SharePoint 2007 (MOSS/WSS) FBA and RSA - Unanswered Questions

Since my last post Using HTTP Module for SharePoint 2007 (MOSS/WSS) site using FBA And RSA, I received a lot of questions from different sources asking for a guidance to set up RSA with SharePoint. Honestly speaking being a Microsoft Employee we have our own support boundary and RSA is a subject which is not supported by Microsoft. Again being a Developer and Development Consultant I have limited knowledge on Infrastructure issues like setting up RSA with ISA Server and IIS. Whatever written in this blog entry is not tested by me and if you have any questions please contact RSA. All this information is shared by Andy Spears for greater benefit of SharePoint users. Thanks a ton Andy to share this material with all of us.

Refer to these two posts for setting up RSA with ISA:

Now the question is how to integrate SharePoint Form Based Authentication (FBA) with RSA.

Make sure of the Setup first:

· RSA was installed and protecting a web site.

· A users table in SQL Server had a user id that matched up with the RSA login name.

· When a user visited the website, the RSA login page was displayed and authenticated the user’s credentials.

· After successful login, the user was redirected to a custom SP FBA login page. By default the location of login page is 12 Hive\TEMPLATE\LAYOUTS\login.aspx. You can create your own custom login page and suitably change the web.config of the Web Application to use it.

· The FBA login page looked at the RSA cookie to extract the user name and created the forms authentication cookie that SharePoint would use.

The following steps demonstrate how the RSA Cookie API is accessed from Microsoft .NET using C# on a machine where the Cookie API SDK is installed.

First, create a basic ASP.NET Web Application, then use Project | Add Reference..., select the COM tab, and scroll down to find "rsacookieapi 1.0 Type Library". If this is not present, then the API is not installed. Select this item and add it as a reference to your project. Then, create a basic ASP.NET Web form, for example:

<%@ Page language="c#" aspcompat=true Codebehind="WebForm.aspx.cs" AutoEventWireup="false" Inherits="WebApplication.WebForm" %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<title>WebForm1< /title>
< /HEAD>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
<asp:Label id="Label1" style="Z-INDEX: 101; LEFT: 128px; POSITION: absolute; TOP: 40px" runat="server" Width="456px" Height="24px"></asp:Label>
<asp:Button id="Button1" style="Z-INDEX: 102; LEFT: 24px; POSITION: absolute; TOP: 40px" runat="server" Width="88px" Height="24px" Text="Display user"></asp:Button>
<asp:TextBox id="TextBox1" style="Z-INDEX: 103; LEFT: 24px; POSITION: absolute; TOP: 80px" runat="server" Width="216px"></asp:TextBox>
<asp:Button id="Button2" style="Z-INDEX: 104; LEFT: 264px; POSITION: absolute; TOP: 80px" runat="server" Width="112px" Text="Set tag MYTEST"></asp:Button>
<asp:Label id="Label2" style="Z-INDEX: 105; LEFT: 184px; POSITION: absolute; TOP: 136px" runat="server" Height="24px" Width="216px"></asp:Label>
<asp:Button id="Button3" style="Z-INDEX: 106; LEFT: 24px; POSITION: absolute; TOP: 136px" runat="server" Width="128px" Text="Show tag MYTEST"></asp:Button>< /form>
< /body>
< /HTML>

This page is created as a standard .ASP page using Visual Studio .NET; the only special item is the added entry of aspcompat=true added to the first line. Now, we write the C# code to work behind the scenes:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace WebApplication
/// <summary>
/// Summary description for WebForm1.
/// </summary>
public class WebForm : System.Web.UI.Page
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.TextBox TextBox1;
protected System.Web.UI.WebControls.Button Button2;
protected System.Web.UI.WebControls.Label Label2;
protected System.Web.UI.WebControls.Button Button3;
protected System.Web.UI.WebControls.Button Button1;

private void Page_Load(object sender, System.EventArgs e)
// Put user code to initialize the page here

#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
// CODEGEN: This call is required by the ASP.NET Web Form Designer.

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
this.Button1.Click += new System.EventHandler(this.Button1_Click);
this.Button2.Click += new System.EventHandler(this.Button2_Click);
this.Button3.Click += new System.EventHandler(this.Button3_Click);
this.Load += new System.EventHandler(this.Page_Load);


private void Button1_Click(object sender, System.EventArgs e)
RSACookie cookie = (RSACookie)Server.CreateObject("Rsacookieapi.RSACookie");
String name = cookie.RSAGetUserName();

private void Button2_Click(object sender, System.EventArgs e)
RSACookie cookie = (RSACookie)Server.CreateObject("Rsacookieapi.RSACookie");
String name = cookie.RSASetTagField("MYTEST",TextBox1.Text,0);

private void Button3_Click(object sender, System.EventArgs e)
RSACookie cookie = (RSACookie)Server.CreateObject("Rsacookieapi.RSACookie");
String name = cookie.RSAGetTagField("MYTEST",0);

Here are the key steps you need to take in your SharePoint login page:

1. In the Page Directive, add the attribute: AspCompat="true"

2. Create a RSACookie object: RSACookie RSACookieAPI = Server.CreateObject( "Rsacookieapi.RSACookie" );

3. Pull the username out of the cookie: string loginName = RSACookieAPI.RSAGetUserName();

4. Create the authentication cookie: FormsAuthentication.RedirectFromLoginPage( loginName, true );

As given above, you have to have the “rsacookieapi 1.0 Type Library” com object installed. If you do not have the API installed on your machine, steps 2 and 3 should be modified to:

2. object RSACookieAPI = Server.CreateObject( "Rsacookieapi.RSACookie" );

3. string username = RSACookieAPI.GetType( ).InvokeMember( "RSAGetUserName", System.Reflection.BindingFlags.InvokeMethod, null, RSACookieAPI, null ).ToString( );