Office and Forms Authentication

Because SharePoint 2007 is built on ASP.NET 2.0 we get a new wonderful feature and that's forms authentication.  Actually I think it might be more than just the idea that it's built on top of ASP.NET 2.0, it's probably because the team realized what a cool feature this would be to have for extranet and internet solutions.  In my opinion this is going to help SharePoint become a development platform.  Now if it just doesn't get priced at some astronomical figure I'll be really happy.  There are some drawbacks though.

I think SSO breaks completely, but I haven't looked into any work arounds at all.  Search technically breaks, but there is a work around for it.  Basically you have to have two site that point to the same content.  One site uses forms authentication while the index server uses the integrated secure URL.  From what I was told search is able to present the appropriate URL.  I'd be curious what other people experiences are with this.  Compared to everything else I have to jump through. . . that's not really a broken thing though it would be nice if it just worked OOB.

The one I was interested in is office breaking.  What a bummer.  I kind of want office to work integrated with SharePoint, I think it's really great that we can save a document right to a URL.  Well there is a work around, but let's talk more about the problem. 

In short Office doesn't understand 302 redirects and that's the foundation on which ASP.NET 2.0 authentication works.  If the client office tool, such as Excel or Word, can find a cookie then everything is wonderful and it all works just fine. 

So the short answer is if you had a  persistent cookie on the client machine then you can use office.  Just by simply logging in a browser, because the cookie is persistent, the user can close the browser and continue to use the client integrated tool, Word or Excel. 

Let's say that our user leaves and someone came up to that machine and went to the SharePoint site. . .well they'd be logged in as that previous user.  So you can imagine that persistent cookies might not be the most desirable approach.

Most of the time on sites that use persistent cookies people may not even notice this problem.  In the natural flow of work a user would go to the web first to open documents. 

So I've come up with a solution that I would like to collaborate on and maybe request to be put on CodePlex if it's worthy. Here it is in a nutshell, but first understand that this design is based on my belief of not having any hooks into the common dialog boxes.  (Damn it Jim, I'm a web guy not an office adding guy.)

Being web based users chances are pretty good that they can belong to more than one SharePoint site.  Users should be able to manage a ubiquitous list of SharePoint sites from any office application.  Management includes adding, removing, logging in and logging out.  Editing would be a nice to have but that could easily be done by removing and adding.  The user should be able to quickly determine if they are logged into any sites at all and if so what sites they are currently logged into.

So I was thinking of a tool bar with a button/light on it.  On mouse-over a list would appear indicating all of the sites they are currently logged into.  The light would be green if the user was logged into 100% of the sites in their list, yellow for being logged into one or more and red for not being logged into any of them at all.  When clicked a dialog box would appear.  On the top would be a text box with an add button just to the right of it.  Below would be a multi-lined text box maybe 15 rows, displaying what sites the user is interested in keeping track of.  The sites would be a solid black or green for being logged in and gray and italics for being logged out.  The user could select a URL and choose either remove, login, or logout.  Remove and logout are the simplest.  This would remove the site from the list or log out the user by deleting the cookie, respectively.  Login would present a modal dialog box with an HTML control on it.  The user would have the opportunity to login.  After successful login the user would be redirected to a "you are now logged in.  Click OK to continue"  The user clicking OK on the modal, would of course, close the modal and refresh the list of logged in sites.  The user should now see their site in the appropriate logged in status.

Let me know what you think and if you want to work on this with me.

  • Facebook
  • DZone It!
  • Digg It!
  • StumbleUpon
  • Technorati
  • Del.icio.us
  • NewsVine
  • Reddit
  • Blinklist
  • Furl it!
Post a comment!
  1. Formatting options
       
     
     
     
     
       



Rss Feed
    follow me on Twitter

    Where I'm Going

    Some Writing I've Done


    Chat With Me