SharePoint 2016 FBA on-prem DUO .NET WebSDK

186 Views Asked by At

We’ve configured SharePoint 2016 FBA with the DUO WebSDK and its works well except for one aspect regarding FBA authentication.

login page 1.) authenticate the username and password using FBA-LDAP. login page 2.) load the duo web iframe

The method that authenticates the username and password on login page 1 is the SPClaimsUtility.AuthenticateFormsUser which persists a cookie to the site.

If the user fails the DUO authentication on login page 2, they still have an authenticated session to the site. We can force a signout and clear session cookies, but I was hoping for a cleaner approach.

Please assist with any ideas.

Thanks!

1

There are 1 best solutions below

0
On

We resolved this by validating credentials on the first login page with Membership.ValidateUser which validates against the user store without creating a persisted cookie. On the second page once the user has successfully passed DUO authentication we used the SPClaimsUtility.AuthenticateFormsUser. Hope this helps anyone out there! Have a good one.