The .NET Toolkit for Single Sign On version 1.0 Beta is now available. This will provide .NET Web Applications with the ability to be authenticated against the User Service.

Overview

Currently it supports the following two forms of Authentication:

1. Active: If this is chosen then the user will be presented with a Login page.
2. Passive: If this is chosen then the user is authenticated without presenting a login page. For this to work the user must already have a cookie with a valid authentication id.

Pre-Requisites

Requires the .NET Framework verion 2.0 or later.

Installation

The required .NET assemblies are available at:

svn://<repository>/SecuritySolution/SharedLibs/

Retrieve these assemblies and reference them in your ASP.NET Web Application project.

Retrieve the configuration file from svn at /SecuritySolution/ClientWebApp/web.config This is a sample config file that can be used to add configuration settings to your web application's web.config file. Make a copy of the file and modify it as listed below to setup your application.

For the <provisionClient> element set the following.

• Set the endpointUri to the URL where the provision service is located. Contact the Apps Team to get a valid URL for the provision service.
• Set the serviceName attribute to the name of your web application.
• Set the instanceValue attribute to the instance of your application.

For the <userClient> element set the authenticationType attribute to "Active" or "Passive" depending upon the type of authentication required.

IIS Setup

If IIS is being used for hosting your web application then the following steps need to be performed to set it up correctly.

• IIS 5.1
  • Use the IIS MMC to select the Web Site or Virtual Directory for your web application. Right  Click on it and select Properties.
  • In the Virtual Directory tab, click on the Configuration button. From the Mappings tab click on Add. In the Add/Edit Application Extension Mapping Dialog perform the following.
  • For the Executable select the aspnet_isapi.dll whose default location is C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
  • For the Extension keyin .acs
  • Uncheck the "check that file exists" check box.
  • The OK button on the dialog button should now be enabled but it is usually not. This is a known bug in IIS and to overcome this just click in the Executable text box. This will enable the OK button. Click on  OK.
  • Click OK on all the previous dialog boxes to save your settings.
• IIS 6.0 and later versions
  • Should work with the same configuration as that for IIS 5.1 but needs to be tested. (May also be able to apply Wildcard URL mapping to get the same effect)

Usage

Once the above has been performed and Active authentication has been set in the web.config file then the user will be presented with a login page. After keying in the credentials at this login page the user will be authenticated and logged on/off appropriately.

Source Code

The source code for the project is available at:

svn://<respository>/SecuritySolution/Security

This project can be retrieved and compiled using Microsoft Visual Studio 2008. This will generate the nGenera.Security.dll assembly. The log4net.dll assembly and the ICSharpCode.SharpZipLib.dll assembly are also provided.

Background

The Single Sign On capability has been implemented as a .NET HttpModule implementing the IHttpModule interface.

A detailed explanation of Http Modules can be found here.

Basically whenever an Http request is made it passes through the Http Pipeline. The pipeline consists of various stages where each stage intercepts the request and processes it accordingly. A number of these stages are Http Modules which are provided with ASP.NET and they perform different tasks on the incoming requests. At the final end of all these stages is what is called an Http Handler and each request can pass through only one Http Handler. The Http Handler is determined by the extension of the file being requested (i.e. if its a .aspx file then the aspx Http Handler will be used to process this request)

Future Updates

• Single Log Out (SLO)
• Clients for other Platform Services
• Provide Base Classes for creating RESTful Services and Clients that are WCF compliant.