+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Single Sign On and the Sitefinity STS project

Single Sign On and the Sitefinity STS project

4 posts, 0 answered
  1. David
    David avatar
    38 posts
    Registered:
    05 Apr 2012
    03 Feb 2014
    Link to this post

    Hi

    I have a site that has two sets of users, the clients employees, and external users who are invited to use this new system. The requirement is to use Window Authentication for the employees, and a login form taking credentials for the external users to log them into the Sitefinity system, so using the default Membership provider.

    I have got the Windows authentication going quite well via the Sitefinity STS project and setting up a single sign on solution, and using the Ldap membership provider. Debugging through the STS project, it appears to me that the crucial piece of information is the users name.

    When I alter the code to try and send down a username for a user that exists in the default membership provider, nothing works. I get 403 Forbidden on every page on the site, including ones that are available to everyone, such as the login page. It almost seems like that the user doesn't exist at all.

    My plan (for background) is to set up the Windows Auth STS to redirect if the user is not authenticated like this:

    if (winPrincipal != null && !winPrincipal.Identity.IsAuthenticated)

    context.Response.Redirect("/agencyloginapplication/login.aspx?"+context.Request.QueryString);

    //throw new ConfigurationException("This web site is not correctly configured for Windows authentication."); //this is the original line

    This will redirect them to a different application which will be a modification of the STS code except it will check the username and password against a custom webservice which will internally call VerifyUser() on the UserManager class. If that succeeds (which is an area of uncertainty with me at the moment), the application will generate a token to pass back. The idea being that a user comes to the home page of the site, and will be signed in automatically if they are an employee on the network, and a login page if they are not on the network.

    So, after writing this, I have two questions. The first, why can't I pass back a username from the STS project which exists in the default membership provider to access the site. The second, now with the site using an external source of authentication, will I be able to use the UserManager.VerifyUser() to check the credentials against the Sitefinity database?

    Any help or suggestions gratefully received.

    Cheers,

    David Bigg

  2. David
    David avatar
    38 posts
    Registered:
    05 Apr 2012
    04 Feb 2014 in reply to David
    Link to this post

    Hi

    In answer to my question about the UserManager, and for future reference, the GetManager() method takes a string parameter providerName. So it looks like I can get a UserManager for the default provider and verify the user against that.

    Cheers,

    David

  3. David
    David avatar
    38 posts
    Registered:
    05 Apr 2012
    06 Feb 2014 in reply to David
    Link to this post

    Hi

    I think I have figured out why there was apparently no user what so ever after sending down a username that was in the default membership provider. At least I think this is the problem. When setting up the SecurityTokenIssuer, you specify the MembershipProvider. Obviously when I was feeding the name back, it couldn't find it in the specified membership provider.

    Recording this for posterity.

  4. Stefani Tacheva
    Stefani Tacheva avatar
    718 posts
    Registered:
    06 Dec 2016
    06 Feb 2014
    Link to this post
    Hello,

    I am glad to hear the you manage to resolve the problem. Thank you for sharing this information with the community.

    Regards,
    Stefani Tacheva
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
4 posts, 0 answered