_Minimal

    Application Virtual Path: /

    Application Path: C:\Inetpub\wwwroot\wss\VirtualDirectories\3377\

    Machine name: SSP

 

Process information:

    Process ID: 4084

    Process name: w3wp.exe

    Account name: NT AUTHORITY\NETWORK SERVICE

 

Request information:

    Request URL: http://ssp:3377/_layouts/login.aspx?ReturnUrl=/

    Request path: /_layouts/login.aspx

    User host address: 192.168.2.17

    User: 

    Is authenticated: False

    Authentication Type: 

    Thread account name: SRVSSP\IUSR_SSP

 

Name to authenticate: mossuser1

 

Custom event details:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Error:-

  • Might be the connection string in the Membership tag is different from the Connection string tag which have the details of Active Directory
  • Might be different names of the providers in web.config and in Authentication providers of Central Administration
  • If we are using LDAP
    • Might the mail id is not configured with domain name.

Action:-

  • Has to maintain the same key name for connection string across the web.config file
  • Has to maintain the same name of the Provider Names in all the areas.
  • If we are using LDAP,
    • Open the User Profile in Active Directory, configure the mail to domain name for eg. mossadmin1@srvssp.com
    • Use the domain name in the web.config as domainname.com.
    • Give application name as /applicationname.
    • In membership provider tag the definition & name should be the same as the name in active directory.
  1. Scenario:-

Wrong Credentials. Please retype the UserName and Password

Event Type:        Failure Audit

Event Source:    MSSQLSERVER

Event Category:                (4)

Event ID:              18456

Date:                     2/24/2010

Time:                     4:43:31 PM

User:                     NT AUTHORITY\NETWORK SERVICE

Computer:          SSP

Description:

Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. [CLIENT: <local machine>]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Error:-

  • Might be the password incorrect

Action:- Has to give the passowrd correctly.

  1. Scenario:- Appending the URL extracted from Active Directory to the exisiting URL, means http://srvssp.com/TechInvo/www.google.com

Error:- In the HomePage Attribute of the Active Directory might be given as www.google.com

Action:- The HomePage Attribute should has to give as http://www.google.com

  1. Scenario:-

ASP.NET site with link to a SharePoint site, Both SharePoint and the ASP.NET application are running in the same domain. When a user starts ASP.NET application, they are presented with a logon dialog (windows authentication).  When they click the link to the SharePoint, they are presented with the same dialog again.

Error:- :

  • May be the Machine Key tag is different in applications
  • Connection String may be different

Action:-

  • Has to maintain the same Machine Key, taken from forms authentication sharepoint site
  • Has to keep same name of Connection String
  1. Scenario:- ASP.NET application and SharePoint site cannot share their credentials directly.

Error:- As you have enabled the Integrated Windows Authentication (IWA), I suggest you to check your IE configurations to enable automatically logon:

 

Action:-

  • Disable or uninstall Internet Explorer Enhanced Security.
  • Add the SharePoint site to your Intranet zone in IE.
  • Check automatically logon only in Intranet Zone or automatically logon with current user name and password in Internet properties > Security > Local Intranet > Security Setting.