CODEWITHSUNDEEP
asp.netvb.netiis-7single-sign-on
Brian McCarthy
Brian McCarthy

Reputation: 4784

ASP.NET VB.NET - How to setup Single Sign On SSO using IIS7 Active Directory

Problem: Every time I start a new session of Internet Explorer, the web application prompts me for my Active Directory Username and Password instead of automatically retrieving that information from the currently logged in Active Directory profile.

How do I setup Single Sign On in the web config or default.aspx.vb file code-behind so that it doesn't prompt me for my active directory credentials?

Here's the code from my web.config file: 

  <authentication mode="Windows"/>
  <identity impersonate="true"/> 

   <authorization>

    <allow users="alg\bmccarthy, alg\phoward" />               
    <allow roles="alg\ACOMP_USER_ADMIN" />
    <allow roles="alg\ACOMP_user_AMG" />
    <allow roles="alg\ACOMP_user_BIG" />
    <allow roles="alg\ACOMP_user_NIS" />
    <allow roles="alg\ACOMP_user_GLA" />
    <allow roles="alg\ACOMP_user_PIP" />
    <allow roles="alg\ACOMP_user_PSM" />
    <allow roles="alg\ACOMP_user_PAM" />
    <allow roles="alg\ACOMP_user_ANN" />
    <allow roles="alg\ACOMP_user_AAM" />
    <allow roles="alg\ACOMP_user_MWM" /> 
    <allow roles="alg\ACOMP_user_GIM" />
    <deny users="*" />      
    </authorization>  

 </system.web>

 <system.webServer>
 <modules runAllManagedModulesForAllRequests="true"/>
 <validation validateIntegratedModeConfiguration="false" />
 <defaultDocument enabled="true">
      <files>
          <clear />
          <add value="Default.aspx" />
      </files>
  </defaultDocument>
  </system.webServer>

  <system.serviceModel>
  <bindings>
  <basicHttpBinding>
    <binding name="BasicHttpBinding_IAcompService1" closeTimeout="00:01:00"
      openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
      allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
      maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
      messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
      useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
    </basicHttpBinding>
    </bindings>
    <client>

    <endpoint address="http://acompwebservice.myagencyservices.com/aCompService.svc" binding="basicHttpBinding"
    bindingConfiguration="BasicHttpBinding_IAcompService1" contract="aComp_ServiceReference.IAcompService"
    name="BasicHttpBinding_IAcompService1" />
    </client>
    </system.serviceModel>

I was looking at some SSO code from MSDN but I wasn't sure if I should Create a Login Token Method and I'm not using a database for logins because I'm using Windows Authentication w/ Active Directory. Is it possible to add something on the web.config to accomplish this?

Thanks for looking!

Upvotes: 0

Views: 5070

Answers (1)

Matthew Abbott
Matthew Abbott

Reputation: 61589

Have you verified that the "Enable Integrated Windows Authentication" option in IE is enabled?

In IE9, go to Tools, Internet Options, Security, Custom Level, User Authentication, Logon.

Internet Options

If you have selected "Automatic Logon only in Intranet Zone" and it still doesn't work, it means the website is not being displayed as an intranet website. You can have the website changed from being displayed as an internet website to an intranet website to get auto-login to work with this setting.

Alternatively, you can change the logon to "Automatic logon with current user name and password" which could potentially open up a security hole.

Alternatively, you could set up a Group Policy Object and add the website as a trusted site that will auto authenticate.

Upvotes: 2

Related Questions