The content you're reading is getting on in years
This post is on the older side and its content may be out of date.
Be sure to visit our blogs homepage for our latest news, updates and information.
You can easily extend Sitefinity logic by adding custom claims and validating them using your custom logic. This will help you make sure that certain conditions are met when a request comes in and becomes authorized either by the user providing credentials or using an alternative way to sign on - for example Windows Authentication. You can add a custom claim when the Simple Web Token is being build. In order to override the method that is responsible for Sending the SWT, you should create custom SecurityTokenServiceHttpHandler inheriting from the default one. This way you can override the SendSimpleWebToken method from the service handler:
public
class
CustomSecurityTokenServiceHttpHandler : SecurityTokenServiceHttpHandler
{
protected
override
void
SendSimpleWebToken(HttpContextBase context, Telerik.Sitefinity.Security.Model.User user, RequestMessage reqMessage)
{
// Create principal from current user
var principal =
new
ClaimsPrincipal(
new
[] {
new
SitefinityIdentity(user,
true
) });
// My claim
Claim myClaim =
new
Claim(ClaimTypes.NameIdentifier,
"123456789"
);
// Add my claim
principal.Identities[0].Claims.Add(myClaim);
// Generate token
var token = ClaimsManager.BuildSimpleWebToken(principal, reqMessage.Realm);
// base logic
...
}
}
In order to register your custom service handler and use it in your Sitefinity application, you should replace the default handler in the RoutesTable. This could be done the following way:
public
class
Global : System.Web.HttpApplication
{
protected
void
Application_Start(
object
sender, EventArgs e)
{
Telerik.Sitefinity.Abstractions.Bootstrapper.Initialized +=
new
EventHandler<Telerik.Sitefinity.Data.ExecutedEventArgs>(Bootstrapper_Initialized);
}
void
Bootstrapper_Initialized(
object
sender, Telerik.Sitefinity.Data.ExecutedEventArgs e)
{
if
(e.CommandName ==
"Bootstrapped"
)
{
var routesCollection = System.Web.Routing.RouteTable.Routes;
var path = Telerik.Sitefinity.Security.Claims.Constants.LocalService +
"/{*Service}"
;
var route = routesCollection
.Where(r => r.GetType() ==
typeof
(System.Web.Routing.Route)
&& (r
as
System.Web.Routing.Route).Url == path)
.FirstOrDefault();
if
(route !=
null
)
{
var index = routesCollection.IndexOf(route);
if
(index > -1)
{
var currentRoute = routesCollection[index]
as
System.Web.Routing.Route;
var routeNew =
new
RouteHandler<CustomSecurityTokenServiceHttpHandler>();
currentRoute.RouteHandler = routeNew;
}
}
}
We find the default route and modify the route handler to use our custom one.
In order to validate the added claim, the SWTSecurityTokenHandler should be overridden.
The ValidateToken method could be customized to find and validate our claim:
public
class
CustomSWTSecurityTokenHandler : SWTSecurityTokenHandler
{
public
override
Microsoft.IdentityModel.Claims.ClaimsIdentityCollection ValidateToken(System.IdentityModel.Tokens.SecurityToken token)
{
var swt = token
as
SimpleWebToken;
if
(swt ==
null
)
{
throw
new
InvalidOperationException(
"Token not SimpleWebToken"
);
}
var myClaim = swt.Claims.Last();
bool
isValid =
true
;
if
(!isValid)
{
throw
new
UnauthorizedAccessException(
"Unauthorized"
);
}
return
base
.ValidateToken(token);
}
}
Register the CustomSWTSecurityTokenHandler in the web.config. Find the microsoft.identityModel section and claimsAuthenticationManager, replace the default SWTSecurityTokenHandler with your custom class:
<
claimsAuthenticationManager
type
=
"Telerik.Sitefinity.Security.Claims.SFClaimsAuthenticationManager, Telerik.Sitefinity"
/>
<
securityTokenHandlers
>
<
add
type
=
"SitefinityWebApp.Security.CustomSWTSecurityTokenHandler, SitefinityWebApp"
/>
</
securityTokenHandlers
>
Here is a video demonstration of the above handlers:
You can download the files from here: Security
Nikola Zagorchev is a Tech Support Engineer at Telerik. He joined the Sitefinity Support team in March 2014.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites
Progress collects the Personal Information set out in our Privacy Policy and the Supplemental Privacy notice for residents of California and other US States and uses it for the purposes stated in that policy.
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.