+1-888-365-2779
Try Now
More in this section

Forums / Security / Combining AD membership provider and Sitefinity role provider?

Combining AD membership provider and Sitefinity role provider?

3 posts, 0 answered
  1. Chris
    Chris avatar
    57 posts
    Registered:
    12 Nov 2008
    19 Nov 2009
    Link to this post
    I know I've read about that solution somewhere, but can't find the information anymore.

    I want users to be able to log in with their AD credentials, but I don't have any control over the AD groups for role management. Is it possible to use the Telerik AD membership provider for user login, but manage roles through the Sitefinity role provider in the CMS? Or does that lead me towards a custom membership and / or role provider?

    Thanks!
    Chris
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    19 Nov 2009
    Link to this post
    Hello Chris,

    Sitefinity is only acceptor for AD user and roles. The only way to achieve your requirement is adding custom code in the code behind of your Login control and add the user that is trying to loggin as a cms user and add it to a new role - say ADCmsRole. The AD user uses his/her  credentials to access Sitefinity backend. Here we are creating the same user with the same password in Sitefinity default membership provider. Then we add the user to a Sitefinity role.

    void Login1_Authenticate(object sender, AuthenticateEventArgs e)
        {
            //AUTHENTICATE THE USER THROUGH AD PROVIDER
            e.Authenticated = Membership.Providers["AD"].ValidateUser(this.Login1.UserName, this.Login1.Password);
        }
        void Login1_LoggedIn(object sender, EventArgs e)
        {
            //CHECK WHETHER WE HAVE THE SAME USER IN OUR DEFAULT PROVIDER
            MembershipUser user = UserManager.Default.GetUser(this.Login1.UserName);
            if (user == null)
            {
                //GET AD USER'S USER NAME
                MembershipUser adUser = Membership.Providers["AD"].GetUser(this.Login1.UserName, false);
                //CREATE A NEW USER IN THE DEFAULT PROVIDER
                user = UserManager.Default.CreateUser(adUser.UserName, this.Login1.Password);
                UserManager userManager = new UserManager(this.Login1.MembershipProvider);
                //ADD THIS USER TO SITEFINITY ROLE
                userManager.AddUserToRole(adUser.UserName, "ADrole");
            }
        }

    All the best,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  3. Chris
    Chris avatar
    57 posts
    Registered:
    12 Nov 2008
    19 Nov 2009
    Link to this post
    Thanks, I'll try to create something in that direction.

    Edit: Just in case somebody else has similar requirements - the cleanest solution for me was to use the TelerikADMembershipProvider and a custom role provider. This lets me create my own roles, and assign Active Directory users using the "All Users" section and search function.

    The role provider is fairly simple and has only 2 additional features:
    - When I add a role to a user, the details of that user account are copied to the Sitefinity database if that user doesn't already exist there.
    - When I delete roles from a user and that user does not have any other roles assigned, the user details are deleted from the Sitefinity database to prevent legacy user entries.

    This way, the login control can stay unmodified and even Windows Authentication works if needed.

    Cheers,
    Chris
Register for webinar
3 posts, 0 answered