cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Trouble with Ticket Toolkit

Former Member

on ‎02-16-2007 6:10 PM

0 Kudos

I've been trying to get Reiner's .NET Ticket Toolkit to work and am out of ideas. Hoping someone out there has had better luck than me and can offer some advice.

<b>Problem:</b>

No matter what I do, I can't get the "MYSAPSSO2" cookie to be created.

I basically followed Reiner's article:

<a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/library/ep/_d-f/enabling%20single%20sign-on%20for%20asp.net%20applications%20in%20enterprise%20portal%206.article">https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/library/ep/_d-f/enabling%20single%20sign-on%20for%20asp.net%20applications%20in%20enterprise%20portal%206.article</a>

I actually grabbed <b>sapsecu.dll</b> from our EP6 server ... file size was 1,110,016 bytes. I assume that is the same as the one in Marketplace.

I installed SAP.Web.Security.dll in the gac (and added as a reference just to be sure when nothing was working)

I had a pse file generated and installed it in the application's virtual directory in it's own sub-directory

I modified the web.config a discribed .

I also verified that my browser (IE6) was set to accept cookies from our portal URL

The application compiles fine and can be previewed through EP6 but simply doesn't see to try and autenticate and store a cookie on my workstation.

I've run out of ideas for the moment .... perhaps there is UME setting I need to make as well but I am not sure what that might be.

Any ideas what to try next?

-Sheldon

BTW. Even though the article didn't mention it I tried playing with the authentication mode in the web.config. I first tried setting it to None ... that didn't seem right, I then tried Forms and pointed it to an SAP login screen ... that didn't work either.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎02-20-2007 10:10 AM
0 Kudos

Hi,

did you use the full qualified domain name when you accessed the portal? For example, when you use http://portalserver:50700/irj instead of http://portalserver.company.com:50700/irj no cookie is generated because the cookie is not transferred between different domains.

Runs the .Net application in the same domain as the portal?

Show replies
Show replies
Former Member
‎02-20-2007 2:21 PM
0 Kudos

Good idea!

But I thought of that already and made sure I was using the fully qualified name

I also tried:

a) changing the Authentication mode to "None" and then <deny users="?"/> ... that brought up a windows dialog box to log in through .... presumably because I am denying anonymous access .... but I wasn't quite sure how to proceed from there since setting the Authentication mode to None should have allowed the portal authentication to kick in (I would have thought)

b) I tried setting the property "httponlycookies" to false on the J2EE engine .... no difference

c) Changing IIS to disable anonymous access

I am going to be working with someone today that has a lot more experience with SAP than me so hopefully they will have some ideas .... I'll pass on whatever I learn.

Cheers,

-Sheldon

ps. If you have any other strategies that can be employeed to obtain portal userID and possibly even role information through an ASP.NET please let me know.

Former Member
‎02-20-2007 11:16 PM
0 Kudos

Some additional information.

I ran an additional test which was to display all cookies visable to the session:

			HttpCookieCollection cookies = Context.Request.Cookies;
			for(int n=0;n<cookies.Count;n++)
			{
				HttpCookie cookie = cookies[n];
				Response.Write("<hr/>Name: <b>" + cookie.Name + "</b><br />");
				Response.Write("Expiry: " + cookie.Expires + "<br />");
			}

When pressing "preview" in the iview, the result was simply:

Name: ASP.NET_SessionId

Expiry: 1/1/0001 12:00:00 AM

This really suggests to me that the MYSAPSSO2 ticket is not being generated ... otherwise I would at least see a reference to it in the cookie collection .... wouldn't I?

Doesn't the ticket get generated automatically when log into the portal or does it somehow wait till you try and access a resource what you need to sign into.

weird stuff.

Former Member
‎02-21-2007 2:17 PM
0 Kudos

Hey Marc,

Turns out that I am 99% sure you were right ... but not in the way I think you were meaning.

I was running the ASP.NET page from IIS installed on my location workstation. The portal, in turn is running on its own server.

When I ran the asp.net through the portal, it doesn't matter than I am calling the portal using a fully qualified URL because the IIS that runs my page is on another domain (I just didn't get what you were meaning till now).

ie. main ASP.NET page's URL is

http://workstationname/SSO%20Ticket%20Test/WebForm1.aspx

and my portal is at:

http://toresportd2.companyname.ca:50000/irj/portal.

I have to instal IIS on toresportd2 to test the theory but I am 99% that that is what it is.

Thx! I'll award points accordingly

Message was edited by:

Sheldon Lyttle

Former Member
‎02-23-2007 3:06 PM
0 Kudos

Hi,

you can download a tool from sap node 701205 that shows you the current SAP-Logon-Ticket-Cookie information.

If your ASP.Net application is in a different domain the application can't see the ticket provided by the portal. But there is "trick" to transfer the Logon-Ticket-Information to another domain. It's described here http://help.sap.com/saphelp_nw2004s/helpdata/en/a0/88a340fa432b54e10000000a1550b0/frameset.htm

PS: I created a J2EE-Web-Service running on the portals WAS that reads out the portal UME and provides role information about users. I get the User-ID from the SAP-Logon-Ticket-Cookie.

Ask a Question