.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Claims Based Auth timeout?

Posted By:      Posted Date: September 27, 2010    Points: 0   Category :SharePoint

When using Claims authentication with FBA membership provider is there a way to configure the FedAuth cookie to expire when the user closes his or her browser or at a particular interval?  I've tried setting the timeout attribute of the <forms> tag but when I look at the auth cookie the timeout value is the same 10 hour window. 

View Complete Post

More Related Resource Links

SharePoint 2010 Claims Based Authentication - anonymous site is prompting for CBA auth when opening

Hi, I have CBA setup successfully on my sites.  One site is setup for anonymous access and I have disabled "client integration" on that web application. I have a list of MS Office documents on a wiki.  When I click on one I am asked to either save or open or cancel.  Saving works fine but when I choose open, it launches the associated MS Office app.  I am then prompted for a login from CBA.  I can click cancel and the logon screen appears again.  After clicking cancel the 2nd time the document appears in the MS Office app, Word in this case. My question is how do I prevent my users from being prompted for a CBA login when clicking on these files and opening them in the native app on their machine?      --TR

Claims Based Auth Corrupting Permissions?

So I'm noticing everytime I enable claims based authentication on a web application all pre-existing windows based permissions fail. I believe this is due to the Identity Manager presenting a different account than those present from Classic mode authentication. You can see below that the Classic Mode Account's list the normal domain\username while the claims based version of the same account is completely different and causing a mismatch. So I figure I must be missing something obvious for how to migrate to claims based, they can't honestly expect people to redo permissions across their entire sharepoint instance. Example (DisplayName followed by Account): Name: All Authenticated Users Account: c:0(.s|true Name: NT AUTHORITY\authenticated users Account: NT AUTHORITY\authenticated users Name: DOMAIN\domain users Account: c:0+.w|s-1-5-21-2428780107-2384587425-257213858-513 Name: DOMAIN\domain users Account: DOMAIN\domain users

not able to login to Claims based auth. sweb apps in sharepoint 2010


Hi till yesterday I was able to login to claim based web apps in my sharepoint 2010 server. but today they are giving below mentioned error! even though classic mode auth web apps are running fine.

Nor it allow to activate /deactivate any fature to a site collection under claims based web app with same error in event log:

Please help.

error message in event viewer:


Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Foundation
Date:          10/8/2010 1:30:59 PM
Event ID:      8311
Task Category: Topology
Level:         Error
User:          SHAREPOINT2010\administrator
Computer:      sharepoint2k8.sharepoint2010.com
An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: 85F230FF68A8107A14667844D6741A6C2199C60E\n\nErrors:\n\n UntrustedRoot: A certificate chain processed

Claims-Based Apps: Claims-Based Authorization with WIF


Over the past few years, federated security models and claims-based access control have become increasingly popular. Platform tools in this area have also come a long way. Windows Identity Foundation (WIF) is a rich identity model framework designed for building claims-based applications and services and for supporting active and passive federated security scenarios.

Michele Leroux Bustamante

MSDN Magazine November 2009

Geneva Framework: A Better Approach For Building Claims-Based WCF Services


Here we introduce Microsoft Code Name "Geneva," the new framework for building claims-based applications and services, and federated security scenarios.

Michele Leroux Bustamante

MSDN Magazine December 2008

Security Briefs: Exploring Claims-Based Identity


Keith Brown introduces you to the new identity model in the Microsoft .NET Framework 3.0.

Keith Brown

MSDN Magazine September 2007

Video: Introduction to Claims-based Security in SharePoint 2010

Learn how claims-based identity provides a common way for applications to acquire identity information from users inside their organization, in other organizations, and on the Internet. (Length: 23:46)

Claims Tips: Learning About Claims-Based Authentication in SharePoint 2010

Use these five tips for guidance in solving problems related to using and configuring claims.

Sample: SharePoint Claims-Based Authentication

Explore the code as you learn how to create a custom security token service (STS) and set up a trust relationship between a SharePoint 2010 farm and the custom STS.

automatic logon using claims based FBA??

I have been using a IHttpModule that performs automatic logon on a forms based authentication using a custom membership provider. This has worked well using any .net asp.net application including SharePoint 2007. The IHttpModule listens for the AuthorizeRequest event of the application and if the user isn't logged in it uses the FormsAuthentication.SetAuthCookie(principal.Identity.Name, persistentCookie); to perform the "login". When I tried this on SharePoint 2010 using a claims based FBA, adding my custom membership provider as documented, I ran into some problems. First, the identity name that needed to be set in the SetAuthCookie was not the normal username, it seemed to be on a syntax like 0#.f|membershipProviderName|UserName If I used this instead (replacing membershipProviderName and UserName) with the actual ones, the login seemed to work (it felt like a hack tough and perhaps there is some better way to do this?) After a bit of testing the site the most seemed to work (a plain SharePoint 2010 site), but when I clicked on a list link (like calendar, events or announcements) I was given a servererror as below.   Has anyone any idéas? /Dan   Server Error in '/' Application. <nativehr>0x8107058a</nativehr><nativestack></nativestack>Operation is not valid due to the current state of the object. Description: An unhandle

Can not init SPSite for claims based authenticated site

Hi, trying to write a simple console application i was not able to init a claims based authenticated site with API nor with the Managed Client OM. Opening a site with only windows authentication is working. Running on a Windows Server 2008 R2 and SP 2010 server and logged in as the buildin Administrator account. Administrator is Site Collection Admin. static void Main(string[] args) {     ClientContext context = new ClientContext("http://mypc:300");     Web web = context.Web;     context.Load(web);     context.ExecuteQuery();     ... } throws "The remote server returned an error: (403) Forbidden.". Setting credentials for the context is also not working. or same problem with     static void Main(string[] args) {     using (SPSite spSite = new SPSite("http://mypc:300"))     {         ... throwing FileNotFound-Error. Any idea? Greetings Peter  

AutoLogin for authenticated user via LiveID in Sharepoint 2010 (Claims Based Authentication)

Hi,     Im working in integrating LiveID authentication in my Sharepoint site. Live id gives back a token of the user with which i created a dummy profile using MembershipProvider.CreateUser. Now i have to auto login the user with the profile i created, i mean i have to force login to my sharepoint site using the created dummy user details without asking the user to give username n password.Any suggestion will be a great help for me to proceed.   Thanks Saravanan Michael

Should I use claims based authentication?

I'm about to setup a web application to host a public facing website. Internal staff will authenticate to the site via Active Directory and we may have a need to allow external users to access "authenticated" parts of the site. To authenticate them we plan to use Windows Live ID. With that in mind,: is it better to set the web application up to use claims based authentication from the start rather than having to change it later? is there anything available as of yet to setup SharePoint 2010 to authenticate against Windows Live ID using claims based authentication?

Migrate from Classic to Claims based authentication

So this is really an outside the normal question and I am hoping someone has some thoughts. I am going to be upgrading a MOSS 2007 farm to MSS2010. I have to move hardware so I will be using the content database attach method for upgrade. The site is current extended to a second IIS Application to support both window and Forms based authentication. Since this is an intranet, unique security is used at the site level (and occasionally at the doc lib level). I want to take advantage of Claims Based Authentication (and use one URL, plus other benefits). I am well aware that that claims based token is not the same as the windows token even though the NTLM user is really the same. Thus that is what presents the issue. I need to "migrate" all of my current NTLM-Classic users to claims based. My first thought is to read the users added to each site (actually role assignments), find all users that have the domain name at the beginning of the member name and add a new users (appending the i:0#.w| to the beginning of the loginname) to the site. This works beautifully and is succesful. The problem arises in the that the role assignments contains SharePoint groups (which we don't use much) and AD groups. the SharePoint groups are ok (yes, I have to migrate the users in them too, but no problem). The AD groups are added via SID when it is claims based. This presents the probl

How do I use PowerShell to configure Web.Config for forms-based authentication for a Claims Based we

This TechNet article does a great job describing how to Configure forms-based authentication for a claims-based Web application using PowerShell. However, it glosses over editing the web.config file by just saying "Find the <Configuration> <system.web> section and add the following entry:" Is it possible to edit the web.config file using PowerShell using the IIS PowerShell snapin or can I just edit the web.config file as a xml document? This succeeds in adding the element, but only with the name and type. It does not add the connectionStringName or the applicationName import-module webadministration Add-WebConfiguration /system.web/membership/providers "IIS:\sites\[site name]" -value @{name="FBAMembershipProvider";` type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture= neutral, PublicKeyToken= b03f5f7f11d50a3a";` connectionStringName="FBAconn";` applicationName="/"} Does anyone any suggestions on a direction to go to add the membership providers and role providers in the web.config using PowerShell? This is very frustrating because I can do it manually, I can do it through the UI in IIS Manager, I can do it using appcmd, but no matter what I do, I can't get it to work using PowerShell.  

SharePoint 2010 Claims Based Authenticaton site working but search is broken

Hi, I have SP 2010 sucessfully installed on a Windows 2008 R2 server with SQL Server 2008 R2.  I created local machine accounts for the following: MACHINE\mssqlservice MACHINE\sp_admin MACHINE\sp_search MACHINE\sp_farms I have setup 2 sites with public facing internet access as well as local sites. I have CBA working properly on both sites from both public and private access. My problem is that when I go to search, I am constantly redirected to an error page. I have checked all SP services on the server and they are all running as MACHINE\mssqlservice That account has proper access to all sites as well as all DB's. My search is crawling and I get one error from a long named PDF file in my site, which is OK.   My questions is if my CBA is working fine and my search is crawling, why I am not getting a results page when I search from the sites:   Here is the error I get:   Error Internal server error exception:   Troubleshoot issues with Microsoft SharePoint Foundation. Correlation ID: 5a03b730-42c2-48c9-a220-3b9d052481de Date and Time: 9/9/2010 4:45:07 PM   I am kind of stuck at this point and am not sure how to proceed.  Any help would be appreciated.        --TR

Regarding Claims Based Authentication in sharepoint2010

Hey, i have an web application which is in classic mode. now i want to extend same application as claims mode? can you please sugguest me a proper process Thanks in Advance!Share Knowledge and Spread Love!
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend