Hi all,
I am trying to use siteminder to authenticate that a user has rights to a particular website and then, using that user's authentication, get authorization credentials from a home grown service on what that user is allowed to do within the website. Essentially, it's getting a user's role from within an authorization store. I have no problem getting the SiteMinder username when the user has been redirected from the siteminder login page, but if the user for some reason closes their browser, or their session times out, I am not getting the username if they try to open the site again. Basically, what seems to be happening is that I'm not getting the information from the siteminder headers when the user tries to revisit the site. The siteminder session has not timed out, so the user is not being redirected to the siteminder login page prior to arriving at the site's home page. The code I'm using to get at the siteminder header is as follows:
// Get smUser and smUserNum from SiteMinder (SM) HTTP Header
NameValueCollection coll = HttpContext.Current.Request.Headers;
smUser = coll["SMUSER"]; // Example value: "jsmith"
This works if the user has been redirected to the siteminder login page first, but not if the user is still "authenticated" by siteminder when he revisits the page. I hope that made sense?
Am I going about getting this info the right way? Is there a better way of getting this info? Should I be forcing the user to be unauthenticated if they shut down the browser and if so, how do I go about doing that? Needless to say, I don't have a lot of experience with siteminder, so any info would help.
Thanks,
Jeff Tendam
I am trying to use siteminder to authenticate that a user has rights to a particular website and then, using that user's authentication, get authorization credentials from a home grown service on what that user is allowed to do within the website. Essentially, it's getting a user's role from within an authorization store. I have no problem getting the SiteMinder username when the user has been redirected from the siteminder login page, but if the user for some reason closes their browser, or their session times out, I am not getting the username if they try to open the site again. Basically, what seems to be happening is that I'm not getting the information from the siteminder headers when the user tries to revisit the site. The siteminder session has not timed out, so the user is not being redirected to the siteminder login page prior to arriving at the site's home page. The code I'm using to get at the siteminder header is as follows:
// Get smUser and smUserNum from SiteMinder (SM) HTTP Header
NameValueCollection coll = HttpContext.Current.Request.Headers;
smUser = coll["SMUSER"]; // Example value: "jsmith"
This works if the user has been redirected to the siteminder login page first, but not if the user is still "authenticated" by siteminder when he revisits the page. I hope that made sense?
Am I going about getting this info the right way? Is there a better way of getting this info? Should I be forcing the user to be unauthenticated if they shut down the browser and if so, how do I go about doing that? Needless to say, I don't have a lot of experience with siteminder, so any info would help.
Thanks,
Jeff Tendam