Is it possible to share the claims based authentication of a logged in Sharepoint 2010 user with a separate Asp.net application?
The following article describes how it was done using Sharepoint 2007 and forms authenticatio开发者_JAVA技巧n through forms auth and sharing machine keys etc however I cannot find any information regarding the external application consuming the claims authentication that is now used in Sharepoint 2010?
Who authenticates the user in SP in your app?
In a claims based architecture, you normally would deploy an STS that will authenticate users and issue security tokens (e.g. ADFS). Then you would handle the token back to the app (Sharepoint in your case)
Since authN is already externalized, what you need to do is simply add the STS (e.g. ADFS) as a trusted issuer for the ASP.NET app (using WIF). Conceptually, your SP app and the ASP.NET app are different, with potentially different rules.
From a usability perspective, the user will never see a double logon and all interactions are handled for him. Yet, the 2 apps remain separate entities that you can manage independently.
Makes sense?
Bottom line: in a claims based approach, you get the "sharing" without any workarounds. It's built in into the design.
精彩评论