Skip to Content
author's profile photo Former Member
Former Member

Single sign-on --- ICWEB->ASP.NET->SAP Server


I am developing an ASP .NET application that makes an RFC call to a SAP Server. User will first go to the ICWEB client where they will be redirected to the ASP .NET application.

user -> IC Web Client --> ASP .NET app --> SAP R/3 Server

I need to connect to the SAP server using the client's credentials. The SAP connection object requires, among other things, the username and the password fields.

I am trying to understand how I can achieve a single sign-on for the user. It appears that the IC Web Client can submit information to the ASP .NET application either by GET or by POST methods.

Option 1: IC Web somehow looks up the password for the user and submits it to the ASP .NET app. Is this possible?

Option 2: The ASP .NET application maintains its own username/password map.

Option 3: The single sign-on doc from SAP suggests that there is a way to obtain a "ticket" from the SAP server that can be used. I imagine this ticket is some kind of cryptic string that can be used as a connection string to SAP. Is this correct? Can you please direct me to any sample code?

I would appreciate it if you can share your thoughts. Perhaps, there is a better option that I just overlooked.

Thank you in advance for your help.


Add comment
10|10000 characters needed characters exceeded

1 Answer

  • Posted on Aug 05, 2004 at 07:34 AM

    Option 1: I don't know IC Web, but if it supports such a feature, it's likely to pass username and password in the HTTP basic authentication header. In this case you might get username and password from a header in the HttpRequest. You could use it to build your connection string e.g. with a Destination.

    Option 2/3: It's unlikely that you get a valid MYSAPSS02-ticket from somewhere, because it's usually only produced by a SAP portal.

    But if you have (only) any user name or id, you can make up a "trusted connection" between your ASP.NET application and your SAP server. If you have done so, you only need to pass a user name (which doen't have to be the exact SAP user name; it's a so called ext-id of the user) and no password. SAP will trust you that you correctly authenticated user and will map it to the correct SAP user.

    Details about this procedure can be found it the following article: to use windows nt logon for single sign-on in an sap web application.article

    Add comment
    10|10000 characters needed characters exceeded