I recently struggled to find a solution that would allow our DNN app to achieve single sign-on with other applications, especially Outlook Web Access.  Since all of the applications use Active Directory for authentication, once a user logs into the DNN app they don't have to enter their username or password again for other apps, even when they are connecting from a public computer.

Now that I have figured it out (with the help of people on several different forums) I thought I would share my code with everybody else.

I created a class that creates an HTML form with data fields and posts the form to another URL.  This class can be used to post to any form with whatever data fields are necessary.  You can also choose whether you want the url that your app is posting to to open in a new window or not.

(In order to be able to use this code, your Exchange server has to be set up to use forms-based authentication.)

Public Class CrossPost

'Collection to hold the field names and their values

Private fieldNames As System.Collections.Specialized.NameValueCollection = New System.Collections.Specialized.NameValueCollection

'Add a new field name/value pair to post the other form

Public Sub AddField(ByVal name As String, ByVal value As String)

End Sub

''' <summary>

''' Posts the data to the url with hidden data fields

''' </summary>

''' <remarks></remarks>

Public Sub PostDataToForm(ByVal Url As String, ByVal FormName As String, ByVal OpenLinkInNewWindow As Boolean)

Try

If OpenLinkInNewWindow Then Url = Url & """ target='_blank'"

System.Web.HttpContext.Current.Response.Write("<html><head>")

System.Web.HttpContext.Current.Response.Write(String.Format( _

"</head><body onload=""document.{0}.submit();history.back"">", FormName))

System.Web.HttpContext.Current.Response.Write(String.Format( _

"<form name=""{0}"" method=""{1}"" action=""{2}"" >", FormName, "POST", Url))

'Add the fields/values to the response

For Each value As String In fieldNames.Keys

String.Format("<input name=""{0}"" type=""hidden"" value=""{1}"">", _

Next

System.Web.HttpContext.Current.Response.Write("</form>")

System.Web.HttpContext.Current.Response.Write("</body></html>")

Catch xcp As System.Threading.ThreadAbortException

'Swallow this exception. Response.End always causes this, but it

' doesn't effect anything.

Catch ex As Exception

Throw

End Try

End Sub

End Class ' End CrossPost Class

I originally had code that called this class in a custom module in my DNN app.  The problem with this was that, although it worked, it caused my DNN page to be left completely blank after the new window opened and the user was forced to click the Back button on the browser to bring the DNN page back.  I moved the code into the load event of a blank page in my DNN app and just included a link to this page in my DNN app.  This way the DNN page is not left blank after the new window opens.  The user will see the url change from the url of the page in your DNN app to the url of the app that you are posting to.

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

Try

Dim postToOWA As New CrossPost()

'Retrieve the user info from DNN

Dim currentUser As DotNetNuke.Entities.Users.UserInfo = DotNetNuke.Entities.Users.UserController.GetCurrentUserInfo

postToOWA.AddField("username", currentUser.Username)

postToOWA.AddField("password", currentUser.Membership.Password)

postToOWA.AddField("destination", "https://YOUR_SERVER_NAME/exchange/")

postToOWA.AddField("flags", "0")

postToOWA.PostDataToForm(Url:="https://YOUR_SERVER_NAME/exchweb/bin/auth/owaauth.dll", _

FormName:="logonForm", OpenLinkInNewWindow:=False)

Catch xcp As System.Threading.ThreadAbortException

'The Response.End statement causes this exception but should be ignored

Catch xcp As System.Exception

Response.Write("Unable to connect to the other application using Single Sign-On at this time.")

'Log the exception

Dim logController As New Log.EventLog.ExceptionLogController

End Try

End Sub