How to use SSO with SharePoint 2010 (FBA) using subdomains Moataz Esmat EXT.1386
I. Browse the web applications using subdomains: After creating the FBA web applications you need to simulate browsing the web applications with subdomains by the following steps: 1. Edit the hosts file which is located in C:\windows\System32\drivers\etc. 2. Add your subdomains using this format regardless the port numbers (IP Subdomain): 10.2.10.49 sub1.domain.com 10.2.10.49 sub2.domain.com 3. Save and close the hosts file. 4. Start IIS and edit bindings for the web applications. 5. Add Site Binding for each one with different subdomain name ex: sub1, sub2 6. Close the IIS and open SharePoint central administration. 7. Go to Application Management, you will find Configure alternate access mappings under Web Applications.
8. Edit public URLs for your web applications 9. Now you can browse the web applications using subdomains.
II. Change machine key for all web applications The web applications and SecurityTokenServiceApplication must have the same machine key. This can be done using the following steps: 1. Start IIS and select your web application the Machine Key 2. Make sure you applied the following settings Note: These Keys are generated automatic. You can get new ones from the Generate Keys at the right Actions menu.
3. Copy these keys to the other applications. Also copy it to SecurityTokenServiceApplication which is located under SharePoint Web Services. III. Creating custom sign in page Start visual studio. Create new project of type Empty SharePoint Project. Then add new item and select application page. Add reference to Microsoft.SharePoint.IdentityModel.dll you will find it under c:\windows\assembly\gac_msil\microsoft.sharepoint.identitymodel\14.0.0.0 71e9bce111 e9429c\ Add the following Code to the aspx page or add your custom design for the login <html> <head id="head1" runat="server"> <title>login Page </title> <style> body color: #000000; font: 12px/1.4 arial,freesans,helvetica,sans-serif; margin: 0; #LoginBox margin: 0 auto; min-width: 200px; padding: 1em; width: 470px; margin-top: 100px; #LoginBox.Form-Content -moz-border-radius: 0.4em 0.4em 0.4em 0.4em; background-color: #FFFFFF; border: 1px solid #BBBBBB; min-height: 50px; padding: 1em; position: relative; #LoginBox.Form-Content h2 border-bottom: medium none; color: #333333; font-size: 1.6em; margin: 0 0 1em; #LoginBox.LoginTextField -moz-border-radius: 0.3em 0.3em 0.3em 0.3em; border: 1px solid #DDDDDD; margin: 0;
padding: 2px; width: 160px; #LoginBox.LoginButton -moz-border-radius: 0.3em 0.3em 0.3em 0.3em; line-height: 1.2; margin: 10px 10px 0 0; padding: 0 0.5em; </style> </head> <body> <form id="form1" runat="server"> <div style="clear: both;"> </div> <div id="loginbox"> <div class="form-content"> <h2> Login</h2> <table width="100%" cellpadding="0" cellspacing="1"> <td style="width: 80px; white-space: nowrap; line-height: 2.4;"> UserID: <asp:textbox ID="UserName" CssClass="LoginTextField" runat="server"></asp:textbox> <td style="width: 80px; white-space: nowrap; line-height: 2.4;"> Password: <asp:textbox ID="Password" CssClass="LoginTextField" runat="server" TextMode="Password"></asp:TextBox> <asp:label ID="lblError" runat="server"></asp:label> <asp:button ID="Login" runat="server" CssClass="LoginButton" OnClick="Login_Click" Text="Submit" /> </table> <p> </p>
</div> </div> </form> </body> </html> In your code behind file (.cs file) make sure the class inherits from System.Web.UI.Page And add the following code protected void Login_Click(object sender, EventArgs e) if (!(UserName.Text.Length > 0 && Password.Text.Length > 0)) lblerror.text = "User Name or Password can not be empty!"; else bool status = SPClaimsUtility.AuthenticateFormsUser(Context.Request.UrlReferrer, UserName.Text, Password.Text); is created. application resides if (!status)// if auth failed lblerror.text = "Wrong Userid or Password"; else //if success //call SetAuthCookie method to log in. A forms authentication cookie // Domain name in the cookie defaults to the subdomain where the FormsAuthentication.SetAuthCookie(UserName.Text, false); domain //modify the Domain attribute of the cookie to the second level System.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(User.Identity.Name.ToString(), false); MyCookie.Domain = "mauritius.gov";//the second level domain name Response.AppendCookie(MyCookie); Response.Redirect("/Pages/default.aspx"); //Use site url Deploy the new the project to your web application and make sure from the setting that this sign in page is set as the default sign in page.