13 Jan 2011
20 Jan 2011
Link to this post
Is there a reference that will explain in more detail how authentication works in Sitefinity?
How do the pages know if a user is logged in or not?
Our current architecture is: I've built a custom login user control(included the control in a sitefinity built webpage). The UC creates an object CustomMembershipProvider(that inherits MembershipDataProvider). The CustomMembershpProvider(implemented method GetUser(string un)) connects to a wcf server(passing Login/Pword), the wcf server then connects to an in-house sql server for validation. If the credentials are good, then we create an object(Credentials) and pass it back to the CustomMembershipProvider. The CustomMembershipProvider uses the values(from Credentials) to create a Telerik.Sitefinity.Security.Model.User object and returns it back to the custom login user control.
At this point I get a little fuzzy on what I need to do. Do I put the User object in Session? Any cookies I need to write? I'd like to use as much SF built in functionality as possible to control access to the pages(and to build pages), but I need to know what those pages are looking for to determine if a user is logged in or not.
I've set up two test pages(called CustomLogin & LoggedInPage),
I set the Permissions for LoggedInPage:
CustomLogin has default permissions.
If I try to access LoggedInPage directly, I get an HTTP 404 error, I don't understand why I would get that error message(instead of a "you're not logged in" message or something like that).
P.S. It's impossible for us to use the built in tables/authentication for Sitefinity. We have too many users in other tables(other applications) for us to try and synch them up. Also we're in the health care industry, we can't put the database outside the firewall if it contains personal data(the wcf part).