CaseStudy for SSO between SharePoint and .Net Web App
Introduction
This CaseStudy will helps to implement singe-sign on between multiple asp.net web applications & share point web application based on form authentication.
This is been divided into two parts
- Login Page Implementation
- Web Applications
Login Page Implementation
- Open the Deployment Folder TechInvo.SSO
- Creating the Virtual Directory of the Web Application
- Go to Start -> Run -> Type inetmgr and Click Ok
-
- Expand the Web Sites where you will find in the Left Navigation.
-
- Right click on the Default Web Site , Go to New -> Virtual Directory
-
- You will get the Virtual Directory Creation Wizard. Click on Next button.
-
- Type the Alias Name as TechInvo.SSOWebApplication and Click on Next button
-
- Now you have to give the Path of the Application Existing. Use Browse Button to go to the Deployment Folder and in that upto TechInvo.SSO\TechInvo.SSOWebApplication\
-
- Now Check all the boxes and Click on Next
-
- You will prompted by a Popup say Yes.
-
- Now you will get the Successfully Completed Wizard as below, say Finish.
-
- Now you will observe the Application in the IIS Manager
- Open the Web.Config file of this Application
-
Logging Configuration Section
Add the below one in the Config Sections Tag
<section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
-
Logging Application Block
Add the below lines immediate after the Config Sections tag end
<loggingConfiguration name="Logging Application Block" tracingEnabled="false" defaultCategory="General" logWarningsWhenNoCategoriesMatch="false"> <listeners> <add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="SSP" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener" /> <add fileName="c:\Test\rolling.log" footer="----------------------------------------" formatter="Text Formatter" header="----------------------------------------" rollFileExistsBehavior="Overwrite" rollInterval="None" rollSizeKB="500" timeStampPattern="yyyy-MM-dd" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Rolling Flat File Trace Listener" /> </listeners> <formatters> <add template="Timestamp: {timestamp} Message: {message} Category: {category} Priority: {priority} EventId: {eventid} Severity: {severity} Title:{title} Machine: {machine} Application Domain: {appDomain} Process Id: {processId} Process Name: {processName} Win32 Thread Id: {win32ThreadId} Thread Name: {threadName} Extended Properties: {dictionary({key} - {value} )}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter" /> </formatters> <categorySources> <add switchValue="All" name="SSOApp"> <listeners> <add name="Rolling Flat File Trace Listener" /> </listeners> </add> <add switchValue="All" name="General"> <listeners> <add name="Formatted EventLog TraceListener" /> </listeners> </add> </categorySources> <specialSources> <allEvents switchValue="All" name="All Events" /> <notProcessed switchValue="All" name="Unprocessed Category" /> <errors switchValue="All" name="Logging Errors & Warnings"> <listeners> <add name="Formatted EventLog TraceListener" /> </listeners> </errors> </specialSources> </loggingConfiguration>
-
appSettings Tag
Find the appSettings tag in the file and add the below lines in the appSettings Tag
<add key="DefaultURL" value="http://srvssp.com/TechInvo/Home/Home.aspx" /> <add key="ADAttribute" value="wwwHomePage" />
Change the DefaultURL value accordingly to the Environment
-
connectionStrings Tag
Find the “connectionStrings” tag and add the below lines in the “connectionStrings”.
If the Users are in the Separate Organizational Unit, add as below
<add name="LocalSqlServer" connectionString="LDAP://srvssp.com/OU=TechInvoUsers,DC=srvssp,DC=com" />If the Users are in the Users Folder, add as below
<add name="LocalSqlServer" connectionString="LDAP://srvssp.com/CN=Users,DC=srvssp,DC=com" />**
srvssp.com** is the domain name of the machine, LocalSqlServer is the name of the connection string that should be maintained acroos different tags in web.config like membership provider & role manager. Do the same for all the web applications.Authentication Tag
Find the “authentication” tag and replace that tag with below lines
<authentication mode="Forms"> <forms loginUrl="Login/Login.aspx" protection="All" timeout="1000" domain="srvssp.com" name=".ADAuthCookie" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" /> </authentication>Authorization Tag
Find the “authorization” tag and replace that tag with below lines
<authorization> <deny users="?" /> </authorization>
-
Machine Key Tag
Add the machineKey tag, after the end of “httpModules” tag and before the end of “System.web” tag. [Take from SharePoint Web Application, where we are going to integrate with SSO]
<machineKey validationKey="508B6F34BD558AD4013FD2A88A7E5D73FF858EAC859E82D1" decryptionKey="A81DBE9EF757D2AD9DAE8D6678B25CF06B065C99D352D592" validation="SHA1" />
-
Membership Tag
Add the “membership” tag after the “machinekey” tag
<membership defaultProvider="MyADMembershipProvider"> <providers> <clear /> <add applicationName="/TechInvo.SSOWebApplication" connectionStringName="LocalSqlServer" connectionUsername="srvssp\Administrator" connectionPassword="" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership>Change the Application Name, ConnectionUsername and ConnectionPassword accordingly to the Environment roleManager Tag Add the “roleManager” tag below the “membership” tag
<roleManager enabled="true" defaultProvider="ActiveDirRP"> <providers> <clear /> <add applicationName="/TechInvo.SSOWebApplication" name="ActiveDirRP" type="TechInvo.Roles.ADRoleProvider" activeDirectoryConnectionString="LocalSqlServer" groupMode="Additive" groupsToUse="" /> </providers> </roleManager>
Web Applications
Here we have the two sub parts as ASP.NET Web Applications and SharePoint Web Application
ASP.NET Web Application Implementation
- Open the Respective ASP.NET Application
- Open the Web.Config file of this Application
-
Logging Section Tag
Add the below one in the Config Sections Tag
<section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
-
Logging Application Block
Add the below lines immediate after the Config Sections tag end
<loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true"> <listeners> <add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener" /> <add fileName="c:\TechInvoLog\TechInvo.log" footer="----------------------------------------" formatter="Text Formatter" header="----------------------------------------" rollFileExistsBehavior="Overwrite" rollInterval="None" rollSizeKB="500" timeStampPattern="yyyy-MM-dd" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Rolling Flat File Trace Listener" /> </listeners> <formatters> <add template="Timestamp: {timestamp} Message: {message} Category: {category} Priority: {priority} EventId: {eventid} Severity: {severity} Title:{title} Machine: {machine} Application Domain: {appDomain} Process Id: {processId} Process Name: {processName} Win32 Thread Id: {win32ThreadId} Thread Name: {threadName} Extended Properties: {dictionary({key} - {value} )}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter" /> </formatters> <categorySources> <add switchValue="All" name="TechInvo"> <listeners> <add name="Rolling Flat File Trace Listener" /> </listeners> </add> <add switchValue="All" name="General"> <listeners> <add name="Formatted EventLog TraceListener" /> </listeners> </add> </categorySources> <specialSources> <allEvents switchValue="All" name="All Events" /> <notProcessed switchValue="All" name="Unprocessed Category" /> <errors switchValue="All" name="Logging Errors & Warnings"> <listeners> <add name="Formatted EventLog TraceListener" /> </listeners> </errors> </specialSources> </loggingConfiguration>
-
appSettings Tag
Find the appSettings tag in the file and add the below lines in the appSettings Tag
<appSettings> <add key="AccessDeniedPage" value="http://srvssp.com/TechInvo.SSOWebApplication/AccessDenied.aspx" /> <add key="GroupName" value="TechInvo" /> </appSettings>
Change the GroupName as the value accordingly to the Active Directory Role Name
-
connectionString Tag
Find the “connectionStrings” tag and add the below lines in the “connectionStrings”
If the Users are in the Separate Organizational Unit, add as below
<add name="LocalSqlServer" connectionString="LDAP://srvssp.com/OU=TechInvoUsers,DC=srvssp,DC=com" />If the Users are in the Users Folder, add as below
**
**<add name="LocalSqlServer" connectionString="LDAP://srvssp.com/CN=Users,DC=srvssp,DC=com" />srvssp.com is the domain name of the machine, LocalSqlServer is the name of the connection string that should be maintained acroos different tags in web.config like membership provider & role manager. Do the same for all the web applications.
-
authentication Tag
Find the “authentication” tag and replace that tag with below lines
<authentication mode="Forms"> <forms loginUrl="http://srvssp.com/TechInvo.SSOWebApplication/Login/Login.aspx" protection="All" timeout="1000" domain="srvssp.com" name=".ADAuthCookie" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="~/Home/Home.aspx" /> </authentication>authorization Tag
Find the “authorization” tag and replace that tag with below lines
<authorization> <deny users="?" /> </authorization>
-
machineKey Tag
Add the machineKey tag, after the end of “httpModules” tag and before the end of “System.web” tag. [Take from SSO Web Application, where we are going to integrate]
<machineKey validationKey="508B6F34BD558AD4013FD2A88A7E5D73FF858EAC859E82D1" decryptionKey="A81DBE9EF757D2AD9DAE8D6678B25CF06B065C99D352D592" validation="SHA1" />
-
membership Tag
Add the “membership” tag after the “machinekey” tag
<membership defaultProvider="MyADMembershipProvider"> <providers> <clear /> <add applicationName="/TechInvo" connectionStringName="LocalSqlServer" connectionUsername="srvssp\Administrator" connectionPassword="" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership>
Change the Application Name, ConnectionUsername and ConnectionPassword accordingly to the Environment
-
roleManager Tag
Add the “roleManager” tag below the “membership” tag
<roleManager enabled="true" defaultProvider="ActiveDirRP"> <providers> <clear /> <add applicationName="/TechInvo" name="ActiveDirRP" type="TechInvo.Roles.ADRoleProvider" activeDirectoryConnectionString="LocalSqlServer" groupMode="Additive" groupsToUse="TechInvo" /> </providers> </roleManager>
Change the groupsToUse value accordingly to the application using.
Logout Functionality
The below will explains the Log Out functionality implemented in Forms Authentication.
Logout Implementation
Open the respective .aspx Page and add the ASP Button as follows
<asp:Button runat="server" ID="btnLogOut" Text="Log Out" onclick="btnLogOut_Click"></asp:Button>Open the Code behind Page .aspx.cs file and add the below lines
protected void btnLogOut_Click(object sender, EventArgs e) { FormsAuthentication.SignOut(); FormsAuthentication.RedirectToLoginPage(); }The RedirectToLoginPage redirect the user to the page that is given in LoginURL of the Forms tag in web.config.
Role Check
The following steps explain the Role Check functionality implemented in Forms Authentication.
Add Reference ADRoleProvider.dll
Get the ADRoleProvider.dll from the TechInvo.Roles/bin/debug folder
Add Global.asax to the Web Application
Add the below Code to Global.asax.cs
protected void Application_AuthorizeRequest(object sender, EventArgs e) { string UserName = System.Threading.Thread.CurrentPrincipal.Identity.Name; if (!String.IsNullOrEmpty(UserName)) { UserName = UserName.Split('@')[0]; bool test = Roles.IsUserInRole(UserName, ConfigurationManager.AppSettings["GroupName"]); if (!test) { Response.Redirect(ConfigurationManager.AppSettings["AccessDeniedPage"]); } } }
SharePoint Web Application IMPLEMENTATION
Open the SharePoint Web Application
Find the respective application in C:\Inetpub\wwwroot\wss\VirtualDirectories\Port Number/Name]
- Open the Web.Config file of this Application
-
Logging Section Tag
Add the below one in the Config Sections Tag
<section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />For reference
-
Logging Application Block Tag
Add the below lines immediate after the Config Sections tag end
<loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true"> <listeners> <add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener" /> <add fileName="c:\WebPart\TechInvoSystems.log" footer="----------------------------------------" formatter="Text Formatter" header="----------------------------------------" rollFileExistsBehavior="Overwrite" rollInterval="None" rollSizeKB="500" timeStampPattern="yyyy-MM-dd" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Rolling Flat File Trace Listener" /> </listeners> <formatters> <add template="Timestamp: {timestamp} Message: {message} Category: {category} Priority: {priority} EventId: {eventid} Severity: {severity} Title:{title} Machine: {machine} Application Domain: {appDomain} Process Id: {processId} Process Name: {processName} Win32 Thread Id: {win32ThreadId} Thread Name: {threadName} Extended Properties: {dictionary({key} - {value} )}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter" /> </formatters> <categorySources> <add switchValue="All" name="TechInvo"> <listeners> <add name="Rolling Flat File Trace Listener" /> </listeners> </add> <add switchValue="All" name="General"> <listeners> <add name="Formatted EventLog TraceListener" /> </listeners> </add> </categorySources> <specialSources> <allEvents switchValue="All" name="All Events" /> <notProcessed switchValue="All" name="Unprocessed Category" /> <errors switchValue="All" name="Logging Errors & Warnings"> <listeners> <add name="Formatted EventLog TraceListener" /> </listeners> </errors> </specialSources> </loggingConfiguration>
-
appSettings Tag
Find the appSettings tag in the file and add the below lines in the appSettings Tag
<appSettings> <add key="AccessDeniedPage" value="http://srvssp.com/TechInvo.SSOWebApplication/AccessDenied.aspx" /> <add key="GroupName" value="TechInvo,PricingTool,OMSApp" /> <add key="WebAddress" value="http://srvssp.com/TechInvo/Home/Home.aspx, http://srvssp.com/RepricingTool/Home/Home.aspx ,http://srvssp.com/OMS/Home/Home.aspx" /> </appSettings>
Change the GroupName as the value accordingly to the Active Directory Role Name
-
connection Strings Tag
Find the “connectionStrings” tag and add the below lines in the “connectionStrings”
If the Users are in the Separate Organizational Unit, add as below
<add name="LocalSqlServer" connectionString="LDAP://srvssp.com/OU=TechInvoUsers,DC=srvssp,DC=com" />If the Users are in the Users Folder, add as below
**
**<add name="LocalSqlServer" connectionString="LDAP://srvssp.com/CN=Users,DC=srvssp,DC=com" />srvssp.com is the domain name of the machine, LocalSqlServer is the name of the connection string that should be maintained acroos different tags in web.config like membership provider & role manager. Do the same for all the web applications.
-
authentication Tag
Find the “authentication” tag and replace that tag with below lines
<authentication mode="Forms"> <forms loginUrl="http://srvssp.com/TechInvo.SSOWebApplication/Login/Login.aspx" protection="All" timeout="1000" domain="srvssp.com" name=".ADAuthCookie" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" enableCrossAppRedirects="true" defaultUrl="http://ssp:22267/default.aspx " /> </authentication>
-
authorization Tag
Find the “authorization” tag and replace that tag with below lines
<authorization> <deny users="?" /> </authorization>
-
membership Tag
Add the “membership” tag after the “machinekey” tag
<membership defaultProvider="MyADMembershipProvider"> <providers> <clear /> <add applicationName="/" connectionStringName="LocalSqlServer" connectionUsername="srvssp\Administrator" connectionPassword="" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership>
Change the Application Name, ConnectionUsername and ConnectionPassword accordingly to the Environment
-
roleManager Tag
Add the “roleManager” tag below the “membership” tag
<roleManager enabled="true" defaultProvider="ActiveDirRP"> <providers> <add name="DemoRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider,System.Web, Version=2.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" /> <add applicationName="/" name="ActiveDirRP" type="TechInvo.Roles.ADRoleProvider, ADRoleProvider" activeDirectoryConnectionString="LocalSqlServer" groupMode="Additive" groupsToUse="TechInvo,OMSApp,PricingTool" /> </providers> </roleManager>
Change the groupsToUse value accordingly to the Active Directory.
Encrypting the Membership and Rolemanager Tags
Configuration files such as the web.config file are often used to hold sensitive information, including user names, passwords, database connection strings, and encryption keys. If we do not protect this information, our application is vulnerable to attackers or malicious users obtaining sensitive information such as account user names and passwords, database names and server names.
Encrypting and decrypting data incurs performance overhead. To keep this overhead to a minimum, encrypt only the sections of your configuration file that store sensitive data.`
The Aspnet_regiis.exe utility tool is located in the following directory:
%WinDir%\Microsoft.NET\Framework\versionNumber>
- The -pe switch specifies the configuration section to encrypt.
- The -pef switch specifies the configuration section to encrypt and allows you to supply the physical directory path for your configuration file.
- The -app switch specifies your Web application's virtual path. If it is a nested application, you need to specify the nested path from the root directory; for example, "/test/aspnet/MachineDPAPI".
- The -prov switch specifies the provider name.
If the command is successful, you will see the following output:
Encrypting configuration section...
Succeeded!
Note The DPAPI machine key is stored at the following location:
%windir%\system32\Microsoft\Protect\S-1-5-18
**1. ** Use the aspnet_regiis tool for Encrypting the Membership and Rolemanager tags.
To find aspnet_regiis navigate to the following folder C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727, here you will find the aspnet_regiis.exe tool.
- Open the Command Prompt and go to the above folder by typing the below command line.
cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
- Now type the below command
aspnet_regiis –pef “system.web/membership” “Web.config file path”
For Eg:- aspnet_regiis –pef “system.web/membership” “C:\Deliverable_25_03_2010\TechInvo.SSO\TechInvo.SSOWebApplication”
Change the Folder name to locate exactly the web.config file
Follow the same procedure for all the other Asp.Net Web applications and SharePoint Web Application where changing the Folder Path respective to the environment.
- For Encrypting the roleManager tag
Use the same tool and type as below
aspnet_regiis –pef “system.web/roleManager” “Web.config file path”
For Eg:- aspnet_regiis –pef “system.web/roleManager” “C:\Deliverable_25_03_2010\TechInvo.SSO\TechInvo.SSOWebApplication”
Change the Folder name to locate exactly the web.config file
Follow the same procedure for all the other Asp.Net Web applications and SharePoint Web Application where changing the Folder Path respective to the environment.
If need for Decrypting the Tags Please do as below
Use the same aspnet_regiis tool and change the –pef to –pdf and the respective tag needed according to the requirement.
aspnet_regiis –pdf “system.web/roleManager” “Web.config file path”
For Eg:- aspnet_regiis –pdf “system.web/roleManager” “C:\Deliverable_25_03_2010\TechInvo.SSO\TechInvo.SSOWebApplication”
Follow the same procedure for all the other Asp.Net Web applications and SharePoint Web Application where changing the Folder Path respective to the environment.
Troubleshooting Points
- Scenario:-
Not able to login with credentials created using ASP.NET application. [SQL membership Provider]
Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1315
Date: 2/25/2010
Time: 6:36:45 PM
User: N/A
Computer: SSP
Description:
Event code: 4006
Event message: Membership credential verification failed.
Event time: 2/25/2010 6:36:45 PM
Event time (UTC): 2/25/2010 1:06:45 PM
Event ID: 49ac92e0e53d4803a5e6ce7ae7c67e39
Event sequence: 9
Event occurrence: 4
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1657492262/Root-1-129115762208906250
Trust level: WSS_Minimal
Application Virtual Path: /
Application Path: C:\Inetpub\wwwroot\wss\VirtualDirectories\3377\
Machine name: SSP
Process information:
Process ID: 4084
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Request information:
Request URL: http://ssp:3377/_layouts/login.aspx?ReturnUrl=/
Request path: /_layouts/login.aspx
User host address: 192.168.2.17
User:
Is authenticated: False
Authentication Type:
Thread account name: SRVSSP\IUSR_SSP
Name to authenticate: mossuser1
Custom event details:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Error:-
- Might be the connection string in the Membership tag is different from the Connection string tag which have the details of Active Directory
- Might be different names of the providers in web.config and in Authentication providers of Central Administration
- If we are using LDAP
- Might the mail id is not configured with domain name.
Action:-
- Has to maintain the same key name for connection string across the web.config file
- Has to maintain the same name of the Provider Names in all the areas.
- If we are using LDAP,
- Open the User Profile in Active Directory, configure the mail to domain name for eg. mossadmin1@srvssp.com
- Use the domain name in the web.config as domainname.com.
- Give application name as /applicationname.
- In membership provider tag the definition & name should be the same as the name in active directory.
- Scenario:-
Wrong Credentials. Please retype the UserName and Password
Event Type: Failure Audit
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 18456
Date: 2/24/2010
Time: 4:43:31 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: SSP
Description:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. [CLIENT: <local machine>]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Error:-
- Might be the password incorrect
Action:- Has to give the passowrd correctly.
- Scenario:- Appending the URL extracted from Active Directory to the exisiting URL, means http://srvssp.com/TechInvo/www.google.com
Error:- In the HomePage Attribute of the Active Directory might be given as www.google.com
Action:- The HomePage Attribute should has to give as http://www.google.com
- Scenario:-
ASP.NET site with link to a SharePoint site, Both SharePoint and the ASP.NET application are running in the same domain. When a user starts ASP.NET application, they are presented with a logon dialog (windows authentication). When they click the link to the SharePoint, they are presented with the same dialog again.
Error:- :
- May be the Machine Key tag is different in applications
- Connection String may be different
Action:-
- Has to maintain the same Machine Key, taken from forms authentication sharepoint site
- Has to keep same name of Connection String
- Scenario:- ASP.NET application and SharePoint site cannot share their credentials directly.
Error:- As you have enabled the Integrated Windows Authentication (IWA), I suggest you to check your IE configurations to enable automatically logon:
Action:-
- Disable or uninstall Internet Explorer Enhanced Security.
- Add the SharePoint site to your Intranet zone in IE.
- Check automatically logon only in Intranet Zone or automatically logon with current user name and password in Internet properties > Security > Local Intranet > Security Setting.