Microsoft Office Sharepoint Server 2007 Single Sign On –開發篇(台北十一)

十一的站点: http://sharepoint.idv.tw    
我的Moss社区:
http://www.msotec.com/            QQ群: 14936250
http://www.msotec.net/            MSN群: group194869@xiaoi.com

過年到現在一直找不到時間補上這篇,今天剛好睡不著,就把剩下的部份補完吧。
MOSS2007與SPS2003的SSO最大的不同是MOSS提供了PLUGGABLE ISSOPROVIDER
讓大家能定制更符合需求的SSO,我怎麼知道?SDK寫的呀!
Microsoft Office SharePoint Portal Server 2003 included a single sign-on (SSO) service for storing
and mapping user credentials for use with third-party, back-end server applications.
In Microsoft Office SharePoint Server 2007, this functionality is enhanced to include a pluggable single sign-on mechanism
that allows you to specify alternate single sign-on providers.
Replacing the default SSO provider in Office SharePoint Server 2007 involves
implementing the Microsoft.SharePoint.Portal.SingleSignon.ISsoProvider class, installing it into the global assembly cache,
and registering the new SSO provider with Office SharePoint Server 2007.)


本篇中我是用MOSS預設提供的SSO,如果看官有需要定制自己的SSO PROVIDER,
別擔心SDK 有詳細的範例喔。這當然也是SDK說的
(By default, Microsoft Office SharePoint Server 2007 provides the Microsoft Single Sign-On (SSO) service
for storage and mapping of credentials for use in connecting with third-party or back-end systems.
Many companies already have developed an in-house credential storage system or use a solution
other than the Microsoft Single Sign-On service. As an alternative to maintaining credential mapping in two places,
Office SharePoint Server 2007 provides a mechanism called pluggable SSO. This feature allows you to specify
an alternate SSO provider to the standard SSO provider in Office SharePoint Server 2007.)


設定篇之後,簡單描述一下SCENARIO…
Scenario:
話說現在十一E-mail 都用Gmail,但是每次都需要輸入密碼很麻煩,
用IE記憶密碼又不是很安全,而每天十一都會上
http://sharepoint.idv.tw 逛一逛,
剛好MOSS又有Single sign on的機制,所以就利用它來解決這個問題。
而我希望能透過新的IE視窗來開啟我的GMAIL信箱,不影響我原本網站的瀏覽,
就這麼簡單。
廢話不多說,以下就是我的作法

1.在
設定篇中已經輸入過 andy在Gmail中對應的帳號密碼,所以當然需要做的就
只是取出SSO資料庫裡的帳號密碼,然後去Gmail驗證完成登入,我們來看看結果吧。

1.先登入MOSS

2. 點下去

3.跳出視窗了

4.登入GMAIL了

作法:
1.我先寫一個WebApplication來取SSO並登入到Gmail (VS 2005 安裝SP1就可以建立webapplication 了)


專案:SSODEMO
刪掉Default.aspx,建立一SsoToGMail.aspx

加入參考: Microsoft.SharePoint.Portal; Microsoft.SharePoint.Portal.SingleSignon;

程式碼區塊:

using System;

using System.Data;

using System.Configuration;

using System.Collections;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Web.UI.HtmlControls;

using Microsoft.SharePoint.Portal;

using Microsoft.SharePoint.Portal.SingleSignon;


namespace SSODEMO

{

public partial class SsoToGMail : System.Web.UI.Page

{

protected void Page_Load(object sender, EventArgs e)

{

IntPtr pUserName = IntPtr.Zero;

IntPtr pPassword = IntPtr.Zero;

try

{

ISsoProvider isso = SsoProviderFactory.GetSsoProvider();

SsoCredentials myCreds = isso.GetCredentials("GoogleMail");

pUserName = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(myCreds.UserName);

String userName = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pUserName);

pPassword = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(myCreds.Password);

String Password = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pPassword);

string strHTML = "";

strHTML += "<html> ";

strHTML += "<body > ";

strHTML += "<form id='myform' name='myform' method='POST'
action='https://www.google.com/accounts/ServiceLoginAuth' > "
;

strHTML += "<input type='hidden' name='continue'
value='http://mail.google.com/mail?ui=html&amp;zy=l'> "
;

strHTML += "<input type='hidden' name='service' value='mail'> ";

strHTML += "<input type='hidden' id='Email' name='Email' value='" + userName + "' > ";

strHTML += "<input type='hidden' id='Passwd' name='Passwd' value='" + Password + "' >";

strHTML += "</form> ";

strHTML += "<script > ";

strHTML += " window.onload=myform.submit(); ";

strHTML += " document.all('Email').value='';document.all('Passwd').value='';";

strHTML += "</script> ";

strHTML += "</body> ";

strHTML += "</html> ";

Response.Write(strHTML);

}

catch (SingleSignonCredsNotFoundException ssoe)

{

if (SSOReturnCodes.SSO_E_CREDS_NOT_FOUND == ssoe.LastErrorCode)

{

string strSSOLogonFormURL = SingleSignonLocator.GetCredentialEntryUrl("GoogleMail");

Response.Write(User.Identity.Name.ToString() +
"您好!<br>" + "SSO TO GMail Fail!<BR><a href=" + strSSOLogonFormURL +
" target='_self' >找不到對應的帳號,請點此連結輸入Gmail帳號及密碼!</a><P><input type='button' onclick='javascript:window.close()' value='關閉' />");

}

}

catch (SingleSignonException ex)

{

Response.Write(ex.LastErrorCode);

Response.Write(ex.Message);

}

catch (Exception exx)

{

Response.Write(exx.Message);

Response.Write(exx.InnerException);

}

finally

{

if (IntPtr.Zero != pUserName)

{

System.Runtime.InteropServices.Marshal.ZeroFreeBSTR(pUserName);

System.Runtime.InteropServices.Marshal.ZeroFreeBSTR(pPassword);

}

}

}

}

}


注解:
IntPtr pUserName = IntPtr.Zero;

IntPtr pPassword = IntPtr.Zero;
※拿來接帳號跟密碼的

ISsoProvider isso = SsoProviderFactory.GetSsoProvider();

SsoCredentials myCreds = isso.GetCredentials("GoogleMail");
※取得已定義的 SsoCredentials

pUserName = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(myCreds.UserName);

String userName = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pUserName);

pPassword = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(myCreds.Password);

String Password = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pPassword);

※轉成看得懂的帳號跟密碼

catch (SingleSignonCredsNotFoundException ssoe)

{

if (SSOReturnCodes.SSO_E_CREDS_NOT_FOUND == ssoe.LastErrorCode)

{
Credentials could not be found 當發生找不到Current User 的Credentials 時發生的錯誤

string strSSOLogonFormURL = SingleSignonLocator.GetCredentialEntryUrl("GoogleMail");
取得GoogleMail 這個EAP輸入使用者Credential資料的Url

Response.Write(User.Identity.Name.ToString() +
"您好!<br>" + "SSO TO GMail Fail!<BR><a href=" + strSSOLogonFormURL +
" target='_self' >找不到對應的帳號,請點此連結輸入Gmail帳號及密碼!</a><P><input type='button' onclick='javascript:window.close()' value='關閉' />");

}

}

string strHTML =.略
別問我這段為何這樣做,我是去打開Gmail登入頁面抄來組的,請依您的情況做調整


這樣SSO部份就完成了,很簡單吧。

之後我建了一個頁面SSODEMO.aspx,只是為了彈出剛剛做的頁面。


以上...完成嚕!

以上簡單的介紹希望對大家有幫助,也歡迎大家跟我討論,或是分享您的應用給我。

你可能感兴趣的:(SharePoint)