RE: Single Sign-On User Credentials Question

Trevor,

I created a single signon web part starting from the same code sample you
did. Mine sends the user to the correct login page when they click the "Click
here..." link. My thoughts...

1. The sample uses "SampleApp" in the call to GetCredentials, but uses
"MyIndividualApplicationID" in the call to GetCredentialEntryUrl. I don't
know why. My code uses the Enterprise Application name (or is that ID?) in
both places.

2. I had problems getting the sample code to work when it was inside
RenderWebpart() (as the example is). I moved the code to the OnLoad() event
of a dropdown list in the web part (in my case, the dropdown list is
populated with data from an external database that requires a separate login,
hence the single signon). I don't know why this made a difference. By moving
the code out of RenderWebpart(), I could no longer use "writer" and had to
add an error message string to the web part which gets enabled if an error is
detected.

3. I get the same error message when an unhandled exception occurrs. It
sounds like your code should catch any problem in GetCredentials. Is it
possible you are catching the exception but somehow rethrowing it inside the
catch block? Can you step through the code to find out exactly who is
throwing the exception?

Regards,
Chris

"Trevor Conn" wrote:

Hello again --

I am now trying to create a simple web part to verify credentials related to
an Enterprise Application Definition created with an "Individual" account
type. I am using the information and sample code at the following page as my
starting point:

http://www.microsoft.com/technet/prodtechnol/sppt/reskit/c2661881x.mspx#EU6AE

When I import the web part and add it to my web part page, I get an error in
my browser which says the following:

"The 'InfoPanel' Web Part appears to be causing a problem.

Web Parts Maintenance Page: If you have permission, you can use this page to
temporarily disable Web Parts or remove personal settings. For more
information, contact your site administrator.

Troubleshoot issues with Windows SharePoint Services"

When I look in the Application Event Log, I see the following error:

"The Microsoft Single Sign-on (SSOSrv) service failed to retrieve
credentials for user DOMAIN\tconn, enterprise application definition
BackEndSQL. The error returned was 0x80630001. For more information, see the
Microsoft SharePoint Products and Technologies Software Development Kit
(SDK)."

Now, this is where I get confused. If you look at the sample code toward the
bottom of the link I provided above, you'll see there's a catch for type
"SingleSignOnException" which checks to see if the SSOReturnCode is equal to
"credentials not found". By looking in the SDK, I have verified that the hex
error code in the event log is equal to "credentials not found", thus I would
think that the catch clause would execute and bring up the appropriate login
screen. However this is not happening.

Additionally to try and get more information about what's happening, I
modified the sample code by adding an additional catch for type "Exception"
after the catch for "SingleSignonException" which should simply write the
state of any exception to the browser, however neither of these catches
appears to execute.

It says very clearly in the documentation:
"2. If the SSOSrv service cannot find credentials for the user for the
enterprise application specified, the GetCredentials method throws a
SingleSignonException. If the LastErrorCode property of the
SingleSignonException is SSO_E_CREDS_NOT_FOUND, call the
GetCredentialEntryUrl(String) method—or the GetCredentialEntryUrl(String,
Int) method—of the SingleSignonLocator class to build the URL to the single
sign-on logon form.

3. After the URL for the logon form has been retrieved, redirect the browser
to this URL. The logon form is created by the SSOSrv service. It prompts the
user to enter credentials for the enterprise application in a number of
fields."

I am thus expecting that any new user who comes to the page will be prompted
to define their credentials and thus collaborate in seeding the database. As
it is, if I specify the individual user credentials through the SSOSrv
administrator for my account, the error goes away and my credentials are
found. However this is NOT doable for a company with 3000 users. Can anyone
shed any light?

Thanks!
.

Relevant Pages

  • Credentials.GetCredentials & SingleSignonLocator.GetCredentialEntryUrl
    ... but trying to redirect to a login page is the ... I am using the same enterprise application definition in both ... GetCredentials and GetCredentialEntryUrl but something is going wrong ... save your credentials for the Enterprise Application."; ...
    (microsoft.public.sharepoint.portalserver.development)
  • RE: Login from Internet
    ... \par - You would like to know how to prevent a user not log on the site from Internet if he didn't input his domain credential. ... \par Microsoft Online Partner Support ... \par Subject: Login from Internet ... they get prompted for their credentials again. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Securing static files
    ... Dominick Baier - DevelopMentor ... they are kicked back to the login page. ... The user may log in with other credentials. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Securing static files
    ... they are kicked back to the login page. ... The user may log in with other credentials. ... The desination after login is mostly static pages (htm/html) ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • AW: Accepting secure context on Server without KDC-Login
    ... So if I understand you right, there is no possibility to tell the Krb5LoginModule NOT to try to login to the KDC, but to fetch the credentials from the keytab-File, if you are using JDK1.4? ... Betreff: Re: Accepting secure context on Server without KDC-Login ...
    (comp.protocols.kerberos)
Loading