cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Single sign-on --- ICWEB->ASP.NET->SAP Server

Former Member

on ‎08-04-2004 9:21 PM

0 Kudos

Netters,

I am developing an ASP .NET application that makes an RFC call to a SAP Server. User will first go to the ICWEB client where they will be redirected to the ASP .NET application.

user -> IC Web Client --> ASP .NET app --> SAP R/3 Server

I need to connect to the SAP server using the client's credentials. The SAP connection object requires, among other things, the username and the password fields.

I am trying to understand how I can achieve a single sign-on for the user. It appears that the IC Web Client can submit information to the ASP .NET application either by GET or by POST methods.

Option 1: IC Web somehow looks up the password for the user and submits it to the ASP .NET app. Is this possible?

Option 2: The ASP .NET application maintains its own username/password map.

Option 3: The single sign-on doc from SAP suggests that there is a way to obtain a "ticket" from the SAP server that can be used. I imagine this ticket is some kind of cryptic string that can be used as a connection string to SAP. Is this correct? Can you please direct me to any sample code?

I would appreciate it if you can share your thoughts. Perhaps, there is a better option that I just overlooked.

Thank you in advance for your help.

Pradeep

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

reiner_hille-doering
Active Contributor
‎08-05-2004 8:34 AM
0 Kudos

Option 1: I don't know IC Web, but if it supports such a feature, it's likely to pass username and password in the HTTP basic authentication header. In this case you might get username and password from a header in the HttpRequest. You could use it to build your connection string e.g. with a Destination.

Option 2/3: It's unlikely that you get a valid MYSAPSS02-ticket from somewhere, because it's usually only produced by a SAP portal.

But if you have (only) any user name or id, you can make up a "trusted connection" between your ASP.NET application and your SAP server. If you have done so, you only need to pass a user name (which doen't have to be the exact SAP user name; it's a so called ext-id of the user) and no password. SAP will trust you that you correctly authenticated user and will map it to the correct SAP user.

Details about this procedure can be found it the following article:

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/documents/a1-8-4/how to use windows nt logon for single sign-on in an sap web application.article

Show replies
Show replies
Ask a Question