Re: Transfer authentication token - how to single sign-on

From: Dave Slinn (CougarDave_at_noemail.noemail)
Date: 11/15/05


Date: Tue, 15 Nov 2005 00:17:24 -0600

I will investigate the Federated Identity system you indicated.

The reason OWA prompts for credentials is because the users are hitting this
server from the Internet. Even though they are domain users, they haven't
"logged on" to the network.

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OHKoepN6FHA.808@TK2MSFTNGP09.phx.gbl...
> Note that with Windows Server R2 and the new single sign on features in
> the Federated Identity system, you might be able to build something like
> this. It would depend on whether the new system supports OWA yet and you
> were willing to use the Federated identity system with your web app
> instead of the ASP.NET forms auth you implemented.
>
> Note that Dominick is absolutely right here in general.
>
> Joe K.
>
> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
> wrote in message news:4580be6313825f8c7b65310515284@news.microsoft.com...
>> Hello Dave,
>>
>> first of all - no you cannot do that.
>>
>> But why does OWA prompt for credentials?? aren't your users domain users?
>> SSO should work out of the box ??!!
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>
>>> We have an ASP.NET app that uses Forms Authentication, but we wrote
>>> the authentication piece to query Active Directory for credentials
>>> approval. This is all working fine, but what I would like to do is
>>> provide a link from from our asp.net app to an Outlook Web Access
>>> server. When I do this, however, the Integrated Windows
>>> Authentication of OWA prompts the user for their password again. Is
>>> there any way to "pass" the approved Windows security token from our
>>> application to the Exchange server running OWA so the user is not
>>> prompted for their password if they have already authorized themselves
>>> to us? (Basically, how do you accomplish single sign-on with a
>>> Microsoft network... all users will be kept in a Windows 2003 Active
>>> Directory domain).
>>>
>>> - Thanks, Dave
>>>
>>
>>
>
>