SP2010: Creating a mixed mode login page for claims based authentication
In SharePoint 2010, claims based authentication provides us with a way of dealing with multiple sorts of authentication in one site. Where in the older SharePoint versions you needed to create a new site for each authentication method (Windows, Forms), you can now use both at the same time. This means all users are visiting the same URLs, which is very nice when those users are passing links back and forth. But the default login screen is… wel let’s just say it’s not that intuitive.
The default login screen SharePoint presents for mixed mode is kind of weird. It displays a dropdown box with two choices: Windows (Active Directory) of Forms (External) based authentication. Most of my users, especially the external ones, won’t have a clue what this means and since they’re mostly using Windows computers, they’ll go for the Windows option. Since that won’t work, I wanted to be ahead of problems by creating my own login page.
I did some research which you can read in this post: http://jsiegmund.wordpress.com/2010/04/27/sp2010-cannot-get-membership-provider-for/. I’ll stick to the steps you need to take to create a custom page yourself in this post.
I wanted to provide two things on my custom page:
– A login control for external users
– A link to the Windows login for internal users. That link can be used as a favorites link too, which means the internal users can skip the entire login screen and just login with their current Windows account.
First, you need a page which is a copy of the forms login page SharePoint provides. You’ll find that in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\IDENTITYMODEL\FORMS. You need to create your own class which will handle authentication of the user, or if you really don’t want to add any custom things, you can probably use the base class, which will be:
I had some trouble finding the correct DLL to include: it’s located in the bin directory of your claims site, it’s called Microsoft.SharePoint.ApplicationPages.
On the login page, a login control is provided. It’s ID is ‘signInControl’. You can attach to the Authenticate event of this control in the OnLoad event of the page.
In this Authenticate event, you can now do some custom authentication if you’d like. The method you should use to authenticate your forms user is the following:
SPClaimsUtility.AuthenticateFormsUser(Request.Url, this.signInControl.UserName, this.signInControl.Password)
It will return a boolean on which you can act to redirect the user either to the default page or the page you want.
For the Windows authentication, it’s fairly simple. You just need a link which points to:
For the return URL, you can pass in the ReturnUrl query parameter which ASP.NET will provide for you (it points to the page the user requested). Make sure to pass it along, otherwhise the user will always end up on the home page, even when he’s using favorites shortcuts.
With these basic steps, you can create a page with a login control for external users and a direct link for internal users. It’s a lot more intuitive this way. You could even use the Authenticate event to check if the user maybe is an internal one (one who doesn’t like to read your instruction) and handle Windows authentication from the same login control.