Introduction to SINGLE SING-ON
Microsoft has launched Office System, where SharePoint Portal Server 2003 (SPS2003) can be used to quickly establish a portal,
You can easily find the information you need, collaborate, and you can provide a portal for users on the Internet.
If the user's client and the SPS2003 server, and some other servers (such as Exchange Server) in the same domain, then through the SPS2003 website,
His information is a light and easy thing, but in many times, it may encounter the following questions:
1. The client does not join the domain, or the client is connected to the company network through the virtual private network (VPN). At this point, you need to enter user information when all servers are accessed.
2. Users will use some third-party products to join these servers into the domain. At this time, even if you log in to the SPS2003 website, when you visit other servers, or
A window that requires user information will appear.
It is based on the above needs. In SPS2003, there is a new feature-Single Sign ON (hereinafter referred to as SSO). The basic idea of SSO is:
Create a encrypted database, store the user's authentication information, in this database. When you successfully verify the user identity of the login SPS2003 website, you can
In the encrypted database, the user's information is obtained, so that other servers or some third-party servers are used.
Below, let's take a look at how to use SSO to reach the SPS2003 website when you use SSO to reach the SPS2003 website.
The resources in the domain are.
How to configure Single Sign-on
Enable Single Sign-on
Perform the following on any server that runs the Single Sign-ON service at the front-end web server, job server, and running the Single Sign-ON service:
1. On the taskbar, click Start, point to Administrative Tools, and then click Services.
2. On the Service Management Console, double-click "Microsoft Single Sign-On Service".
3. Click the Login tab.
4. Under "Login Account", click This Account.
5. In the "This Account" box, type an account name, which should be a member of the local Administrators group, or members of the STS_WPG and SPS_WPG local groups.
6. In the Password and Confirm Password box, type a password.
7. Click Apply.
8. Click the General tab.
9. In the Start Type list, click Auto.
10. In the Service Status section, if the service status is not displayed, click Start.
11. Click OK.
Specify settings for Single Sign-ON and application definitions
1. Click Start, point to "All Programs", point to "SharePoint Portal Server", click "SharePoint Portal Single Sign-ON Management".
2. In the Server Settings section on the Single Sign-On Settings page of "Manage Server_Name, click Manage Server Settings".
3. In the "Single Sign-ON Settings" section on the "Manage Single Sign-ON server setting" page, in the Account Name box, type can set and manage
Single Sign-ON Administrator account for Single Sign-On Service. This account can be a group account or a single user account. It can't be a list of local domain working groups or distribution groups.
The format of this account is "domain / user group name" or "domain / user name".
4. In the Account Name box in Enterprise Application Definition Settings, type an enterprise application administrator account that can set and manage applications.
This account can be a group account or a single user account. It can't be a list of local domain working groups or distribution groups.
The format of this account is "domain / user group name" or "domain / user name".
5. In the Database Settings section, do the following:
1) In the Server Name box, type the name of the database server to store the SIGN-ON settings and account information.
2) In the Database Name box, type the name of the Single Sign-ON database.
6. In the Timeout Settings section, do the following:
1) In the "Timeout (minute) box, type the number of minutes before type ticket or access to the token timeout.
2) In "Deleting the Audit Logging (Day)" box earlier than this time, type the number of days to save before the Removal log.
Note After the specified number of days, the audit log will be overwritten. Because the log contains all illegal operations or login tries, it is recommended that you save the backup copy of these logs.
These logs have been left in the Single Sign-ON database and automatically back up when the database is backed up.
7. Click OK.
8. If a message box appears, the declaration has been reconfigured SILE SIGN-ON, click OK.
Create an encryption key
1. Click Start, point to "All Programs", point to "SharePoint Portal Server", click "SharePoint Portal Single Sign-ON Management".
2. In the Server Settings section on the "Single Single Single Single Sign-ON Settings" page, click Manage Encryption Key.
3. In the Encryption Key Creation section of the Management Encryption Key page, click Create Clear Key.
4. To re-encrypt the credentials of the Single Sign-ON database, on the Create Clean Key page, select "Re-encrypt all credentials using the New Admission Key" check box, then click OK.
It is time to operate. If the existing credentials are not re-encrypted without the new encryption key, the user must retrore its credentials, the application defined administrator must retrore the group credentials.
5. Click OK.
Edit application definition
1. Click Start, point to "All Programs", point to "SharePoint Portal Server", click "SharePoint Portal Single Sign-ON Management".
2. Server Server_Name's Single Sign-ON Settings page On the Application Settings section, click Manage Enterprise Application Definitions.
3. On the Manage Enterprise Application Definition page, click New Project.
4. In the Application and Contact Information section of the Edit Enterprise Application Definition page, you can edit the display name and email contacts.
1) In the "Display Name" box, type the display name defined by the application.
In our present example, use "SSOAPP" as the name of the program.
2) In the Email Contacts box, type the email address of the user as the contact contact.
5. Select "Separate" for the account type, so that each user stores a user information.
6. In the Account Information section, select one or more fields to be mapped to the application definition.
1) Type a display name for each field to remind you to enter the required information.
2) To ensure that sensitivity information (such as password) is displayed when viewing account information, please click "Yes". It is recommended to add three fields in our application, which is UserName, Password, and DomainName in order, respectively.
7. Click OK.
Manage applications defined account information
1. Click Start, point to "All Programs", point to "SharePoint Portal Server", click "SharePoint Portal Single Sign-ON Management".
2. In the Enterprise Application Definition Settings section of the Single Sign-On Settings page, click Manage Enterprise Application Defined Account Information.
3. In the Account Information section on the Account Information page of the Manage Enterprise Application, do the following:
1) In the Enterprise Application Definition list, select the name defined by the application.
2) In the Account Name or Group Account Name box, type the account name you want to modify.
4. In the Enterprise Application Definition section, you can do the following:
Update account information for this application
1) Click "Update Account Information".
2) Click OK.
3) In the Login Information box on the "Provide the Application_Definition_name Account" page, type the username of the account that can access the application. Enterprise application is a kind
Back-end business applications, SharePoint Portal Server is established by using the application definition.
4) Click OK.
Delete account information for the application
1) Click "Removed credentials stored for this account from this enterprise application definition".
2) Click OK.
3) To delete user credentials, click OK on the confirmation message box.
Remove the account from all application definitions
1) Click "Credentials stored from all enterprise application definitions".
2) Click OK.
3) To remove user credentials from all application definitions, click OK on the confirmation message box.
In our application, we need to build an account information for each user who wants to use SIGN-ON.
Create web part using SSO technology
1. Download and install Web Part Template for Visual Studio.net
http://msdn.microsoft.com/library/en-us/dnspts/html/sharepoint_webpartTemplates.asp
2. Open Visual Studio.NET and create a Web Part Library in C # Engineering.
3. Create WebPart1.cs to "wphttpRequest.cs", and enter the following code, the principle of the code is to send a request with the WebRequest class to the remote URL of the user, due to the role of Single Sign-ON, this user needs Through authentication again, you only need to provide the default identity information to directly access the remote host.
First we have to add a reference to Microsoft.SharePoint.Portal.dll, Microsoft.Sharepoint.Portal.SingLesignon.dll.
Using system;
Using system.componentmodel;
Using system.Web.ui;
Using system.Web.ui.webcontrols;
Using system.xml.serialization;
USING Microsoft.SharePoint;
Using microsoft.sharepoint.utilities;
Using Microsoft.SharePoint.WebPartPages; Using Microsoft.SharePoint.Portal;
Using Microsoft.SharePoint.Portal.singLesignon;
// Add a reference
Using system.net;
Using system.io;
/ / Rename Namespace for WPHTTPREQUEST
Namespace WphttpRequest
{
[DefaultProperty ("Text"),
ToolboxData ("<{0}: httprequestwebpart runat = server> "),
XMLROOT (Namespace = "WphttpRequest")]]
/ / Rename Class for WPHTTPREQUEST
Public class httprequestWebpart: Microsoft.SharePoint.WebPartPages.Webpart
{
/ / Define private variables
Private const string c_url = "http: //"; // Target URL
Private const string defaultText = ""
Private string text = defaultText;
Private string _myurl = "";
[Category ("Custom Properties"]]]]]]
[DefaultValue (c_url)]
[WebPartStorage (Storage.Personal)]
[FriendlyNameAttribute ("URL")]]
"" "Type The Url Here.")]]
[Browsable (TRUE)]
[XMLELEMENT (ElementName = "URL")]
// Define attributes
Public String Url // Target URL
{
get
{
Return_Myurl;
}
set
{
_MYURL = VALUE;
}
}
[Browsable (True), Category ("Miscellaneous"),
DEFAULTVALUE (DefaultText),
WebPartStorage (Storage.Personal),
FriendlyName ("Text"), Description ("Text Property)]]]]
Public String Text
{
get
{
Return TEXT;
}
set
{
TEXT = VALUE;
}
}
/ / Reserve RenderWebPart and call GethttpRequestContent to get the content of the target URL
Protected Override Void RenderWebPart (HTMLTextWriter Output)
{
THIS.TEXT = gethttpRequestContent (this.URL);
Output.write (text);
}
/ / Get information on the remote page
Private string gethttpRequestContent (String URL)
{
String RESTR = ""
Try
{
URI ContentURL = New URI (URL);
WebRequest Req = WebRequest.create (ContentURL);
/ / Set pre-verification user permissions
Req.Preauthenticate = true;
// Establish network authentication
String [] RGGETCREDENTIALDATA = NULL;
Credentials.getcredentials (1, "SSOAPP", Ref RGGTCredentialData);
System.Net.NetworkCredential mycredential =
New system.net.networkcredential (RGGetcredentialData [0], RGGETCREDENTIALDATA [1], RGGETCREDENTIALDATA [2]);
Req.credentials = mycredential;
/ / Get the file stream returned by the distal end
WebResponse resp = Req.getResponse ();
Stream stream = resp.getResponsestream ();
StreamReader SR = New StreamReader (stream);
// read the data stream in the form of a string
Respstr = sr.readtoend ();
sr.close ();
}
Catch (Exception EX)
{
// Return to error message
Return "Error:" ex.Message;
}
Return RESPSTR;
}
}
}
4. Run "Sn -k
Join the key generated, the signature generated Web Part.
5. Change "WebPart1.dwp" and modify
