+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Security question

Security question

1 posts, 0 answered
  1. Theodore
    Theodore avatar
    6 posts
    Registered:
    02 Mar 2012
    07 Oct 2013
    Link to this post
    1.  I have a forms authentication against a SQLmembershipDB.  however it has custom code in it.
    2.  I have all this in a usercontrol that I can just drop on a page.
    3.  I'm looking for the quickest way I can make this work in sitefinity.

    the reason I say quickest is I need it to work quick but in the near future I am going to re-write out security using a STS service for Single Signon so if it's not pretty or fast right now I'm fine with that as in (hopefully) 3-4 months I can find the time to re-write our security properly.

    I have a secure area in sitefinity that only a special role can view.  "sfUser"
    when this page is hit it redirects to my login page with my usercontrol in it.  it logs in correctly but I don't guess sitefinity see's it as I get redirected back evertime I hit the page

    I have tried adding the following in just after Authentication in the usercontrol in sitefinity but it doesn't seem to be working.
    //for sitefinity.  this is really cheating as the login has already happened but this makes sitefinity aware of it.
                       if (!sUserName.Contains("@"))
                       {
                           sUserName += "@kantarhealth.com";
                       }
                       var userMan = UserManager.GetManager("AspNetSqlMembershipProvider");
                       var currUser = userMan.GetUser(sUserName);
                       if (userMan.ValidateUser(sUserName, sPassword))
                       {
                           if (userMan.ValidateUser(sUserName, sPassword))
                           {
                               //if you need to get the user instance use the out parameter
                               Telerik.Sitefinity.Security.Model.User userToAuthenticate = null;
                               SecurityManager.AuthenticateUser(userMan.Provider.Name, sUserName, sPassword, false, out userToAuthenticate);
      
                               RoleManager roleManager = RoleManager.GetManager("AspNetSqlRoleProvider");
                               if (!roleManager.RoleExists(roleName))
                               {
                                   roleManager.CreateRole(roleName);
                                   roleManager.SaveChanges();
                               }
                               User user = userMan.GetUser(sUserName);
      
                               bool isUserInRole = roleManager.IsUserInRole(user.Id, roleName);
      
                               Role role = roleManager.GetRole(roleName);
                               if (! isUserInRole)
                               {
                                   roleManager.AddUserToRole(userToAuthenticate, role);
                               }
                               roleManager.SaveChanges();
                           }
                       }
                       //end for sitefinity
1 posts, 0 answered