cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem using .Net Ticket Toolkit

Go to solution
Former Member

on ‎04-27-2006 4:45 PM

0 Kudos

I'm trying to follow the instructions for the .Net Ticket Toolkit described in the article:

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/edb8a190-0201-0010-d398-c23...

I have tried to put everything in place and I don't get any build errors, but I'm still getting a server error when I try to run it in the Portal.

One problem I had was I didn't find sapsecu.dll.

I downloaded a file from the sdn downloads called

SAP Cryptographic Library Microsoft Win32 for x86/IA32

the downloaded file was 011000358700002932482003E.CAR which I put in my system32 folder.

I also wasn't sure what to do with the verify.pse file. I put it in my program in a folder next to the bin folder, but in the web.config file, it shows the example path c: empverify.pse, which I changed to the unc of where the file will be after my program is installed on IIS. In desperation, I put a copy in the temp file on the server and on my own machine and changed the path back to c: empverify.pse. The article did mention renaming the file - does it matter what it's named?

The problem must be in the web.config file, because I commented the code on Webform1 and it still won't run.

Right now, I'm just trying to get the example program to work. Any help would be appreciated. Thanks.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

reiner_hille-doering
Active Contributor
‎04-28-2006 9:05 AM
0 Kudos

- All DLLs need to be available in search path directly. So if the archive 011000358700002932482003E.CAR contains SAPSECU.DLL, you need to unpack it e.g. to System32. Use sapcar.exe for that.

- From the article: "Correct the path of the PseFilePath attribute to the place where you have copied your Verify.pse in step 1.". So it's up to you where you put it, but it should be a file-system path, not an URL.

Show replies
Show replies
Former Member
‎04-30-2006 7:42 PM
0 Kudos

The only files that came out of it were:

sapcrypto.dll & an executable called sapgenpse in a folder called ntia64

a file called Ver555.pl17 & one called ticket

and 4 text files: Changelog, Legal, License, and Which.

Former Member
‎04-30-2006 8:33 PM
0 Kudos

When I try to run the program from inside of the portal, it gets stuck trying to load now. The status bar makes it about half way and then nothing happens.

Here is how I've done the webconfig file:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

<configSections>

<sectionGroup name="system.web"><section name="MySAPSSO2" type="SAP.Web.Security.MySapSso2SectionHandler, SAP.Web.Security, Culture=neutral, PublicKeyToken=50436dca5c7f7d23, Version=1.0.0.0"/>

</sectionGroup>

</configSections>

<system.web>

<httpModules><add type="SAP.Web.Security.MySapSso2AuthenticationModule, SAP.Web.Security, Culture=neutral, PublicKeyToken=50436dca5c7f7d23, Version=1.0.0.0" name="MySAPSSO2"/></httpModules>

<MySAPSSO2 PseFilePath="
servername\c$\Inetpub\wwwroot\pseFiles\verify.pse"/>

<!-- DYNAMIC DEBUG COMPILATION

Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to

false will improve runtime performance of this application.

Set compilation debug="true" to insert debugging symbols (.pdb information)

into the compiled page. Because this creates a larger file that executes

more slowly, you should set this value to true only when debugging and to

false at all other times. For more information, refer to the documentation about

debugging ASP.NET files.

-->

<compilation defaultLanguage="c#" debug="false">

<assemblies>

<add assembly="SAP.Connector, Version=2.0.0.0, Culture=neutral, PublicKeyToken=50436dca5c7f7d23" />

<add assembly="SAP.Connector.Rfc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=50436dca5c7f7d23" />

</assemblies>

</compilation>

<!-- CUSTOM ERROR MESSAGES

Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.

Add <error> tags for each of the errors you want to handle.

"On" Always display custom (friendly) messages.

"Off" Always display detailed ASP.NET error information.

"RemoteOnly" Display custom (friendly) messages only to users not running

on the local Web server. This setting is recommended for security purposes, so

that you do not display application detail information to remote clients.

-->

<customErrors mode="Off" />

<!-- AUTHENTICATION

This section sets the authentication policies of the application. Possible modes are "Windows",

"Forms", "Passport" and "None"

"None" No authentication is performed.

"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to

its settings for the application. Anonymous access must be disabled in IIS.

"Forms" You provide a custom form (Web page) for users to enter their credentials, and then

you authenticate them in your application. A user credential token is stored in a cookie.

"Passport" Authentication is performed via a centralized authentication service provided

by Microsoft that offers a single logon and core profile services for member sites.

-->

<authentication mode="Forms">

<forms name=".ASPXFORMSAUTH" loginUrl="SAPLogin1.aspx" />

</authentication>

<!-- AUTHORIZATION

This section sets the authorization policies of the application. You can allow or deny access

to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous

(unauthenticated) users.

-->

<authorization>

<allow users="*" />

<!-- Allow all users -->

<!-- <allow users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

<deny users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

-->

<deny users="?" />

</authorization>

<!-- APPLICATION-LEVEL TRACE LOGGING

Application-level tracing enables trace log output for every page within an application.

Set trace enabled="true" to enable application trace logging. If pageOutput="true", the

trace information will be displayed at the bottom of each page. Otherwise, you can view the

application trace log by browsing the "trace.axd" page from your web application

root.

-->

<trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />

<!-- SESSION STATE SETTINGS

By default ASP.NET uses cookies to identify which requests belong to a particular session.

If cookies are not available, a session can be tracked by adding a session identifier to the URL.

To disable cookies, set sessionState cookieless="true".

-->

<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />

<!-- GLOBALIZATION

This section sets the globalization settings of the application.

-->

<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

</system.web>

<appSettings>

<!-- User application and configured property settings go here.-->

<!-- Example: <add key="settingName" value="settingValue"/> -->

</appSettings>

</configuration>

Answers (2)

Answers (2)

Former Member
‎06-21-2007 9:43 AM
0 Kudos

Hello all,

I review all the messages you writen.I wonder if we can use it for the PHP programs.

We want to use SSO for the programs writen in PHP on SAP Portal.

It is possible to use .net ticket toolkit and SAPSECU.DLL for PHP ?

Show replies
Show replies
Former Member
‎05-01-2006 10:03 PM
0 Kudos

I found the sapsecu.dll

It was at service.sap.com/patches --> Downloads --> SAP Support Packages --> Support Packages and Patches --> Entry by Application Group --> Additional Components

Now the problem I'm having is that it pops up the login form when I try to run the iview.

Show replies
Show replies
Former Member
‎05-01-2006 11:12 PM
0 Kudos

I was able to fix that problem.

Now the problem is that it isn't reading the cookie.

I removed the else in the statements from the demo Web Form. It looks like this:

if (null == this.Request.Cookies["MYSAPSSO2"])

Response.Write("MySAPSSO2 Cookie not found");

if (! this.User.Identity.IsAuthenticated)

Response.Write("User not authenticated.");

if(this.User.Identity.AuthenticationType != "MYSAPSSO2")

Response.Write("Authenticated by other Authentication Modulue.");

this.Label1.Text = this.User.Identity.Name;

SAP.Web.Security.MySAPSso2Identity ident = this.User.Identity as SAP.Web.Security.MySAPSso2Identity;

and I'm getting this response:

User not authenticated.

Authenticated by other Authentication Modulue.

Hello

It isn't telling me that the SAPSSO2 isn't there though. Is there a way to specifically refer to it and get the userid that way, even though there are other authentication types at work?

Former Member
‎06-27-2006 1:16 AM
0 Kudos

Hello,

I have the same issue I can't read the AuthenticationType

at = Me.User.Identity.AuthenticationType

at comes empty... after execution of the above line code.

Althoug I can read the ticket:

HttpUtility.UrlDecode(Request.Cookies("MYSAPSSO2").Value)

Comes with a string that has lots of characters that don't tell me a thing.

Any advice is welcome.

reiner_hille-doering
Active Contributor
‎06-27-2006 8:42 AM
0 Kudos

In the Web.config shown here some MS Authentication providers are configured to be used. My Ticket toolkit only stores itself in the authentication identity, if no other provider has authenticated before.

This behavior can be changed with the parameter OverwriteOtherAuthentication="Yes" in the MySAPSSO2 section.

Best you try it with exaxly the settings as in the sample that comes with the ticket toolkit.

Former Member
‎06-27-2006 2:52 PM
0 Kudos

This is how I ended up getting the user id. I never could get the toolkit to work. Our BW system has a method DECODE_BASE64 - I created a function from it:

FUNCTION Z_DECODE_BASE64.

*"----

-

""Local Interface:

*" IMPORTING

*" VALUE(COOKIE) TYPE STRING

*" EXPORTING

*" VALUE(COOKIEDECODED) TYPE STRING

*"----

-

DATA: cookiept1 type string,

cookiept2 type string,

cookiept3 type string,

COOKIEPT4 TYPE STRING,

cookielength1 type i ,

cookielength2 type i.

CALL METHOD CL_HTTP_UTILITY=>IF_HTTP_UTILITY~DECODE_BASE64

EXPORTING

ENCODED = cookie

RECEIVING

DECODED = cookiedecoded

.

SPLIT cookiedecoded at ':' into cookiept1 cookiept2.

SPLIT cookiept2 at 'basic' into cookiept3 cookiept4.

cookielength1 = strlen( cookiept3 ).

cookielength2 = cookielength1 - 3.

cookiedecoded = cookiept3+0(cookielength2).

ENDFUNCTION.

******************DOT NET CODE***********

string o_user;

int loop1;

HttpCookieCollection objCookieColl;

HttpCookie objThisCookie;

objCookieColl = Request.Cookies;

// Capture all cookie names into a string array.

String[] arr1 = objCookieColl.AllKeys;

// Grab individual cookie objects by cookie name.

for (loop1 = 0; loop1 < arr1.Length; loop1++)

{

objThisCookie = objCookieColl[arr1[loop1]];

//Grab all values for single cookie into an object array.

if (objThisCookie.Name == "MYSAPSSO2")

{

base64String = objThisCookie.Value;

try

{

proxy2.Z_Decode_Base64(base64String, out base64String);

o_user = base64String.ToUpper();

}

catch

{

Response.Write("Unable to identify User.");

}

}

}

***************END OF CODE********************

After I found this work around I was given the following advice, but I never tried it because I had what I needed (the userid)...

The SAPSSOEXT library provides functions that enable non-SAP applications to verify SAP logon tickets and extract the user ID from the logon ticket. The library is coded in C and has a JNI Java interface and a COM (Windows) interface. The library comes with Java, C, and C# sample files that demonstrate how you can implement the library in the source code of a high level programming language such as Visual Basic, C, JAVA, or .NET.

Now this Dynamic Link Library can be downloaded from:-

From SAP Service Marketplace at service.sap.com/patches ® (Downloads tab) ® SAP Support Packages ® Support Packages and Patches ® Entry by Application Group ® Additional Components ® SAPSSOEXT ® ® SAPSSO EXT lib for SAP logon ticket.

This should solve the problem with writing custom code to extract the UID/password from the MYSAP COOKIE.

reiner_hille-doering
Active Contributor
‎06-27-2006 4:46 PM
0 Kudos

The ticket toolkit it not more than just a .NET wrapper around one of these unmanaged DLLs available. Source code is available, so if you need to debug or think that I did something wrongly, you can do so.

Your solution to use an RFC just to do a Base64 decoding is somehow strange to me. If it's just a matter of doing Base64 decoding, you can use the .NET framework function Convert.FromBase64String . As the user name is contained in the decoded ticket in clear text, it's not difficult to extract it - similar as in you ABAP snipped. But the challenging thing is not to get the username, but to verify the ticket - meaning to check if it is valid. For this you need the public key (in form of verify.pse) and the cryptographic algorithm, that e.g. check the cryptographic hash and the lease timeout.

Ask a Question