Using SSO for 3rd party applications exposed via PageViewer webpart

Question

We want to access 3^rd party web application via sharepoint webparts, and we are using the inbuilt webpart called ‘PageViewer webpart’, where the user has to pass the URL to the 3^rd party application to render the content.

 

But the 3^rd party webapp has a login page and requires the login credentials everytime the user logs in and accesses the webpart. Note that the  credentials required for the 3^rd party webapp might be different from that of the credentials of the user who has logged in to the sharepoint server.

 

We thought of leveraging SSO to work around this problem. The first time  the user accesses the 3^rd party application, the user will be redirected to a SSO login form, which will request the user to provide the credentials, which will be stored in SSO database along with the EAD. For subsequent requests, the sharepoint server will retrieve the credentials mapped with the EAD (which corresponds to the 3^rd party application). However, once the credentials are retrieved, we need to pass the credentials to the 3^rd party application, but currently, we have no secure way to pass the credentials for authentication.

 

Either we have to pass the credentials in the query string, else it has to be passed in the request headers, which will be insecure in non SSL connections. I am not sure if SSO in SPS provides any inbuilt mechanism to solve this problem.

 

It would be great if you could let me know of any other way of solving the problem / if I am missing something. Ideally, we have to pass the credentials somehow to the 3^rd party webapp for authentication, so that the user wont be prompted to login to the application everytime.

 

Any suggestions are most welcome.

Answer 1

You can programmatically set the URL of the PageViewerWebPart using its .ContentLink property (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webpartpages.pageviewerwebpart.contentlink.aspx).

 

So you could build a webpart that contains the PageViewerWebPart and use SSO to retrieve the correct credentials.

 

PageViewerWebPart pvwp = new PageViewerWebPart();

 

// Retrieve credentials with SSO

pcwp.ContentLink = "http://your3rdpartyApp/login.aspx?user=" + user + "&pw=" + pw;

Controls.Add(pcwp);

 

 

Answer 2

Hi Michael,

Thanks a lot for the reply. I have a small query regarding the approach that you have suggested. Wont it be a security thread to pass the username and password in the url query string?Cant anyone sniff the packets and retrieve the credentials?

We also evaluated the approach where in we can pass the credentials in the request headers, however, the request headers can be encrypted only in SSL connections. And the 3rd party applications that we are planning to expose inside the Pageviewer webparts might not use SSL.

It would be very helpful if you could provide some suggestions for this issue.

Thanks.

Answer 3

Use SSL. QueryString parameters are encrypted too.

FYI if there is still a concern you could always write your own webpart that instead of framing the other site within an IFrame used HttpWebRequest to essentially "scrape" the site and rerender it in a server side div.

---

Posting is provided "AS IS" with no warranties, and confers no rights.

Answer 4

using System;

using System.ComponentModel;

using System.Runtime.InteropServices;

using System.Xml.Serialization;

using System.Collections.Generic;

using System.Text;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using Microsoft.SharePoint;

using Microsoft.SharePoint.WebPartPages;

using Microsoft.SharePoint.Utilities;

using System.Web.UI.HtmlControls;

namespace IdentityPageViewerWebPart

{

public class IdentityPageViewerWebPart : WebPart

{

PageViewerWebPart pvwp;

protected override void RenderWebPart(HtmlTextWriter output)

{

pvwp = new PageViewerWebPart();

pvwp.ContentLink = "https://myexternal.website.com:8443/dashboard";

pvwp.Height = "700px";

pvwp.Width = "900px";

Controls.Add(pvwp);

base.RenderWebPart(output);

}

}

}

The above code is what I have come up with to extend the PageViewer web part programmatically. I am not sure if I am doing it right.

I compile this OK in Visual Studio.

But when I add this to a Sharepoint page, I get weird errors:

The "IdentityPageViewerWebPart" Web Part appears to be causing a problem. Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission, Microsoft.SharePoint.Security, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' failed. I have signed the webpart as one of the tutorials suggested and added some lines to AssemblyInfo.cs to allow PartiallyTrustedCallers I updated web.config with the public key of the web part:  <SafeControl Assembly="IdentityPageViewerWebPart, Version=1.0.0.0, Culture=neutral, PublicKeyToken=dfbaeca0a46ed0a4" Namespace="IdentityPageViewerWebPart" TypeName="*" Safe="True" /> So something is wacky. Any ideas appreciated. Jim

Answer 5

Hareni,

Have you been able to solve this issue of "Using SSO for 3rd party applications exposed via PageViewer webpart". I have the exact same requirement for my client and I am dying to find a way out of this.

I have tried several things such as webrequest/webresponse, but still lot of issues.


Since SSO is not present in wss3.0 (which is what I am using), I have to come up with an alternative.

I appreciate if you can help me in this regard.

Regards,
Basha

---

basha