Claims Based Authentication from SharePoint to ASP .NET

Question

I am attempting to create a single sign on SharePoint portal. I have tried a variety of methods so if someone has a better suggestion then I am all ears, but I am attempting to do this via claims based authentication. I have a SharePoint Web Service site setup with a Security Token Service running. It is currently being used by other SharePoint sites on my SharePoint server and works fine. What I am attempting to do is utilize this same Security Token Service to issue tokens to Web Application to be used as claims to achieve single sign on for these Web Applications from my SharePoint portal.

Firstly, is this possible?

Second, how do I generate a token to be used by my ASP .NET MVC applications?

I don't know much about the Security Token Service, it was set up by someone else who is no longer employed at my place of work and I cannot consult them unfortunately. Thanks in advance.

UPDATE: I have am getting the following error now:

Parser Error Message: ID1024: The configuration property value is not valid.
Property name: 'certificateReference'
Error: 'ID1025: Cannot find a unique certificate that matches the criteria.
StoreName: 'CertificateAuthority'
StoreLocation: 'CurrentUser'
X509FindType: 'FindByThumbprint'
FindValue: '‎mythumbprint'

I installed my certificate and verified it is in Root\Certificates in the Trusted Root Certification Authority. Any ideas what the issue could be?

NOTE:

Thank you for your help, this should have been mentioned from the start but I am using .NET Framework 4.5 in Visual Studio 2013 so please answer with that in mind. The answers and comments so far may work for earlier versions of .NET and VS but don't seem to work in my case.

UPDATE:

I seem to have fixed at least part of my problem. It appears I am getting authenticated but the screen is blank. I am still working through this but anyone having similar issues this helped me a lot. Upon further inspection I get a 500 Internal Server Error (after ADFS successfully authenticates me) but that error doesn't appear in browser I only see it in firebug.

Answer 1

It seems my blank page issue is a result of the combination of claims based authentication and remaining forms based authentication code being mixed together in my application. I have decided to create a simple federated MVC application (which I am able to get working) then slowly transfer the code from my existing app into the simple app and see where it breaks. My suggestion for anyone trying to accomplish something similar is not to try and simply change authentication methods like I was trying to do but to get the desired authentication working in a new simple application and port your existing application into the new one. It is a longer and more painstaking way of you it, but in my case it would have been quicker if I just started that way. If I come up with any new and useful information I will update this answer.

Thanks to all who offered their assistance with this, it did help me arrive to where I am now!

Answer 2

Yes you can achieve single sign on between SharePoint and your ASP.Net MVC application.

Since your SharePoint has already setup with STS, you need to setup your MVC application for STS. You don't need to generate a token, the token is generated and returned to your MVC application by STS.

To configure you MVC for STS, you will need Windows Identity Framework. Next configure your MVC application to use Claim based Authentication, see http://msdn.microsoft.com/en-us/library/hh291061(v=vs.110).aspx

Also if you are using ADFS for your SharePoint, have a read on ADFS Federation