SiteMinder and ASP.NET

Common Tasks
Search
  • Advanced search options...
Tags
Archives
Archives
MSDN Blogs > <danielma> > SiteMinder and ASP.NET

SiteMinder and ASP.NET

Rate This
16 Nov 2005 1:36 PM
  • Comments 12

Some weeks ago I was integrating SiteMinder authentication within an ASP.NET application. Fortunately, this was not a big deal because the whole SiteMinder stuff is absolutely transparent to the ASP.NET application. The only thing what must be done (beside the installation and configuration of the Web Agent, Policy Server, etc, of course) is to extract the SiteMinder HTTP headers from the web request and construct a GenericPrincipal object which holds the identity of the authenticated user.

Process Description

  1. User types the URL for an ASP.NET application into the web browser.
  2. The SiteMinder Web Agent intercepts the request and checks its resource cache. If there is no information in cache about this resource (URL), the Web Agent then sends the request to the Policy Server, asking if the resource is protected.
  3. The Policy Server responds indicating that the resource is protected.
  4. The Web Agent forwards the request to a login page for challenging the user for their credential.
  5. The Web Agent forwards the credentials back to the Policy Server for authentication and authorization.
  6. The Policy Server authenticates the user against a directory. After verifying the user’s identity, the Policy Server checks rules in the Policy Store, where user entitlements are stored and grant the user access to the resource.
  7. The Policy Server notifies the Web Agent that the user is authenticated and authorized for this resource.
  8. The Web Agent constructs several SiteMinder HTTP headers with information about the authenticated user (userid), generates an encrypted session cookie and redirects the request to the original target URL.
  9. The request reaches the ASP.NET application where the userid can be extracted from the SiteMinder headers for further processing.

 

Source Code of HTTPModule to Extract SiteMinder Headers

 

   1:  /// <summary>
   2:  /// This HttpModule is responsible for retrieving the SiteMinder headers from the web
   3:  /// request.
   4:  /// </summary>
   5:  public class SiteMinderModule : IHttpModule, IRequiresSessionState
   6:  {
   7:      /// <summary>
   8:      /// Required default constructor
   9:      /// </summary>
  10:      public SiteMinderModule()
  11:      { }
  12:   
  13:      /// <summary>
  14:      // Required Dispose Method
  15:      /// </summary>
  16:      public void Dispose()
  17:      { }
  18:   
  19:   
  20:      /// <summary>
  21:      /// Register for events that are handled within this module
  22:      /// </summary>
  23:      /// <param name="app">Application object</param>
  24:      public void Init(HttpApplication app)
  25:      {
  26:          app.PreRequestHandlerExecute += new EventHandler(Application_PreRequestHandler);
  27:      }
  28:   
  29:   
  30:      /// <summary>
  31:      /// This event occurs just before ASP.NET begins executing a handler such a aspx page.
  32:      /// We use this event to extract the SiteMinder headers from the request and construct
  33:      /// our principal object
  34:      /// </summary>
  35:      /// <param name="sender"></param>
  36:      /// <param name="e"></param>
  37:      private void Application_PreRequestHandler(Object sender, EventArgs e)
  38:      {
  39:          if (HttpContext.Current.Request.Headers["SM_USER"] != null)
  40:          {
  41:              // Get a collection of all available HTTP headers from the request
  42:              NameValueCollection coll = HttpContext.Current.Request.Headers;
  43:   
  44:              // Retrieve the userid from the SiteMinder header SM_USER
  45:              string smUser = coll["SM_USER"];
  46:   
  47:              // Create GenericPrincipal with authentication type "SiteMinder".
  48:              GenericIdentity webIdentity = new GenericIdentity(smUser, "SiteMinder");
  49:              GenericPrincipal principal = new GenericPrincipal(webIdentity);
  50:   
  51:              // TODO: Attach additional attributes to the principal object (e.g. from session
  52:              // object, DB, directory, etc.)
  53:   
  54:              HttpContext.Current.User = principal;
  55:              Thread.CurrentPrincipal = principal;
  56:          }
  57:          else
  58:          {
  59:              // Throw an exception, because SiteMinder headers are not available.
  60:          }
  61:      }
  62:  }

 

A future article will cover how to integrate .NET SmartClient applications with SiteMinder.
, ,
Leave a Comment
  • Please add 2 and 3 and type the answer here:
  • Post
Comments
  • Steve Caravajal's Ramblings
    22 Jun 2006 9:36 PM
    Q: Does WSS v3&amp;nbsp;support authentication using non-Active Directory directory sources or is MOSS required?&amp;nbsp;...
  • 4 May 2007 12:23 PM

    Steve,

    WSS v3 DOES support non-AD directory sources.  

    "Unlike its predecessor, SharePoint Server 2007 does not require Active Directory.  It can authenticate access against local system accounts or external data sources using pluggable authentication."

    ~MOSS07 Administrator's Companion

  • 8 Oct 2008 12:37 PM

    Hi,

    I have one question, can i know or test programitically that if siteminder service is running on a machine.

    I am using VS2005 (C#)

  • Sowmyan's SharePoint Developer Blog
    13 Nov 2008 12:30 AM

    Recently I had worked with an interesting case in which customer was using Oracle Access Manager (OAM)

  • 30 Mar 2009 6:27 PM

    Is there any way that login.fcc can be changed to asp.net page and posting the values to siteminder for authorization?

  • 10 Apr 2009 12:05 PM

    Yes, you can use an ASP or .NET page to post to the Siteminder FCC.  Follow these basic steps to get this working:

    "Siteminder custom login page - how to post to FCC"

    http://www.ssohelp.com/notes/Siteminder_custom_login_page_-_how_to_post_to_FCC

    Team CoreBlox

    www.coreblox.com

    www.ssohelp.com

  • 10 Jul 2009 4:18 PM

    Two questions

    1. You mention a future article about integrating SiteMinder with a .NET smart client.  Did you ever write it? because that's exactly what I need to do.

    2. Is there a way I can pass the SiteMinder cookie & credentials to a .NET client application deployed using Click Once.  Will the deployed app have access to cookies from the web site it was launched from?  

  • 16 Oct 2010 4:30 AM

    i've waiting for your future article for integrationg .net smartclient application with siteminder...

    thanx in advance....

  • SS
    11 Apr 2011 5:37 AM

    Hi,

    can someone pls help me with the entire code for SiteMinder ans asp.net application? I am completely new to this term siteminder.

    i need to develope it like this: when i enter a url i need to go to Siteminder and thn if authentication is successfull then read the http headers and direct to the entered url.

    Thanks!

  • Bijay
    19 Jun 2011 11:05 PM

    Very Gud Article !!! Very much helpful !!!

    Thanks

    Bijay

    http://www.fewlines4biju.com

  • Bijay
    22 Jun 2011 5:43 AM

    Can anyone tell me the exact steps to implement siteminder from very begning. Please tell me how to do.

    Thanks

    Bijay

    http://www.fewlines4biju.com

  • Gaston Verelst
    28 Jul 2011 1:22 AM

    Hi,

    I have created the exact same solution, which works for an Asp.Net 3.5 project. But when I use the same module in a SPS 2010 application it returns an HTTP 500.

    I have tried to replace the GenericPrincipal by a RolePrincipal, but this didn't help.

    All suggestions are welcome,

    Thanks in advance,

    Gaston

Page 1 of 1 (12 items)