I have a SharePoint 2010 site that uses a trusted identity provider and a custom claims provider against my Secure Token Service. When I am in HTTP all the time it is great. When I am in HTTPS all the time it is great. But when I switch from HTTP to HTTPS, I am redirected to the STS and a loop begins between the STS and mysite/_trust.
It looks like the FedAuth cookie used from HTTP does not match the FedAuth cookie needed for HTTPS, but the STS sees you are logged in and does not issue a new cert.
Any ideas how to make the realm http:mysite.site.com and https://mysite.site.com work without issue.
UPDATE:
After a lot of debugging and code changes, it seems like this is a client side issue with the cookie. If I log into HTTP and switch to HTTPS, it transfers fine. But if I go from HTTPS to HTTP, it goes into the loop. I believe this is because the cookie is set to "secure". I think that the cookie cannot be read by the HTTP site. My answer may be in finding out how to make the cookie not "secure" so it can be used on both sides.
There are two ways to approach this issue. The issue is the FedAuth cookie is marked secure and HTTPOnly. So when you flip from HTTPS to HTTP, the cookie can't be read by SharePoint /_trust/
The approach I went with, was to modify the default.aspx in the _login directory. It can be found here C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\template\identitymodel\login\
I replaced the existing default.aspx with this default.aspx page
<%# Assembly Name="Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Register Tagprefix="SharepointIdentity" Namespace="Microsoft.SharePoint.IdentityModel" Assembly="Microsoft.SharePoint.IdentityModel, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Assembly Name="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%# Import Namespace="Microsoft.SharePoint.WebControls" %>
<%# Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Import Namespace="Microsoft.SharePoint" %> <%# Assembly Name="Microsoft.Web.CommandUI, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Page Language="C#" MasterPageFile="~/_layouts/simple.master" %>
<asp:Content ID="PageHead" ContentPlaceHolderID="PlaceHolderAdditionalPageHead" runat="server">
</asp:Content>
<asp:Content ID="Main" ContentPlaceHolderID="PlaceHolderMain" runat="server">
<script language="C#" runat="server">
protected void Page_Load(object sender, EventArgs e)
{
string killed = "no";
if (Request.Cookies["FedAuth"] != null)
{
killed = "yes";
HttpCookie expiredCookie = new HttpCookie("FedAuth");
expiredCookie.Expires = DateTime.UtcNow.AddDays(-1);
Response.Cookies.Add(expiredCookie);
}
string returnURL = Request["ReturnUrl"].ToString();
Response.Redirect("/_trust/default.aspx?trust=SSO%20Trusted%20Provider&ReturnUrl=" + returnURL + "&cooke=" + killed);
}
</script>
</asp:Content>
There is no code behind for it.
The other way to approach it is to modify the cookie with a new cookie handler. You can see that here. http://www.msngn.com/blog/Lists/Posts/Post.aspx?ID=5
Another answer to this is to put HTTP and HTTPS in the same zone in alternate access mapping. Then you need to override the cookiehandler to allow the same cookie to be used in HTTP as well as HTTPS.
http://www.msngn.com/blog/Lists/Posts/Post.aspx?ID=5
Related
We have a B2C with custom policies for sign Up, Sign In and Social login, the base page layout is loaded from a CDN (base.html) our custom page layout is as simple as this:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link crossorigin="anonymous" href="https://cdn.jsdelivr.net/npm/bootstrap#4.6.0/dist/css/bootstrap.min.css" rel="stylesheet" />
</head>
<body>
<div class="container">
<div class="d-flex justify-content-center h-100">
<div class="card">
<div id="api"></div>
</div>
</div>
</div>
<script crossorigin="anonymous" src="https://code.jquery.com/jquery-3.4.1.min.js" type="text/javascript"></script>
<script crossorigin="anonymous" src="https://cdn.jsdelivr.net/npm/bootstrap#4.6.0/dist/js/bootstrap.bundle.min.js" type="text/javascript"></script>
</body>
</html>
Inside our Custom Policy we use a ContentDefinition like this:
<ContentDefinition Id="api.signuporsignin">
<LoadUri>https://XXXXX.z16.web.core.windows.net/{OIDC:ClientId}/base.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.4</DataUri>
<Metadata>
<Item Key="DisplayName">Signin and Signup</Item>
</Metadata>
</ContentDefinition>
Which works fine because is retrieving the base.html from static website (STA) instead of the Azure CDN configured over the blob STA.
If we change the LoadUri pointing to https://xxx.azureedge.net/{OIDC:ClientId}/base.html which is the CDN endpoint B2C returns an error saying there was a problem loading scripts on page and not rendering the login form.
Using both URL's from static websoite and CDN in any browser renders the page correctly which is white empty with just a Login title.
I think is a CORS problems when B2C tries to request this page from CDN.
I have configured CORS in my STA, adding my B2C tenant like picture below but not working at all:
Any help configuring B2C against a CDN please?
If there is a CORS problem here, it could be in the CDN: https://learn.microsoft.com/en-us/azure/cdn/cdn-cors.
According to the documentation, you can create a rule to set the proper response header:
I'm attempting to just add an OOTB Web Part (actually to create a variation of a Search Page) in an App for SharePoint using an Office 365 Development Site for development but this happens with ANY OOTB Web Part. The default code when I create a page of course is this:
<%# Page language="C#" MasterPageFile="~masterurl/default.master"
Inherits="Microsoft.SharePoint.WebPartPages.WebPartPage,
Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" %>
<%# Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities"
Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" %>
<%# Register Tagprefix="WebPartPages" Namespace="Microsoft.SharePoint.WebPartPages"
Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" %>
<%# Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls"
Assembly="Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" %>
<asp:Content ContentPlaceHolderId="PlaceHolderAdditionalPageHead" runat="server">
<SharePoint:ScriptLink name="sp.js" runat="server" OnDemand="true"
LoadAfterUI="true" Localizable="false" />
</asp:Content>
<asp:Content ContentPlaceHolderId="PlaceHolderMain" runat="server">
<WebPartPages:WebPartZone runat="server" FrameType="TitleBarOnly"
ID="full" Title="loc:full" />
</asp:Content>
And I just want to add, say, the SearchArea Web Part into the Zone I always get this on testing:
"Cannot create XmlSerializers for this Web Part"
This seems so simple and yet I always get this error. This essentially happens with ANY OOTB Web Part. What am I doing wrong? Again, I just have an App for SharePoint that will deploy a heavily customized Search experience, but MUST use the OOTB SharePoint controls for Search in certain areas.
Thoughts?
I want to reference a class library method inside the application aspx page but I keep getting the dreaded Yellow Screen of Death with the error message
CS0103: The name 'Common' does not exist in the current context.
I followed the steps mentioned here to add the project to GAC and I also restarted IIS via IIS Manager.
Here's my application page:
<%# Assembly Name="$SharePoint.Project.AssemblyFullName$" %>
<%# Import Namespace="Microsoft.SharePoint.ApplicationPages" %>
<%# Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Register Tagprefix="asp" Namespace="System.Web.UI" Assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" %>
<%# Import Namespace="Microsoft.SharePoint" %>
<%# Assembly Name="Microsoft.Web.CommandUI, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Page Language="C#" AutoEventWireup="true" CodeBehind="ApplicationPage1.aspx.cs" Inherits="SharePointProject1.Layouts.SharePointProject1.ApplicationPage1" DynamicMasterPageFile="~masterurl/default.master" %>
<asp:Content ID="PageHead" ContentPlaceHolderID="PlaceHolderAdditionalPageHead" runat="server">
</asp:Content>
<asp:Content ID="Main" ContentPlaceHolderID="PlaceHolderMain" runat="server">
<asp:Label ID="lblTest" runat="server" />
<%= Common.Lib.Utility.GetStatusImage("approved") %>
</asp:Content>
<asp:Content ID="PageTitle" ContentPlaceHolderID="PlaceHolderPageTitle" runat="server">
Application Page
</asp:Content>
<asp:Content ID="PageTitleInTitleArea" ContentPlaceHolderID="PlaceHolderPageTitleInTitleArea" runat="server" >
My Application Page
</asp:Content>
I am devloping a sharepoint website in Forms authentication mode. I am trying to authenticate myself/ my company users against company's active directory.
The ldap path I received from my technical team is
LDAP://infinmumcfac.inf.com
OU=Infotech,DC=inf,DC=com
I got this piece of code from microsoft site.
<membership defaultProvider="LdapMembershipProvider">
<providers>
<add
name="LdapMembership"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server="DC"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="CN=Users,DC=userName,DC=local"
userObjectClass="person"
userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn"
/>
</providers>
</membership>
The site asked me to change the Server and Usercontainer attribute. I have modified the code to
<membership defaultProvider="LdapMembershipProvider">
<providers>
<add
name="LdapMembership"
type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
server=” infinmumcfac.inf.com”
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer=" OU=Infotech,DC=inf,DC=com "
userObjectClass="person"
userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn"
/>
</providers>
</membership>
I placed this code in web.config file of central administration site and my sharepoint website . I am still facing login issues.
Any help or insight would be highly grateful.Thanking in anticipation.
You also need to set up zones, authentication providers and alternate access mappings in central administration.
I have to create a site definition for a client that must contain pre-defined web part pages. I can create the web part pages but am at a loss when it comes to attaching them to the site on creation.
I know web part pages created through SharePoint are stored in a Document Library. Do I need to pre-populate a "Web Part Pages" document library and add the needed navigation to these files? If so, how do I go about adding the needed aspx files?
Finally, are there any caveats that I should be aware of for configuring the custom web part page in onet?
You can provision the page in ONET.XML.
First add a web part page template to your site definition.
Then provision an instance of the page (with the web parted added) in your ONET.XML.
This stuff is described fully in Ted Pattison's book Inside Windows SharePoint Services 3.0
default.aspx
<%# Assembly Name="Microsoft.SharePoint,Version=12.0.0.0,Culture=neutral,PublicKeyToken=71e9bce111e9429c" %> <%# Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %> <%# Register Tagprefix="Utilities" Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %> <%# Import Namespace="Microsoft.SharePoint" %> <%# Register Tagprefix="WebPartPages" Namespace="Microsoft.SharePoint.WebPartPages" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%# Page language="C#" MasterPageFile="~masterurl/default.master"
Inherits="Microsoft.SharePoint.WebPartPages.WebPartPage" %>
<asp:Content ContentPlaceHolderId="PlaceHolderMain" runat="server">
<table cellspacing="0" border="0" width="100%">
<tr>
<td class="ms-pagebreadcrumb">
<asp:SiteMapPath SiteMapProvider="SPContentMapProvider" id="ContentMap" SkipLinkText="" NodeStyle-CssClass="ms-sitemapdirectional" runat="server"/>
</td>
</tr>
<tr>
<td>
<table width="100%" cellpadding=0 cellspacing=0 style="padding: 5px 10px 10px 10px;">
<tr>
<td valign="top" width="70%">
<WebPartPages:WebPartZone runat="server" FrameType="TitleBarOnly" ID="Left" Title="loc:Left" />
</td>
<td> </td>
<td valign="top" width="30%">
<WebPartPages:WebPartZone runat="server" FrameType="TitleBarOnly" ID="Right" Title="loc:Right" />
</td>
<td> </td>
</tr>
</table>
</td>
</tr>
</table>
</asp:Content>
<asp:Content ID="Content1" ContentPlaceHolderId="PlaceHolderPageTitle" runat="server">
<SharePoint:ProjectProperty ID="ProjectProperty1" Property="Title" runat="server"/>
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderId="PlaceHolderPageTitleInTitleArea" runat="server">
<label class="ms-hidden"><SharePoint:ProjectProperty ID="ProjectProperty2" Property="Title" runat="server"/></label>
</asp:Content>
ONET.xml snippet
<Module Name="Default" Url="" >
<File Url="default.aspx" Type="Ghostable">
<!-- Add a Web Part to left zone -->
<AllUsersWebPart WebPartZoneID="Left" WebPartOrder="0">
<![CDATA[
<WebPart
xmlns="http://schemas.microsoft.com/WebPart/v2"
xmlns:cewp="http://schemas.microsoft.com/WebPart/v2/ContentEditor">
<Assembly>Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c</Assembly>
<TypeName>Microsoft.SharePoint.WebPartPages.ContentEditorWebPart</TypeName>
<Title>Working with Site Definitions</Title>
<FrameType>TitleBarOnly</FrameType>
<cewp:Content>
This Web Part was added through declarative logic in ONET.XML
</cewp:Content>
</WebPart>
]]>
</AllUsersWebPart>
</File>
</Module>
You can follow this methodology which uses Feature Stapling. I used this to automatically add web parts to My Sites when they are created:
http://blogs.msdn.com/sharepoint/archive/2007/03/22/customizing-moss-2007-my-sites-within-the-enterprise.aspx