Issues using external authentication with SharePoint 2010

We are using the “CAS” Single Sign-On system that was developed by Jasig. A开发者_如何学运维nd trying to authenticate users against it for a SharePoint 2010 site. The main issue is that we are validating the user’s username and password on an external site that sends a “ticket” back to our SP2010 site via query string. Our app then revalidates this ticket against a CAS system to make sure the ticket is valid. If the ticket is valid, we go ahead and say the user is authenticated. In a .NET app, at this point all I need to do is call this:

FormsAuthentication.RedirectFromLoginPage(username, false);

Then, our “username” user is authenticated, and everything works just great. In SharePoint, however, this isn’t enough. I can only get SP 2010 to authenticate my user if before calling the previous line, I call:

SPClaimsUtility.AuthenticateFormsUser(Request.Url, username, password);

Obviously this is a huge problem, because at this point, I do not have their password. I only have a ticket from the CAS server. I need a way to “force” the authentication of a user in SharePoint.

Microsoft did some huge changes to custom auth with SP2010 Beta to RTM as we found out the hard way. Anyway, we got basically the same challenge, using a ticket as the means of authentication, and we got it working:

Your customlogin.aspx will typically contain something like

var ticket = SecurityProvider.GetTicketForCurrentUser(Session);
var credentials = SecurityProvider.ValidateTicket(ticket);
var username = credentials.Username;
var password = credentials.Password;
var securityToken = GetClaimsToken(username, password);
var fam = Context.ApplicationInstance.Modules["FederatedAuthentication"] as
                    SPFederationAuthenticationModule;
fam.SetPrincipalAndWriteSessionToken(securityToken);
SPUtility.Redirect(SPContext.Current.Site.Url, SPRedirectFlags.Trusted, Context);

The SecurityProvider containing ValidateTicket

   public static UserCredentials ValidateTicket(string ticket)
    {
        UserCredentials creds = UserWSClient.GetUserCredentials(ticket);
        return creds;
    }

Your biggest challenge might be writing a webservice that recieves the ticket and returns the credentials instead of a boolean stating wether the ticket was valid or not. Best of luck!