1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Custom entry security script?

Custom entry security script?

12 posts, 0 answered
  1. andersleet
    andersleet avatar
    155 posts
    Registered:
    03 Jun 2009
    02 Jul 2009
    Link to this post
    Hey everyone,

    How might I go about creating a custom entry script with security? I am using SF to replace a current online help desk and the current one utilizes a COM object so it can validate the user our platform software. I have the code that handles this already written out (in VB.NET), so all I need to know is where to put it and how to make it work...and possible convert it over to C#.

    Thanks!
    anders
  2. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    07 Jul 2009
    Link to this post
    Hello andersleet,

    Generally, you should map the existing users somehow to roles in Sitefinity, since the permissions are based on Roles. You might end up with additional provider.
    If your COM object can work with Forms authentication, then you can use it directly with Sitefinity. Everyone authenticated through it can be assigned to a specific role.

    Unfortunately the scenarios are too many, and I am not able to provide you with certain information. Perhaps if you can elaborate more, I will be able to point you in the right direction.

    Regards,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  3. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    07 Jul 2009
    Link to this post
    Hello andersleet,

    Follow up. As for the conversion, you might try to use our online code converter.

    Regards,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  4. andersleet
    andersleet avatar
    155 posts
    Registered:
    03 Jun 2009
    07 Jul 2009
    Link to this post
    Hi Georgi,

    Thanks for the reply. Here is a basic run-down of how our authentication works:

    User selects the link inside the program to launch the help desk. The program then creates a temporary html page with a form that submits a few pieces of data along with a validation code. The form then autosubmits (javascript onload), and then the help desk reads in the form data and validates that the code is correct. Once this happens, I set some session variables to tell the help desk if this person is support/non-support (there are special areas of the site that are support only, and others that give some information to non-support and all info to support).

    Does this give you a better idea of what I am going after?

    Regards,
    anders
  5. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    09 Jul 2009
    Link to this post
    Hi andersleet,

    Alright then, you are using Forms Authentication.
    You should first import your users to Sitefinity, or create a provider than can work with them. In other words, Sitefinity should know to which role the users are assigned, and what their rights should be. Then you should implement a Single Sign on - please take a look in the following forum post.

    All the best,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the newTelerik Support Portal.
    Check out the tipsfor optimizing your support resource searches.
  6. andersleet
    andersleet avatar
    155 posts
    Registered:
    03 Jun 2009
    17 Jul 2009
    Link to this post
    Hello Georgi,

    Thanks for the reply. Unfortunately, there are no user/passwords for the current system...the authentication is performed when the user launches the system from our desktop program. Where can we go from here?

    Thanks,
    anders
  7. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    17 Jul 2009
    Link to this post
    Hi andersleet,

    Most probably your application uses windows credentials to authenticate the users. So, they have to be stored somewhere. If not, can you elaborate a bit more, so that we could try to come up with a solution.

    Regards,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  8. andersleet
    andersleet avatar
    155 posts
    Registered:
    03 Jun 2009
    17 Jul 2009
    Link to this post
    Sure, this is how the authentication works right now:

    1. User launches our platform application
    2. User clicks a link inside of this application to go to the web application
    3. When this link is clicked, our platform application creates a temporary HTML file with a form that contains authentication information and a CRC value
    4. The web application verifies the data that was in this form, if it validates then the user is let into the web site, otherwise an error message is displayed.

    Does this clarification help?

    Regards,
    anders
  9. andersleet
    andersleet avatar
    155 posts
    Registered:
    03 Jun 2009
    21 Jul 2009
    Link to this post
    Can I use the existing method, except store the client information in a session variable or something similar that could be accessed across the site? But since the pages aren't physical pages (or I have yet to find where they are stored in my file structure), how could I do checks on each page?

    Regards,
    anders
  10. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    23 Jul 2009
    Link to this post
    Hello andersleet,

    I am still wondering why don't you use the Forms Authentication and create an authentication cookie when the user is validated. All you have to do, it so to have a user in Sitefinity, which will impersonate the users from your application. Your 3rd party application users will be logged through this user. Take a look at our login control - you should be able to use it for the authentication, but will provide it with the username and password of the Sitefinity user by default (without making the users type the password).

    Sincerely yours,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  11. andersleet
    andersleet avatar
    155 posts
    Registered:
    03 Jun 2009
    23 Jul 2009
    Link to this post
    Thanks for the reply Georgi.  From what I took away from your last post, I should create a user in the system and then when one of my users from the third-party application launches this system, they will be validated and then logged in as this user I created.  Will there be any issues with multiple people logging in as the same user?

    As far as validating the user goes, where should I put my validation script? Can I create a Default.aspx in my site root and place the script in there? Or perhaps some other sort of launch page thats sole purpose is a gateway?

    I am not 100% used to using a CMS for my web projects, generally I write things from the ground up so I have more control/knowledge about what is happening with the system, so please excuse my silliness :)

    Regards,
    anders
  12. andersleet
    andersleet avatar
    155 posts
    Registered:
    03 Jun 2009
    24 Jul 2009
    Link to this post
    Hey Georgi/Ivan,

    I just had an idea that I think may work until I can devise something a bit more elegant, but I need your help!

    Ok, so what if I create an authentication page (I would add this page in Visual Studio) just like the current one I have (except optimized for C#) and have my third-party application navigate to this page I created. This page will do all the authentication, and if it validates lets the user continue into the site.

    Here is what I need help with:
        1. How do I get the system to recognize and/or interact with a page I create outside of the system (e.g. adding the page to the project in Visual Studio). Or, would it be easier/better practice if I created a page within the system and created user controls to handle the authentication and put them on that page?
        2. If I set a cookie on this custom page saying this person is authenticated, how can I get each of the pages to read that cookie? Could I create a user control that reads cookies and will redirect to a not authorized page if the cookie is missing/not validated?

    What do you guys think? Would this be feasible?

    Regards,
    anders
Register for webinar
12 posts, 0 answered