Enabling Single Sign-on Using ASP.NET

  • Article

You can use single sign-on to log on once and then access other system resources without logging on again. You can access information in the Windows® Home Server server software through a Remote Access page, which requires you to log on to the system. When you develop Web applications, you can use the same logon information to provide single sign-on for your applications.

You can use the authentication system that is provided by ASP.NET to determine whether a user is authenticated and what to do if the user is not authenticated. You can easily enable single sign-on of applications by copying sections of the web.config file for Windows Home Server to the web.config file for your application. For more information about using ASP.NET for authentication, see “Explained: Forms Authentication in ASP.NET 2.0” at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=145524).

Enable single sign-on for your application

In order for your Web application to use the same authentication as the Remote Access page of Windows Home Server, you must copy the machineKey element and the authentication element from the web.config file that is used for Remote Access to the web.config file that is used by your Web application. The web.config file that is used for Remote Access is in the C:\inetpub\remote folder.

Note

Several web.config files are provided with Windows Home Server, but only the web.config file that is in the C:\inetpub\remote folder can be used for single sign-on.

The authentication element specifies the type of authentication to use (forms), the name of the authentication cookie (RemotePortalAuth) that is created, and the page to use for users who are not authenticated (logon.aspx). The machineKey element defines the encryption keys to use. You must also change the loginUrl property to reference the logon page for Windows Home Server. The following example shows the machineKey and authentication elements from the web.config file:

<machineKey validationKey="<MachineKey>" 
   decryptionKey="<DecryptionKey>" 
   validation="SHA1" decryption="AES" /> 
<authentication mode="Forms"> 
   <forms name="RemotePortalAuth" loginUrl="../remote/logon.aspx" protection="All" path="/" timeout="12000" requireSSL="false"/> 
</authentication>

Note

<MachineKey> and <DecryptionKey> are unique values that have not been shown for clarity.

After making this change in your Web application, if users are not already logged on through the Remote Access page, they are automatically redirected to the logon page for Windows Home Server and then directed back to the Web application page after successfully logging on.