I wittered on last time about Netcommunity's Single sign-on feature, so this post will talk about one way of implementing it, along with some code at the end. To get this to work I looked at the very helpful sample code on Blackbaud Labs (alas, in VB.net).
We have an intranet here that is hosted by Netcommunity, and only logged in users with a certain role (staff) can view it. However, staff were finding it a pain to have to log in to the website to be able to view the intranet. Therefore, after our recent upgrade to a newer version of Netcommunity that supports single sign-on (SSO), I thought I'd try and save them the work.
In Netcommunity configuration, there's a section where you can set up SSO - you need to specify a 'shared key', a bit of text that only you and Netcommunity know. You'll be using it in your code. The principle behind SSO is that you use this shared key, along with the username of the person you want to log in and a couple of other bits of information, to generate a special URL that signs them in automatically without requiring a password. It's very cunning and very helpful.
How I did it
The approach I took was this - I hosted an ASP.NET page on a server on our internal network (not exposed to the internet). This page identified the user (by fetching their active directory / windows username), and then matched that username to a BBNC username (held in a database).
Once it had done that and figured out their BBNC username, the page went through the necessary steps of generating the URL to sign them in. It redirects the user to that URL, and bang - they're signed in. Really easy.
We set the homepage of staff to the URL of the internal server, which then does all the hard work identifying them and forwarding them on to the URL, all quite quickly, which means they get logged in to the website and can happily browse without ever having to type anything in.
This doesn't require any reference to BBNCExtensions, however it does require a couple of inclusions in the code-behind (System.Cryptography for example). Have a look through the sample code and give it a try - make sure you go through the code and add in your shared key and a couple of other bits you need to change. It's all commented so it shouldn't be hard to work out.
As always, if anyone knows of a better way of doing this... let me know about it. I'm still learning.
The link:
http://www.wii-uk.net/media/sso.zip
There's just a text file with the c# for the code-behind in there. Let me know via a comment if you have any problems.
Cheers.
Friday, 18 September 2009
Friday, 4 September 2009
Netcommunity single sign-on
Been a bit busy lately and as such haven't had much time to work on custom parts. Out of interest, has anyone tried the sample code from the last post, or found anything I've posted remotely helpful in terms of figuring out Netcommunity customisations? Please let me know, it'd be interesting to hear about!
Single sign-on
The most recent thing I've been working on relates to Netcommunity - it uses the single sign-on feature that versions of BBNC newer than 5.5 have.
Single sign-on allows you to automatically sign someone into your Netcommunity website, as long you know their username and a 'secret key' (that you define in the Netcommunity admin). If you have those bits of information, you can generate a special URL that (when entered) signs the user in without requiring a password or any interaction on their part. (it is a bit more complicated than that, but I'll go into it in more detail in another post)
A good example that illustrates this system is what I've been working on. We have an Extranet where I work, that is hosted by Netcommunity. It's a set of pages that only users within a certain role can see. However, because only logged in users within a certain role can access the Extranet, staff have to log in each time they want to view the pages.
Therefore I've developed a page that identifies the current user (by fetching their username from Windows), and then queries a database to match their Windows username to their Netcommunity username. Once it's found their Netcommunity username, it builds the special URL required by the single sign-on system and redirects them to it. They get signed in, everyone is happy because they don't have to remember their password.
I'll post up the code & an explanation of how to do it in a subsequent post. There's actually a good tutorial over at Blackbaud Labs, but it's in VB.NET rather than C#. My code is all in C#.
Single sign-on
The most recent thing I've been working on relates to Netcommunity - it uses the single sign-on feature that versions of BBNC newer than 5.5 have.
Single sign-on allows you to automatically sign someone into your Netcommunity website, as long you know their username and a 'secret key' (that you define in the Netcommunity admin). If you have those bits of information, you can generate a special URL that (when entered) signs the user in without requiring a password or any interaction on their part. (it is a bit more complicated than that, but I'll go into it in more detail in another post)
A good example that illustrates this system is what I've been working on. We have an Extranet where I work, that is hosted by Netcommunity. It's a set of pages that only users within a certain role can see. However, because only logged in users within a certain role can access the Extranet, staff have to log in each time they want to view the pages.
Therefore I've developed a page that identifies the current user (by fetching their username from Windows), and then queries a database to match their Windows username to their Netcommunity username. Once it's found their Netcommunity username, it builds the special URL required by the single sign-on system and redirects them to it. They get signed in, everyone is happy because they don't have to remember their password.
I'll post up the code & an explanation of how to do it in a subsequent post. There's actually a good tutorial over at Blackbaud Labs, but it's in VB.NET rather than C#. My code is all in C#.
Subscribe to:
Posts (Atom)