Re: Transfer authentication token - how to single sign-on

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/14/05


Date: Sun, 13 Nov 2005 23:15:02 -0600

Note that with Windows Server R2 and the new single sign on features in the
Federated Identity system, you might be able to build something like this.
It would depend on whether the new system supports OWA yet and you were
willing to use the Federated identity system with your web app instead of
the ASP.NET forms auth you implemented.

Note that Dominick is absolutely right here in general.

Joe K.

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be6313825f8c7b65310515284@news.microsoft.com...
> Hello Dave,
>
> first of all - no you cannot do that.
>
> But why does OWA prompt for credentials?? aren't your users domain users?
> SSO should work out of the box ??!!
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> We have an ASP.NET app that uses Forms Authentication, but we wrote
>> the authentication piece to query Active Directory for credentials
>> approval. This is all working fine, but what I would like to do is
>> provide a link from from our asp.net app to an Outlook Web Access
>> server. When I do this, however, the Integrated Windows
>> Authentication of OWA prompts the user for their password again. Is
>> there any way to "pass" the approved Windows security token from our
>> application to the Exchange server running OWA so the user is not
>> prompted for their password if they have already authorized themselves
>> to us? (Basically, how do you accomplish single sign-on with a
>> Microsoft network... all users will be kept in a Windows 2003 Active
>> Directory domain).
>>
>> - Thanks, Dave
>>
>
>