1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / members only areas within the website front end

members only areas within the website front end

14 posts, 0 answered
  1. martin
    martin avatar
    43 posts
    Registered:
    10 Feb 2009
    25 Feb 2009
    Link to this post
    I have a question I need answering - and answering hopefully pretty swiftly.

    We are in the process of producing an major update to an existing client of ours. The CMS system we have been pointed towards is Sitefinity and in general it seems to do pretty much all we'll need.

    But there's one area I'm unsure of and it's an area that NEEDS to work of else the client will go elsewhere.

    The client has members and thus needs members-only areas of the Sitefinity website. Now, these members come in various categories and sub categories. These categories are (and will be) held on a 3rd party portal that Sitefinity will need to interact with.

    So, you have:

    Area "A" - visible to everyone.

    Area "B" - which is only accessible to logged-in members with attribute "B" set to true within their details on the 3rd party database.

    Area "C" - is only accessible to logged-in members with attribute "C" set to true.

    But now, here's the extra complication...
    Area "D" - is only accessible to logged-in members with BOTH attributes "B" and "C"... so although the attributes are the same as the first two - it's specifically that combination that the restricted area's coding would need to check.

    Is this possible? Is it easy? I need to know, because without this we would have to go elsewhere.

    I've come across this article:

    http://www.sitefinity.com/support/knowledge-base/kb-article/b1154K-bakk-b1154T-cmb.aspx

    But I'm unsure if this will (a) take database info from a 3rd party source and (b) cope with various combinations of membership levels.

    Many thanks in advance!

    Regards,
    Martin.
  2. Ivan
    Ivan avatar
    478 posts
    Registered:
    16 Jun 2015
    25 Feb 2009
    Link to this post
    Hi martin,

    Sitefinity is using standard ASP.NET Membership model for working with users and providing security infrastructure. ASP.NET Membership model is provider based, which means that it does not limit its functionality to working with any specific kind for data storage (e.g. SQL Server or even database).

    So, before I go into more details, Sitefinity is perfectly capable of what you are after.

    While I cannot fully explain the ASP.NET Membership and provider model in this ticket, I will give you broad directions and suggestions. For specifics you can consult following articles later on:

    ASP.NET Membership:
    http://www.sitefinity.com/support/knowledge-base/kb-article/b1154K-bakk-b1154T-cmb.aspx

    Provider model pattern:
    http://msdn.microsoft.com/en-us/library/ms972319.aspx

    The general idea is following:

    Let us assume that for the backend (or Sitefinity administration) you are satisfied with the built in membership (stored in SQL Server for example) and you do not wish to mix the public members with the admin staff. So, the next step for you is to define additional membership provider in the web.config file as it has been described in the KB article you have found yourself:
    http://www.sitefinity.com/support/knowledge-base/kb-article/b1154K-bakk-b1154T-cmb.aspx

    Now, here comes the twist. In the KB article, author is implementing a standard ASP.NET built-in provider (System.Web.Security.SqlMembershipProvider), however, you will have little use of this provider since you need to communicate with the thrid party system. In order to achieve this you will need to implement your own membership provider which will not communicate with the database, but rather this 3rd party system. Here is a link to the good article that explains this:
    http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

    Also, you may try querying google for "implementing custom membership provider", which will return you some 8 million results - so you are not alone in this.
    http://www.google.com/search?hl=en&q=implementing+custom+membership+provider&btnG=Google+Search&aq=0&oq=implementing+custom+me

    This, solves the problem of integrating Sitefinity with the third party membership system. What we are left with is implementing the business logic for the end users.

    Sitefinity comes with a very simple user interface command that denies access to anonymous users, so the first task is of the trivial nature. You just deny the access.

    Now, you are referring to the attributes ("A", "B", "C")... since you will be using Membership system, I suggest we move to its terminology. In ASP.NET Membership every user can belong to one or more roles. So, instead of having attributes, users will belong to roles. Allow me to digress for a moment, users can also have attributes such as height, home address, name of the dog... and so on, which are called Profile properties (there is also Profile provider), but let us go back to our initial task.

    So, we have found the way to separate anonymous and logged in users. What we are left with is to apply different rules based on their roles. For rules which include single role, this is quite straightforward since you can use built in page permissions to define access rights based on the roles. Since you can set permissions only per roles, you will not be able to set certain permission only if user belongs to roles "A" AND "B". Nevertheless, there are simple workarounds for this scenario.

    - First, we can create some sort of a joint role and call it "AB". In your provider you can simply implement this logic, by making sure that users that belong to roles "A" and "B" also automatically become members of role "AB". While this is probably the simplest way to handle this, it may prove hard to maintain in the future because it is to be expected that business rules will change.

    - Second option would be more robust and would go somewhat in this direction. You would create a simple http handler that would intercept the request to the CMS and perform the user / role / business rules analysis. If user is not allowed to see the requested page or resource you would redirect him to some predefined page, otherwise you wouldn't do anything. Here is a KB that explains this approach:
    http://www.sitefinity.com/support/knowledge-base/kb-article/b1154K-bake-b1154T-cmb.aspx

    Finally you could create a module or tool which would allow business users to define business rules on the fly. E.g. You would parallel provide the tree view with all the pages and list of roles with checkboxes. Then business user could select a given page and mark the roles required for access to that page and its children, thus effectively creating a business rule.

    I am sorry for the lengthy post, but the subject is such that I could not have answered it shorter and provide all the needed information. Let us know if there is anything else we can do for you.

    Kind regards,
    Ivan
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  3. martin
    martin avatar
    43 posts
    Registered:
    10 Feb 2009
    26 Feb 2009
    Link to this post
    Hello Ivan,

    First off - BIG thanks for they swift reply.

    Second off - no need to apologise for a long post... the more information the better.

    Third off (after a first read of your thoughts) - a couple of things I'll clarify... to double check I've not inadvertently mislead you:

    The database that would be supplying the "A", "B", "C" etc. information to Sitefinity already exists and is specifically used for other primary tasks away from Sitefinity... so I assume that for your solution to work, the 3rd party database doesn't NEED to be formatted in a particular way?

    That (already existing) 3rd party database has a lot of different parameters, which will be mixed & matched to create results needed for access. Each member will belong to one of roughly 15 categories and then also have roughly 30 attributes attributed to them. So the number of possible different combinations becomes pretty big... hence why having a role labelled "A+B" would indeed be time consuming and restrictive.

    Realistically we would need to be able to automatically apply multiple "roles" to a logged on user (one role for every attribute) and then have the permissions gateway (for want of a better word) know which groups of attribute(s)/role(s) must come back "true" for access to specific areas.

    Cheers,
    m.
  4. Ivan
    Ivan avatar
    478 posts
    Registered:
    16 Jun 2015
    26 Feb 2009
    Link to this post
    Hello martin,

    here are the answers to your concerns:

    1. The provider model pattern allows for a lot of flexibility here. The way this works is more or less like this: User comes to Sitefinity and attempts to log in (provides user name and password). Sitefinity then calls the ValidateUser method on Membership provider and passes the username and password user has entered. Since you are implementing the custom provider, it is completly up to you will you return true or false in this method. E.g. you can query your third party database there, check first if user exists, then check if attribute "CanAccessSitefinity" is true... no limitations - completely up to you and your implementation. Also, no need to reformat the database... at least not because of Sitefinity.

    Regarding points 2 & 3, you should follow my suggestion on custom http handler and you should be able to handle all this pretty simply.

    So, all in all, you've understood me correctly. It can be done and I don't think that cost of this implementation would be significant. Also, due to the specifics of your requirements, I can hardly imagine you will find out of box solution, so my advice (even if you don't go with Sitefinity) is to look for an extensible solution, because at the end of the day you will be doing the implementation.

    I hope you'll find this information helpful. Let us know if there is anything else we can do for you.

    All the best,
    Ivan
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  5. martin
    martin avatar
    43 posts
    Registered:
    10 Feb 2009
    08 Jun 2009
    Link to this post
    Hello Ivan (and whoever else at support might read this),

    We are still going with Sitefinity for this website... I know we are some way on from February 2009, but other work on other sites has pushed this job's deadline back.

    I have been setting up a "demo" sitefinity site with multiple pages using various Master files  to control templates and themes. I am now rapidly heading towards the point where we will need to start work on the various "members" pages and the ability to log-in via this 3rd party database.

    I have re-read this thread, I have re-read the "Working with multiple membership and role providers" article, we have attempted to set-up the example within that article (using the zipped files supplied within the article) purely as a test... unfortunately that example test failed to work (I have raised a ticket, which includes the server's error report, about this but have not had a response yet).

    I think I happily grasp the principles of what Sitefinity can do in regard to what we require... but the actual implementation of those ideas (actual physical coding) seems to be something I'm struggling to grasp - not being an experienced ASP.Net user. Threads like this one help grasp the idea, but having an idea and putting it into action are two different things.

    I am hoping that someone within support (for a $900 product) can assist me, with a blow-by-blow stage-by-stage A-B-C guide to setting up this asspect of Sitefinity. General pointers are good for generic ideas about what can be done, but specifics are required for assistance in getting that idea working.

    All help greatly received.

    Regards,
    Martin.
  6. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    12 Jun 2009
    Link to this post
    Hello Martin,

    I have also re-read the whole communication and information provided here, and agree that the scenario is not an out-of-the-box one.

    I want just to add one thing, since the last notes were several months ago. Starting from version 3.5, we now have permissions per provider, which means that you could define permissions for the users from your custom providers.

    We can provide you with an A-B-C guide, but we will need what exactly you are trying to achieve and what point from this implementation you have reached already.

    Kind regards,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  7. martin
    martin avatar
    43 posts
    Registered:
    10 Feb 2009
    15 Jun 2009
    Link to this post
    Hello Georgi,

    "We can provide you with an A-B-C guide, but we will need what exactly you are trying to achieve and what point from this implementation you have reached already."

    Thank you for your response.

    In regard to what point we are at... specifically on the point of "front-end membership" then I would suggest we are at the very start. :(

    I am a relative newbie to Sitefinity (although I am learning lots). I am a total newbie in regard to ASP.Net programming. I have a tech colleague who is much more knowledgeable about running servers and setting IIS etc. etc. but even for him ASP.Net is not his primary field (he's more Linux and PHP), so please do not run with assumptions that we "know" the ins and outs of how do this.

    So:

    1) We have (through a UK hosting company) a dedicated server for our client. It's a Windows Standard Edition server which is primarily controlled via a "Plesk" browser-based control panel, although we do have remote desktop access.

    2) We have several (4) related websites (all for same client) currently running on that server. That 4 includes the "in-progress" sitefinity site which needs the members-only areas and another related "live" site built with Sitefinity.

    3) We have Sitefinity itself actually installed on the server and are working in the current site "live" on that remote server. I believe it is the initial Sitefinity v 3.6. We have a temorary domain name in place, purely so we (and we alone) can preview the site away from the Sitefinity Admin area page previews.

    4) I have been building pages directly into Sitefinity, but haven't as-of-yet actually tackled the front-end membership aspect because we weren't fully understanding what the requirements are.

    5) The front-end membership needs to involve logging in to a 3rd party database... rather than logging in to Sitefinity's own database. But obviously, the log-in needs to occur via the Sitefinity web pages... and then having Sitefinity use that log-in to allow certain users visit certain pages and other users visit other pages.

    6) Thus, as far as I understand it, files within Sitefinity itself will need manual amending (like the web.config) so that Sitefininty understands it's using more than one database... it's own for the site Admin (myself) and another remotely hosted, for the front-end membership. I equally assume that the Login User Control file will also require amending, so that the action of filling in that log-in interacts with the 3rd party database - rather than it'sd own internal.

    7) This 3rd party database already exists, it is not being built specifically for Sitefinity's use. It's being hosted remotely by another company (TSG) and is accessable via a "portal". The IP address for the portal has been assigned as a subdomain of the final proper domain that our site will use. Via an iframe within certain pages we are able to access the database's remote log-in... but that's obviously loggin in DIRECTLY to the portal - rather than having Sitefinity perform the log-in.

    8) I have received an information PDF from TSG in regard to how they see setting up log-in to their portal from our site. But the information is somewhat generic. I can supply their info if this will help.

    9) So, as I have tried to explain previously. We need a Sitefinity site where (A) front-end membership is separate to admin membership. (B) front-end membership involves loging in to a 3rd party database. (C) various different attributes from that 3rd party database will assign those members to various different predefined Sitefinity roles... which will (D) allow those members access to their specific members areas.

    I am not sure what further details you guys would need from us, to allow you to supply the "A-B-C" guide offered.

    Regards,
    Martin.
  8. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    16 Jun 2009
    Link to this post
    Hello martin,

    You need to implement your own custom membership and role providers

    Implementing a Membership Provider
    The membership provider should be specific to your data source.

    Implementing a Role Provider
    The role provider should be specific to your data source. This will give you the opportunity to create and manager your roles through Sitefinity interface.

    Afterwords you should add the membership and role provider in Sitefinity connection string. First you need to add a new connection string that points to your external database.

    membership

     <membership defaultProvider="Sitefinity" userIsOnlineTimeWindow="15" hashAlgorithmType=""
          <providers> 
            <clear/> 
            <add name="Sitefinity" connectionStringName="DefaultConnection" type="Telerik.DataAccess.AspnetProviders.TelerikMembershipProvider, Telerik.DataAccess" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0"/> 
            <add name="Sitefinity1" connectionStringName="Custom" type="YOUR_TYPE_HERE" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0"/> 
          </providers> 
        </membership> 

    role provider

    <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="Sitefinity"
          <providers> 
            <clear /> 
            <add connectionStringName="DefaultConnection" applicationName="/" 
              name="Sitefinity" type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess" /> 
            <add connectionStringName="Custom" applicationName="/" 
             name="Sitefinity1" type="TYPE_HERE" /> 
          </providers> 
        </roleManager> 

    In the security section you are specifying cmsProvider

    <security defaultProvider="DefaultSecurityProvider" cmsProvidersName="Sitefinity"

    The above configuration uses the default Sitefinity membership provider for logging into Sitefinity's backend. All users from the custom provider will not be able to loggin into Sitefinity's backend. The login control has MembershipProvider property that can be used in case you have various poroviders and you want to specify which one will be used by the control.

    Kind regards,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  9. martin
    martin avatar
    43 posts
    Registered:
    10 Feb 2009
    16 Jun 2009
    Link to this post
    Hello Ivan,

    Thanks for your response.

    I don't wish to sound ungrateful, but I'm still just as confused about the situation as I was before.

    I stated in my previous post that: "I am a total newbie in regard to ASP.Net programming."... which I know isn't Telerik's fault or problem, but having stated that I am told: "You need to implement your own custom membership and role providers" and pointed towards to generic Microsoft web pages, which are obviously written in a style for those much more familiar with .net programming.

    For example, one of the first lines on the page I'm pointed to states: "To implement a membership provider, you create a class that inherits the MembershipProvider abstract class from the System.Web.Security namespace."... my initial response is 'what?'

    "You create a class" - how? and where would it go once you've made it?
    "inherits the MembershipProvider abstract class" - what's an abstract class?
    "from the System.Web.Security namespace" - what's a namespace?

    I'm sorry, but for a newbie - it's all tech gibberish and I can't seem to find anything on the net that attempts to cover it in layman's terms.

    Regards,
    Martin.
  10. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    16 Jun 2009
    Link to this post
    Hello martin,

    Since, MSDN is the global resource for .net development there is no better documentation anywhere else. Your task requires implementing of membership and roles providers which cannot be done with minimum knowledge of .net.

    What is abstract class  - MSDN - Abstract Classes
    Namespace - it allows you to remove ambiguity between components that may have the same classes and same file name. A good tutorial is http://www.asp.net/get-started/

    We could provide some assistance and sample codes related to Sitefinity. The whole implementation depends on you, although we provide a lot of customization and fully working custom codes. If you need something specific that should be implemented, we suggest you to ask our implementation partners.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  11. martin
    martin avatar
    43 posts
    Registered:
    10 Feb 2009
    16 Jun 2009
    Link to this post
    Hello Ivan,

    My apologies if my previous post seemed a bit curt.

    I fully understand that MSDN is the global resource for .net development and I equally appreciate that (for those who understand) it's a GREAT resource.

    My frustration is not with Telerik staff or the Sitefinity software. I just wish I'd have known when this job came to us that the level .net knowledge needed to apply this link to the 3rd party database was as high as it's turning out to be.

    The site itself, it's templated design and admin editability is working fine - and the ability to apply roles and members and such using the internal database is great... but we have to link externally and (not being Telerik's problem) it's being a thorn in my side.

    As you suggest, I may have to get in touch with your implementation partners.

    Thanks,
    Martin.
  12. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    16 Jun 2009
    Link to this post
    Hi martin,

    If you get stuck with some code or need guidance, please write back to us.

    Regards,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  13. martin
    martin avatar
    43 posts
    Registered:
    10 Feb 2009
    30 Jul 2009
    Link to this post
    Hi Ivan,

    Well, we're getting a bit further - but it still seems like a slow old process (not that that's Telerik's fault).

    I have a chap in the US, who's helping with the code. He deals with .net coding and so is much more capable than I in creation of this membership provider and role provider stuff.

    He has supplied me a couple of test files, which I have placed as he requests and we're getting an error response when trying to log in to the 3rd party database.

    I have posted details (including a detailed error report) in a specific support ticket. I'm hoping that someone at Telerik can look at said error report and possibly advise at where the problem might lie.

    From there I then have to start thinking about phase two... where once logged in successfully, we can apply appropriate Roles to the user (based upon data within their external database) to allow access to specific pages of the Sitefinity site.

    Cheers,
    Martin.
  14. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    30 Jul 2009
    Link to this post
    Hi martin,

    To apply the roles you can use UserManager class. Sample code can be found below:

    UserManager userManager = new UserManager(this.Login1.MembershipProvider); 
    MembershipUser user = userManager.GetUser(this.Login1.UserName); 
    userManager.AddUserToRole(user.UserName, "myRole"); 

    We will take a look at the support ticket and get back to you.

    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
Register for webinar
14 posts, 0 answered