I have a site that has two sets of users, the clients employees, and external users who are invited to use this new system. The requirement is to use Window Authentication for the employees, and a login form taking credentials for the external users to log them into the Sitefinity system, so using the default Membership provider.
I have got the Windows authentication going quite well via the Sitefinity STS project and setting up a single sign on solution, and using the Ldap membership provider. Debugging through the STS project, it appears to me that the crucial piece of information is the users name.
When I alter the code to try and send down a username for a user that exists in the default membership provider, nothing works. I get 403 Forbidden on every page on the site, including ones that are available to everyone, such as the login page. It almost seems like that the user doesn't exist at all.
My plan (for background) is to set up the Windows Auth STS to redirect if the user is not authenticated like this:
if (winPrincipal != null && !winPrincipal.Identity.IsAuthenticated)
//throw new ConfigurationException("This web site is not correctly configured for Windows authentication."); //this is the original line
This will redirect them to a different application which will be a modification of the STS code except it will check the username and password against a custom webservice which will internally call VerifyUser() on the UserManager class. If that succeeds (which is an area of uncertainty with me at the moment), the application will generate a token to pass back. The idea being that a user comes to the home page of the site, and will be signed in automatically if they are an employee on the network, and a login page if they are not on the network.
So, after writing this, I have two questions. The first, why can't I pass back a username from the STS project which exists in the default membership provider to access the site. The second, now with the site using an external source of authentication, will I be able to use the UserManager.VerifyUser() to check the credentials against the Sitefinity database?
Any help or suggestions gratefully received.