cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Getting portal user id from asp.net

Go to solution
Former Member

on ‎04-11-2006 3:04 PM

0 Kudos

I'm trying to retrieve the portal login id from asp.net programs in EP6.

We currently do not have SSO. And we aren’t using User Mapping.

I have existing programs that work fine on EP5 but I’m unable to retrieve the user id when I try to run them through EP6. These programs are installed on the portal server.

In EP5:

I'm using the iView Editor, URL tab to do a get method:

Label: logon

Value: #USER NAME#

Then, in my program the code is:

string o_user;

lblQstring.Text = Request.QueryString.Get(0).ToString();

o_user = this.lblQstring.Text.Substring(this.Label1.Text.IndexOf("
") + 1);

In EP6:

I couldn’t figure out what needed to be put in the parameters in the URL iView editor, so I don’t know if the old code would even work. It definitely doesn’t work without the parameters.

I also tried the following, in my code, which works on new portal applications made with the PDK in .net ~ but it doesn't work in the old asp.net ones.

string new_user;

new_user = this.User.Identity.Name.ToString();

new_user = new_user.ToUpper();

txtUserid.Text = new_user;

Is there a way to retrieve the portal login under these circumstances? If so, how?

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-12-2006 3:17 PM
0 Kudos

Julie, the solutions that André and Reiner have presented are indeed excellent and elegant solutions utilizing SSO.

However, you mentioned in your first post that you are trying to do this without SSO.

It might be a good idea to implement SSO and go with the solutions they provide. Otherwise, please do keep us posted on what you find. Thanks! --Shibli

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎04-14-2006 6:58 PM
0 Kudos

I'm trying to re-do one of the programs in PDK to see how difficult it is. Thanks for your help.

Show replies
Show replies
Former Member
‎07-05-2006 3:22 PM
0 Kudos

Hello,

did you solve the issue with passing the user parameter?

Because i've the same problem now. Can you help me please?

thanks in advance

Message was edited by: Geert Vandenbroucke

Former Member
‎07-05-2006 4:17 PM
0 Kudos

This is how I ended up getting the user id. Our BW system has a method DECODE_BASE64 - I created a function from it:

FUNCTION Z_DECODE_BASE64.

*"----

-

""Local Interface:

*" IMPORTING

*" VALUE(COOKIE) TYPE STRING

*" EXPORTING

*" VALUE(COOKIEDECODED) TYPE STRING

*"----

-

DATA: cookiept1 type string,

cookiept2 type string,

cookiept3 type string,

COOKIEPT4 TYPE STRING,

cookielength1 type i ,

cookielength2 type i.

CALL METHOD CL_HTTP_UTILITY=>IF_HTTP_UTILITY~DECODE_BASE64

EXPORTING

ENCODED = cookie

RECEIVING

DECODED = cookiedecoded

.

SPLIT cookiedecoded at ':' into cookiept1 cookiept2.

SPLIT cookiept2 at 'basic' into cookiept3 cookiept4.

cookielength1 = strlen( cookiept3 ).

cookielength2 = cookielength1 - 3.

cookiedecoded = cookiept3+0(cookielength2).

ENDFUNCTION.

******************DOT NET CODE***********

string o_user;

int loop1;

HttpCookieCollection objCookieColl;

HttpCookie objThisCookie;

objCookieColl = Request.Cookies;

// Capture all cookie names into a string array.

String[] arr1 = objCookieColl.AllKeys;

// Grab individual cookie objects by cookie name.

for (loop1 = 0; loop1 < arr1.Length; loop1++)

{

objThisCookie = objCookieColl[arr1[loop1]];

//Grab all values for single cookie into an object array.

if (objThisCookie.Name == "MYSAPSSO2")

{

base64String = objThisCookie.Value;

try

{

proxy2.Z_Decode_Base64(base64String, out base64String);

o_user = base64String.ToUpper();

}

catch

{

Response.Write("Unable to identify User.");

}

}

}

***************END OF CODE********************

After I found this work around I was given the following advice, but I never tried it because I had what I needed (the userid)...

The SAPSSOEXT library provides functions that enable non-SAP applications to verify SAP logon tickets and extract the user ID from the logon ticket. The library is coded in C and has a JNI Java interface and a COM (Windows) interface. The library comes with Java, C, and C# sample files that demonstrate how you can implement the library in the source code of a high level programming language such as Visual Basic, C, JAVA, or .NET.

Now this Dynamic Link Library can be downloaded from:-

From SAP Service Marketplace at service.sap.com/patches ® (Downloads tab) ® SAP Support Packages ® Support Packages and Patches ® Entry by Application Group ® Additional Components ® SAPSSOEXT ® ® SAPSSO EXT lib for SAP logon ticket.

This should solve the problem with writing custom code to extract the UID/password from the MYSAP COOKIE.

reiner_hille-doering
Active Contributor
‎07-06-2006 8:19 AM
0 Kudos

As Julie reposted this, I reposte my note too :

The ticket toolkit it not more than just a .NET wrapper around one of these unmanaged DLLs available. Source code is available, so if you need to debug or think that I did something wrongly, you can do so.

Your solution to use an RFC just to do a Base64 decoding is somehow strange to me. If it's just a matter of doing Base64 decoding, you can use the .NET framework function Convert.FromBase64String . As the user name is contained in the decoded ticket in clear text, it's not difficult to extract it - similar as in you ABAP snipped. But the challenging thing is not to get the username, but to verify the ticket - meaning to check if it is valid. For this you need the public key (in form of verify.pse) and the cryptographic algorithm, that e.g. check the cryptographic hash and the lease timeout.

Former Member
‎07-07-2006 2:42 AM
0 Kudos

I tried using the Convert.FromBase64String in my dotnet code, but it wasn't working for me either. I don't recall getting errors, just empty results (but it's been awhile since I tried it).

I worked on trying to get the user id by various methods for two weeks. When I found out that this roundabout method worked, I went with it. I'm sure we had something that wasn't set up yet that was causing the other methods to fail, but I don't know what it was and I had other work to do. So at least for now, this is getting the results I needed.

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎04-12-2006 7:55 AM
0 Kudos

Hi Julie,

you can pass the portal user id as a parameter used for a URL of the AppIntegrator iView.

The syntax of the URL would be the following:

http://

However this would send the username in clear text.

Therefore I would recommend to make use of the SAP Logon Ticket that is send as a digitally signed cookie with each request used by the AppIntegrator iView.

The SAP Logon Ticket contains the SAP user name (not the password !).

There are two options how to make use of the SAP user name stored in the SAP Logon Ticket.

Option 1 is to use a Web Server Filter provided by SAP for the IIS that is able to extract the SAP user name from the SAP Logon Ticket. It thereby checks the validity of the ticket, too.

Option 2 is to use the SSO22KerbMap Module. This ISAPI Filter creates Kerberos Tickets from the information found in a valid SAP Logon Ticket. In such a case you could use windows integrated authentication for the IIS running your ASP.NET application.

Both options are described in my whitepaper in SDN:

<a href="http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/4f209cf3-0201-0010-1db5-d2e33048b6c8">Using SAP Logon Tickets for Single Sign on to Microsoft based web applications</a>

Best regards,

André

Show replies
Show replies
reiner_hille-doering
Active Contributor
‎04-12-2006 8:32 AM
0 Kudos

A third option, or better a variant of Option 1, is my ".NET Ticket Toolkit" decribed in SDN article https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/edb8a190-0201-0010-d398-c23...

.

Former Member
‎04-12-2006 5:44 PM
0 Kudos

Andre,

How would I go about setting it up to read the url?

That is what I was doing in EP5. What code would I need? How do I set it up in Portal?

Former Member
‎04-11-2006 5:16 PM
0 Kudos

Julie, when you say, "I also tried the following, in my code, which works on new portal applications made with the PDK in .net ~ but it doesn't work in the old asp.net ones." I assume you mean that its working in iViews you create using the PDK for .NET, but it is not working in your URL iViews which point to ASP.NET apps on an IIS server?

Please clarify this so I can explain further. Thanks. --Shibli

Show replies
Show replies
Former Member
‎04-11-2006 5:26 PM
0 Kudos

The old ones are done on .aspx pages and I can't figure out how to retrieve the user id for use in the programs.

The ones I do using PDK are actually portal components with the extension .ascx. With these I can get the user id with this code:

o_user = this.User.Identity.Name.ToString();

So it's great for any new applications that I build, but there are quite a few large applications built with .ascx pages. So it isn't really feasible to rebuild them.

I want to know how to retrieve the user id in EP6 using .aspx pages. We don't have user mapping or SSO.

Former Member
‎04-11-2006 5:28 PM
0 Kudos

I guess I didn't really answer your question. Yes - that is what I'm saying. The old ones are stored in IIS and the new ones are par files created with the PDK.

Former Member
‎04-11-2006 5:54 PM
0 Kudos

Julie, that's the answer to your question. When using 

this.User.Identity.Name

on an ASP.NET application that resides outside of the portal environment on an IIS server you aren't going to get the portal user's ID. You will get the user information relative to the IIS Server that the ASP.NET application is running on.

Converting your existing ASP.NET applications over to Portal Components made in the PDK for .NET is your best bet. It should be just a matter of replacing your previous ASP.NET controls with the analogous SAP Netweaver controls and then cutting and pasting much of your previous code into the events associated with those controls.

I hope this helps and best of luck. --Shibli

Former Member
‎04-11-2006 6:40 PM
0 Kudos

Is there no way to use the parameters and have the portal pass me the login? That's what I'm currently doing in EP5. I know it's working, because I've tested it using one id to log onto the network and a different one to log on to the portal.

Former Member
‎04-11-2006 7:55 PM
0 Kudos

Julie,

I think what you want to do <i>may</i> be possible with the appintegrator. Please check this link here:

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/documents/a1-8-4/the application integrator in ep 6.0

Basically, you create an iView from PAR using com.sap.portal.appintegrator.sap and then the Generic component and then edit its properties to yield the portal values you want.

Please let us know if this was of help to you. Thanks! --Shibli

Ask a Question