.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Claims Based Authentication and Custom Apps in _layouts Directory

Posted By:      Posted Date: April 14, 2011    Points: 0   Category :C#

Hello everyone,

When we originally setup our SharePoint 2010 installation, we used Windows Classic Authentication. We have since built a couple of custom applications using VS2010 and deployed them to the _layouts directory. These apps query information from our ERP system and display them on a web page. We keep this inside of SharePoint to be consistent with the look and feel of the rest of the intranet.

We had a consultant come in to help with some other items with our SharePoint install and we converted to Claims Based Authentication. Now, when trying to use these custom applications, they ask for a username and password when you submit the information to query. When you provide the info, it does not authenticate and fails after three attempts. Does anyone know what additional steps are necessary for these apps to use the Claims Based Security Tokens? I've scoured the internet for two days looking for answers and haven't come up with anything useful.

View Complete Post

More Related Resource Links

Claims-Based Apps: Claims-Based Authorization with WIF


Over the past few years, federated security models and claims-based access control have become increasingly popular. Platform tools in this area have also come a long way. Windows Identity Foundation (WIF) is a rich identity model framework designed for building claims-based applications and services and for supporting active and passive federated security scenarios.

Michele Leroux Bustamante

MSDN Magazine November 2009

Claims Tips: Learning About Claims-Based Authentication in SharePoint 2010

Use these five tips for guidance in solving problems related to using and configuring claims.

Sample: SharePoint Claims-Based Authentication

Explore the code as you learn how to create a custom security token service (STS) and set up a trust relationship between a SharePoint 2010 farm and the custom STS.

AutoLogin for authenticated user via LiveID in Sharepoint 2010 (Claims Based Authentication)

Hi,     Im working in integrating LiveID authentication in my Sharepoint site. Live id gives back a token of the user with which i created a dummy profile using MembershipProvider.CreateUser. Now i have to auto login the user with the profile i created, i mean i have to force login to my sharepoint site using the created dummy user details without asking the user to give username n password.Any suggestion will be a great help for me to proceed.   Thanks Saravanan Michael

Should I use claims based authentication?

I'm about to setup a web application to host a public facing website. Internal staff will authenticate to the site via Active Directory and we may have a need to allow external users to access "authenticated" parts of the site. To authenticate them we plan to use Windows Live ID. With that in mind,: is it better to set the web application up to use claims based authentication from the start rather than having to change it later? is there anything available as of yet to setup SharePoint 2010 to authenticate against Windows Live ID using claims based authentication?

Migrate from Classic to Claims based authentication

So this is really an outside the normal question and I am hoping someone has some thoughts. I am going to be upgrading a MOSS 2007 farm to MSS2010. I have to move hardware so I will be using the content database attach method for upgrade. The site is current extended to a second IIS Application to support both window and Forms based authentication. Since this is an intranet, unique security is used at the site level (and occasionally at the doc lib level). I want to take advantage of Claims Based Authentication (and use one URL, plus other benefits). I am well aware that that claims based token is not the same as the windows token even though the NTLM user is really the same. Thus that is what presents the issue. I need to "migrate" all of my current NTLM-Classic users to claims based. My first thought is to read the users added to each site (actually role assignments), find all users that have the domain name at the beginning of the member name and add a new users (appending the i:0#.w| to the beginning of the loginname) to the site. This works beautifully and is succesful. The problem arises in the that the role assignments contains SharePoint groups (which we don't use much) and AD groups. the SharePoint groups are ok (yes, I have to migrate the users in them too, but no problem). The AD groups are added via SID when it is claims based. This presents the probl

How do I use PowerShell to configure Web.Config for forms-based authentication for a Claims Based we

This TechNet article does a great job describing how to Configure forms-based authentication for a claims-based Web application using PowerShell. However, it glosses over editing the web.config file by just saying "Find the <Configuration> <system.web> section and add the following entry:" Is it possible to edit the web.config file using PowerShell using the IIS PowerShell snapin or can I just edit the web.config file as a xml document? This succeeds in adding the element, but only with the name and type. It does not add the connectionStringName or the applicationName import-module webadministration Add-WebConfiguration /system.web/membership/providers "IIS:\sites\[site name]" -value @{name="FBAMembershipProvider";` type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture= neutral, PublicKeyToken= b03f5f7f11d50a3a";` connectionStringName="FBAconn";` applicationName="/"} Does anyone any suggestions on a direction to go to add the membership providers and role providers in the web.config using PowerShell? This is very frustrating because I can do it manually, I can do it through the UI in IIS Manager, I can do it using appcmd, but no matter what I do, I can't get it to work using PowerShell.  

Form Based Authentication with Custom database

Hi, I have a Sharepoint 2010 web application and I want to implement FBA(Form Based Authentication) for that. I don't want to use any membership providers and role providers. I have a SQL server database where we will maintain users and roles. I want to use this database for validating user credentials and authenticating them. Is this possible in Sharepoint 2010? Please reply ASAP.

SharePoint 2010 Claims Based Authentication - anonymous site is prompting for CBA auth when opening

Hi, I have CBA setup successfully on my sites.  One site is setup for anonymous access and I have disabled "client integration" on that web application. I have a list of MS Office documents on a wiki.  When I click on one I am asked to either save or open or cancel.  Saving works fine but when I choose open, it launches the associated MS Office app.  I am then prompted for a login from CBA.  I can click cancel and the logon screen appears again.  After clicking cancel the 2nd time the document appears in the MS Office app, Word in this case. My question is how do I prevent my users from being prompted for a CBA login when clicking on these files and opening them in the native app on their machine?      --TR

Regarding Claims Based Authentication in sharepoint2010

Hey, i have an web application which is in classic mode. now i want to extend same application as claims mode? can you please sugguest me a proper process Thanks in Advance!Share Knowledge and Spread Love!

Claims Based Authentication

I have successfully gotten my sharepoint site to use claims-based authentication, but now I am trying to configure it so it works. Right now I can't connect locally or from my extranet. I am following this guide: http://technet.microsoft.com/en-us/library/ee806890.aspx I haven't changed my web.config files yet, because I don't know what information I need to fill in.  There are a lot of places that say, your server here, and I need to put in some OUs and whatnot.  I don't know what info I am supposed to put in. First of all, I don't know what server I am supposed to put in. Do I need my domain controller there, my sharepoint server, my sql server?  I am guessing the part with the OUs is active directory stuff, so that would imply I use my domain controller.  I have already used the aspnet_regsql application to create a database, but I am not really sure what I am supposed to do with it. Is there a guide somewhere that explains things better, or could someone help me out?    Here is the code: <membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="yourserver.com"

Changed to claims based authentication, now I can't access my site. Please help! Time is of the ess

I am in a pretty big bind. I have a sharepoint 2010 site, that was using classic windows authentication. It worked fine from the inside, and I was able to extend it to the outside and it was using https with an SSL certificate. However, my performancepoint reports and my external lists weren't working when the site was accessed from the outside. Apparently this is a known issue with using classic authentication on the outside, so I tried to switch over to claims based authentication. I followed this guide: http://blogs.technet.com/b/wbaer/ar...point-2010.aspx I obviously changed the contoso stuff to my domain name, and changed all of the config files. The problem is, now I can't access the site at all from the inside or the outside. Here is the error I get in my logs: code: An exception occurred when trying to issue security token: Could not connect to [url]http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.[/url] TCP error code 10061: No connection could be made because the target machine actively refused it . My Sharepoint Central Administration site gives me this warning: code: The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state. Remedy Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, f

Forms Based Authentication - problem with custom master page and login page



I have successfully enabled and set up FBA (Forms Based Authentication) on my SharePoint 2010 Foundation server. The thing is that I need to customize the look and feel of the login page. I have successfully customized the page (and master page) to look the way I want, however, when I try to log in, I get the following error/message on the page:
"Forms Based Authentication on classic Web applications has been deprecated".

What I've done:
Made copies of /_layouts/simple.master and /_layouts/login.aspx and renamed the copies. The markup in the master page is MUCH simpler than the original, but I've kept all the ContentPlaceholders that I don't use (most of them) in a hidden <asp:Panel at the bottom of the page.

I've changed the web.config file:
<authentication mode="Forms">
      <forms loginUrl="/_layouts/loginCustom.aspx" />

So, I'm not getting any errors on the page until I try to log in. When I use the default settings (login.aspx and simple.master) it works just fine (but damn that page looks ugly!).

Does anyone know what I might be missing?

Update: I believe the reason it doesn't work is because my custom login aspx is not part of the Claims Based Web Application (because it's sitting

Claims Based Authentication with ADFS 2.0


I have setup the claims based environment with ADFS 2.0, everything is working fine but when i select my claims in the people picker its not validating weather the claim exists or not. its showing what ever i enter, as a result in the people picker page. I want to check if the claim exists then only the claim should be shown as a result and resolved.

can anyone guide me how to start and where to make modifications. So that i can pick claims only which i have created or existing.

Claims Based Authentication - Access Denied for NTLM - Network Related



We have setup a test SharePoint environment on a single box. If we create a new classic authentication web application using NTLM the site works fine, and recognizes AD users correctly. Users can then login successfully. If we create a new claims based authentication web application using NTLM all users receive an Access Denied error when trying to view the site. The application will recognize AD users when applying permissions in Central Admin's User Policy section, but none of those users are able to access the site.

If I turn on Fiddler Capture, the sites will work fine. Once I turn it off the sites no longer work and we are again presented with an Access Denied exception (or sometimes 403 Forbidden in Firefox and Chrome). I know that Fiddler create a local proxy so I'm curious what that proxy is doing that allows claims based to work correctly.

Has anyone seen this before? Does this sound Firewall/Antivirus related? Client or server?

Thank you,



How to get SharePoint file conent by URL from web applications with claims based authentication conf



I am using next code to get SharePoint document content:

using (System.Net.WebClient objWebClient = new System.Net.WebClient())
                    objWebClient.Credentials = new System.Net.NetworkCredential("username", "password", "domain");
                    using (System.IO.BinaryReader file = new System.IO.BinaryReader(objWebClient.OpenRead("http://machine_name:10000/Shared%20Documents/some_file.txt")))
                        //Read file stream

Windows Identity Foundation (Claims Based Authentication) for Reporting Services



I see that SQL Server 2008 R2 Reporting Services now supports Claims Based Authentication in Sharepoint 2010, meaning that end users can authenticate with Sharepoint using Claims Based Authentication, and use the same security tokens to connect through to Reporting Services.

I assume that behind the scenes Sharepoint is using Windows Identity Foundation (WIF - formerly codenamed "Geneva") to handle the authentication, and passing this on to Reporting Services.

I'm keen to use Windows Identity Foundation to authenticate with Reporting Services without Sharepoint. We have an existing ASP.NET web application, and we'd like to call Reporting Services from that, passing on the Windows Identity Foundation credentials of the user logged into our web application.

I've done some work on setting up a custom security extension using Forms Authentication (based on the sample), but am not sure how to proceed from there.

Google/Bing hasn't been helpful. Can you please point me to some guidance on how to set up Windows Identity Foundation authentication for Reporting Services?<

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend