Internet Facing SharePoint 2010 Site with Windows Live ID – Part 2


Overriding the Authentication Provider Selection Page

In the first part of this series, we saw how we register and configure our SharePoint site to use Windows Live ID as an authentication provider.

Right now our site has two authentication providers, Windows authentication and Windows Live authentication. When you click the Sign in button, SharePoint will display a page giving you a chance to select the authentication provider you would like to use. 


Displaying such a page for the public website users would confuse the users, and also would be a security threat. The desired behavior would be to redirect the public users to Windows Live authentication page, and allow administrators to selectively display the SharePoint authentication provider selection page when they need to login using their Windows credentials.

To achieve this, we have to override the default selection page.

1. Make a backup copy of the default.aspx file in the C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14TEMPLATEIDENTITYMODELLOGIN folder.

2. In Microsoft Visual Studio, create a Windows Class Library project.

3. Add references to System.Web, Microsoft.SharePoint.dll, and Microsoft.SharePoint.IdentityModel.dll. The identity model assembly is in the global assembly cache. Therefore, I had to get a copy and place it in the root of my drive to add my references. For a suggestion about how to find and copy the assembly, see the blog post Writing A Custom Forms Login Page for SharePoint 2010 Part 1.

4. Strong name the assembly that you are creating, because you will place it the global assembly cache later.

5. Add a new ASPX page to your project. Copy a page from an existing ASP.NET web application project; copy the .aspx, .aspx.cs, and .aspx.designer.cs files all at the same time. Remember, in this case we want a file that is named "default.aspx", and it will be easier if there is no code written in it yet and there is minimal markup in the page.

6. In the code-behind file (.aspx.cs file), change the namespace to match the namespace of your current project.

7. Change the class so that it inherits from Microsoft.SharePoint.IdentityModel.Pages.MultiLogonPage.

8. Override the OnLoad event. When a user hits a site that has multiple authentication providers enabled, the user is first sent to the /_login/default.aspx page (the page described in step 1). On that page, a user selects which authentication provider to use and then the user is redirected to the correct page to authenticate. In this scenario, we always want to redirect the user to Windows Live authentication page. The easiest way to find the Windows Live Login URL is to choose Windows Live ID authentication from the authentication provider selection page, and then copying the URL that you were redirected to.  An example would be as follows

If you step through a typical login process, the following steps occur:

a. You are first redirected to /_login/default.aspx.

b. You make your authentication provider selection.

c. You post back to /_login/default.aspx.

d. You are redirected to the correct login page.

On the page load event of the login page, we redirect to the Windows Live login page. Custom logic can be added which would display the authentication provider page in case a different authentication provider is needed. For example, administrators would like to use Windows authentication instead.