Rectangle 27 3

Is the ASP.NET site on the same network? If so, then you can use AD (Windows Auth) for authentication on the ASP.NET site just like you're using it on the SharePoint site. You don't need to pass the credentials, and you can't anyway since all you have is an authenticated identity. If you configure the ASP.NET site to require Windows Authentication, you'll be able to get the user's identity from the server variables (AUTH_USER).

Pass user credentials between SharePoint web application and ASP.NET w... sharepoint iis authentication
Rectangle 27 7

and the answer for this one is going to be a security feature known as the authentication loopback check, introduced way back in Windows 2003 SP1, as per:

i was trying to connect to my iis host headers instance using a host header defined in my /etc/hosts file as pointing to, while logged in at the machine running iis - this is the loopback scenario.

i also did not need to enable impersonation for my situation, and so i disabled that, and now i can connect using my faked fqdn both locally and remotely

why does windows authentication / impersonation fail on applic... windows-7 impersonation windows-authentication iis-7.5
Rectangle 27 7

The URL provided by Velvet is down. I found a cached version on

" 401.1 Error When Accessing SharePoint From Server

I ran into this issue several times in the past in setting up SharePoint environments (for both internal development use and customers) so I figured it was time to write a blog post about it. If you are running SharePoint Server 2007 or WSS 3.0 on Windows Server 2003 SP1 or later you will run into authentication issues if you are trying to access a SharePoint site using host headers from the server itself (i.e. host file has pointed to This issue manifests itself as the result of a loop back security check that Microsoft built in to Windows Server 2003 SP1 and later. The purpose of the loopback check is to eliminate denial of service attacks however it causes issues with access SharePoint sites locally from the server. In a typical production environment this is typically not a problem since you rarely access SharePoint sites (besides central admin) from a front end web server itself. However I do have physical and virtual development environments where all activities take place from the server, so this can cause some heartburn unless you have worked through the issue before. You can read the detailed KB article at KB926642 & KB896861. Here is a rundown of how to fix the problem. I typically disable the loopback check however this is not recommended for production server environments.

Method 1: Disable the authentication loopback check Re-enable the behavior that exists in Windows Server 2003 by setting the DisableLoopbackCheck registry entry in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry subkey to 1. To set the DisableLoopbackCheck registry entry to 1, follow these steps on the client computer:

  • In the Value data box, type 1, and then click OK.
  • Restart the computer. Note You must restart the server for this change to take effect. By default, loopback check functionality is turned on in Windows Server 2003 SP1, and the DisableLoopbackCheck registry entry is set to 0 (zero). The security is reduced when you disable the authentication loopback check, and you open the Windows Server 2003 server for man-in-the-middle (MITM) attacks on NTLM.

Method 2: Create the Local Security Authority host names that can be referenced in an NTLM authentication request To do this, follow these steps for all the nodes on the client computer:

  • Click Start, click Run, type regedit, and then click OK.
  • In the Name column, type BackConnectionHostNames, and then press ENTER.
  • In the Value data box, type the CNAME or the DNS alias, that is used for the local shares on the computer, and then click OK.

Note Type each host name on a separate line.

Note If the BackConnectionHostNames registry entry exists as a REG_DWORD type, you have to delete the BackConnectionHostNames registry entry. 7. Exit Registry Editor, and then restart the computer. "

why does windows authentication / impersonation fail on applic... windows-7 impersonation windows-authentication iis-7.5
Rectangle 27 4

Who authenticates the user in SP in your app?

In a claims based architecture, you normally would deploy an STS that will authenticate users and issue security tokens (e.g. ADFS). Then you would handle the token back to the app (Sharepoint in your case)

Since authN is already externalized, what you need to do is simply add the STS (e.g. ADFS) as a trusted issuer for the ASP.NET app (using WIF). Conceptually, your SP app and the ASP.NET app are different, with potentially different rules.

From a usability perspective, the user will never see a double logon and all interactions are handled for him. Yet, the 2 apps remain separate entities that you can manage independently.

Bottom line: in a claims based approach, you get the "sharing" without any workarounds. It's built in into the design.

Hi Eugenio, many thanks for your response. You have given me the key things to lookup and investigate. Thanks again.

How to share authentication context between a SharePoint 2010 Site and... sharepoint-2010 claims-based-identity wif
Rectangle 27 2

Impersonation isn't set up in IIS; rather, it's configured through the ASP.NET application itself in web.config.

See for more details, but in brief as you find that the ASP.NET LoginName control sees your credentials your user principal is set correctly. So, just including

<identity impersonate="true" />

in your web.config file should work fine.

Thanks. I've added this but I'm getting a permissions error when loading the page, specifically the items that are built in the code behind. It's asking for credientials. Do I have to change the permissions on teh files in the IIS site?

iis 7 - IIS 7 application - pass through windows authenticatio... iis-7 application-pool
Rectangle 27 3

AD (Active Directory) is a directory service provider (a system that provides authentication, directory, policy, and other services in a Windows environment).

LDAP (Lightweight Directory Access Protocol) is a protocol designed for directory service providers for querying and modifying items in directory service providers like AD, which supports a form of LDAP.

In other words, you use LDAP for retrieving information from AD.

Now, if you need to implement an authentication of intranet users against Windows domain (AD) then you need to read about Integrated Windows Authentication. To enable it typically you need

and optionally enable integrated windows authentication in IE. Read more here

Once done, user will be automatically logged in without entering his login name or password. You will be able to get his identity (User.Identity.Name) and other properties from AD.

This is a secure form of authentication which you can see when using SharePoint, Outlook Web Access or similar intranet applications.

Can i get any sample code to work with as this concept is very new to me?

Does LDAP authenticate username and password from the databse or only Active Directory Username and Password

When talking about Integrated Windows Authentication, your application does not need to have any database of users and their passwords. You even does not require to have any login form as all will go automatically. There is also no programming code required. If you are still in doubt about it, give more details on your requirements.

I am developing one application where User log in to the system using its Username and Password that has been saved into the database.but i want that the username and password must be authenticated using LDAP..

Still not clear why you need to enter login/password if it can be done without it. See example - User authentication in MVC using LDAP - Stack Overflow ldap
Rectangle 27 1

If you are not using the Windows AD as an authentication model, you can go with FBA (Forms Based Authentication). See this article: Configure forms-based authentication (Office SharePoint Server)

Accessing Sharepoint 2007 documents outside network - Stack Overflow

sharepoint sharepoint-2007
Rectangle 27 2

The ValidateUser method is called to verify that a username and password have been correctly entered for a user. It is called during the authentication process.

  • You use a standard control (like the ASP.NET Login control) for authentication in your page (this applies to both regular ASP.NET and SharePoint); or
  • You use the default SharePoint Forms Authentication page (/_layouts/login.aspx). SharePoint will redirect unauthenticated users to this page if the content being accessed is blocked for anonymous users.

You will have to call ValidateUser yourself if you customize the default SharePoint login page and you don't use the ASP.NET Login control.

Thanks dariom! My question is, if I customize SharePoint login page and not using ASP.Net Login control, and for anonymous user, if the anonymous user access specific content which is blocked for anonymous users, will ValidateUser be called automatically?

When an anonymous user encounters blocked content SharePoint will redirect to the URL defined in the web.config (loginUrl attribute of the forms element). If this is a custom login page that doesn't use the ASP.NET Login control you will have to call ValidateUser. I hope that clears things up.

Thanks! My situation is, I have a customized login page (making some UI enhancements compared to SharePoint built-in login page) and use ASP.Net login control in the customized login page. And for anonymous user, if the anonymous user access specific content which is blocked for anonymous users, will ValidateUser be called automatically or just be redirected to my custom login page?

Thanks for clearing up your scenario. In your case, SharePoint will redirect to your custom login page when an anonymous tries to access restricted content. When the user submits the login page, the ASP.NET Login control will call ValidateUser for the membership provider configured in the web.config.

c# - ValidateUser of Forms Authentication issue - Stack Overflow

c# .net sharepoint-2007 forms-authentication
Rectangle 27 1

Could be anything, most common error in SharePoint is authentication errors where a web part is trying to reach content the logged in user cannot reach

You should check the logs, they are available in the directory C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS

Open the last modified log file and search for your Correlation ID, e8eca359-70f9-42d0-b41e-834fbe0fc910

When you find the errors there you will now and also be able to post something that we can use to help you.

sharepoint showing error after uploading a new webpart - Stack Overflo...

sharepoint sharepoint-2010
Rectangle 27 1

You can use any type of authentication system, including Windows-based authentication and forms-based authentication. The profile system doesn't careit simply stores the user-specific information

Thanks, that's what I am thinking as well is that it should work. I had referenced the SO Post in setting up my Web.config but SharePoint seems to be ignoring it entirely even after a couple of iisresets.

SharePoint 2007: Use SqlProfileProvider with Windows Integrated Authen...

sharepoint sharepoint-2007
Rectangle 27 0

Turns out that as long as the page is using the same URL and port as the Sharepoint site, authentication works across both sites.

The solution is to use a Virtual Directory inside of the sharepoint site and install the page there.

Displaying the current authenticated Sharepoint user from an P... sharepoint authentication web-parts
Rectangle 27 0

The users are authenticated by thier login credentials with AD. In a C# ASP.Net page you can get thier username from System.Web.HttpContext.Current.User.Identity.Name

You can use this information to make a web service call to the SharePoint User Profile Service in order to get details SharePoint records on that user. This assumes that the user profile services is installed and running (not a given).

As for authentication information, you will need to be more specific about which information. Remember that the rights given to a given AD user differ completely between what is permissioned for SharePoint and anything you have for the ASP.Net website.

If you are wanting to get information on what permissions a given user has, you can use the SharePoint Permissions web service to get information on what permission there are. Unfortunately, accessing that webservice requires elevated rights on the SharePoint server.

If you are just wanting to align the two sites so they have consistent permissions, your easiest bet is to create the relevant groups in AD and permission those groups independantly in each application.

Interesting. Thank you. As far as being more specific, sorry about that, basicaly what I'm looking for is one single authentication for both sites, so if I log in to a SharePoint site, I don't want to be challenged again when going to the ASP page.

I think it is more likely that I don't have things set up properly. Perhaps my question is... what does it take to have authentication transparent between sharepoint and an external page?

Please explain in more detail what sort of things you would expect from transparent authentication between SharePoint and the external site?

I want the user to log in to the SharePoint Portal and then not have to log in again when getting to the external website. Actually this Portal is a package from SunGard, and I am supposed to find out how to integrate our web applications to SunGard's portal authentication so that we have a single sign on. I followed all steps (setting up directory security and so on) but I can't get it working. I'm not quite sure where to go.

How to get the SharePoint authenticated user from an ASP.NET webpage? ... sharepoint authentication active-directory single-sign-on
Rectangle 27 0

You can use the ASP.NET Membership Provider on a SharePoint site. That is probably you're best option if you're not able to go with Windows Authentication.

There's a good article by Andrew Connell on how to set up the Membership Provider for SharePoint. It is MOSS-described but the practices can be ported to WSS.

SharePoint - ASP.Net Controls Integration - Stack Overflow sharepoint
Rectangle 27 0

SharePoint has an out of the box wiki if you happen to have that available already. If you're coding it from scratch, I would personally start by defining all of the use cases, then modeling the database to meet those needs. Then build your data I/O layer and user interface on that. Since you're using ASP.NET you can take advantage of the forms authentication and user and role infrastructure. The question sounds a little broad for me to really get detailed on anything.

Thanks @xr280xr, You are right that question is broad. I am clear that I need Wiki style documents but I don't know how. That is why I wrote that if someone can help me with links that from where I start gathering information about it.

c# - Incorporating wiki style documents in site - Stack Overflow

c# sql-server wiki
Rectangle 27 0

You'll need to implement an ASP.NET Membership Provider. Basically you'll inherit from ProviderBase and to implement methods which will know to transform your custom schema in useful information for Sharepoint environment. This link can help: Implementing a Membership Provider

I suggest you to develop that custom provider in a regular ASP.NET site and, when you done, to install it at Sharepoint website.

I know there is all users list information from SharePoint, and how could SharePoint get all user information from the membership provider I implemented?

I saw the MSDN page you mentioned, any sample implementation? Better if tailored for SharePoint. :-)

Membership isn't specific to Sharepoint. Build a sample which works with ans, later, configure your Sharepoint by editing its web.config.

I know how to implement membership and profile provider, but how to let SharePoint use the profile provider I developed?

c# - user profile issue with Forms Authentication and SharePoint - Sta...

c# sharepoint-2007 forms-authentication user-profile
Rectangle 27 0

  • Create a User profile service application.
  • When a user logins just check, in user profile service apllication about the permission
  • you can import other user properties from NTML or FBA to User profile application

sharepoint - Authenticate the "same user" using either NTLM or FBA - S...

sharepoint authentication sharepoint-2010 forms-authentication ntlm
Rectangle 27 0

I've been trying to accomplish the same thing, with exactly the same problem - the "forms-authenticated-me" is not the same as the "windows-authenticated-me" to sharepoint, and I can't see how to map the two.

After a lot of frustrating efforts, I think I've finally realized it's not possible. In retrospect, this isn't too surprising.

Deciding to Use Forms Authentication Some organizations want to use Windows users and groups in SharePoint Products and Technologies, but enter credentials via forms authentication. Before using forms authentication, determine why to use forms authentication in the first place: What is the business driver? If user accounts are stored in a location other than an Active Directory domain controller, or if Active Directory is not available in a particular environment, using forms authentication with a membership provider is a good choice. But if you want to force logon only via forms authentication, but still use Windows and all of the integrated features it provides, you should consider an alternative such as publishing the SharePoint site with Microsoft Internet Security and Acceleration (ISA) Server 2006. ISA Server 2006 allows users to log on by using a forms authentication Web form, but treats them like Windows users after authentication. This implementation provides a more consistent and compelling experience for end users.

Sharepoint user profiles with forms authentication - Stack Overflow

sharepoint authentication forms user profiles
Rectangle 27 0

I checked how it's happening in Sharepoint where Windows Authentication is also used and in Firefox the prompt appears and it turned out, that the server response in Sharepoint comes with a header

WWW-Authenticate: NTLM

whereas in my case I got the 401 response with the

WWW-Authenticate: Negotiate
    <binding name="RESTHttpBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="NTLM"/>

Still it's not the solution I'm completely satisfied with: NTLM is said to be downgrading comparing to Windows Authentication. - Firefox doesn't show authentication prompt with Windows Auth... wcf firefox authentication windows-authentication
Rectangle 27 0

I'm not sure which version of SSRS or Sharepoint you're using, but there have traditionally been both a Report Viewer and a Report Explorer web part shipped with Sharepoint in the RSWebParts.CAB file (at least since SQL Server 2005 SP2 I think). You can start there, but if you wanted quick and low-tech you could put in an IFRAME web part and point it to the Reports folder on your SSRS Server. Since you're using Sharepoint, that's also making the assumption that you're using Windows Authentication, so that wouldn't be an issue there.

I would stick with the report viewer/explorer web part

reporting services - DIsplaying SSRS reports in SharePoint? - Stack Ov...

sharepoint reporting-services
Rectangle 27 0

I dont know your requirements and your environment, but couldn't you upload the files directly from the windows client using CSOM?

web services - Is it possible to call a c# WebService with current win...

c# web-services sharepoint authentication asmx