More in this section

Forums / Developing with Sitefinity / Centralised Login for whole website with our features, forum, blog, etc

Centralised Login for whole website with our features, forum, blog, etc

15 posts, 0 answered
  1. Shishir
    Shishir avatar
    7 posts
    Registered:
    22 Jan 2009
    08 Apr 2009
    Link to this post
    Hi i am evaluating sitefinity for my company so we can make decision to buy and use it or not with out new project. I have to present a Proof Of Concept with the possibility what we are looking for.

    We are having 4 countries which have their own database in their respective countries. We use their webservices provided to us to do all the operations in respect to sending and retrieving data and authenticating login.

    Now we want to develop the whole system in sitefinity but use the authentication from the countries webservices and the same authentication should be valid across all the features of website including Forums, Blogs, News etc.( that means we are not using sitefinity internal authentication). The user should not signup for forums and blogs differently.

    And also if forums, blogs and other modules can validate pages against our session id which is a Guid.

    This means once the customer logins through our login page he can use all the features without logging in again  for forums etc.

    Sorry for any kind of repetation. Just trying my best to present the scenario.

    Thanks
    SK
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    09 Apr 2009
    Link to this post
    Hi Shishir,

    Thank you for your interest in our products.

    Your requirement is not out of the box. We will have this implementation for 4.0 release. If you want to use this feature in the current release you should implement Single sign-on with Forms Authentication

    Regards,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer , the state of the art learning tool for Telerik products.
  3. Shishir
    Shishir avatar
    7 posts
    Registered:
    22 Jan 2009
    09 Apr 2009
    Link to this post
    Hi
    Thanks for the reply. I have gone ahed in building the proof of concept and things seem fine.

    We required an ecommerce module which i think linqcommerce should do. Any comment for linqcommerce if appropriate would be appreciated.
    Ans if you could list other options available for sitefinity modules.

    Now to be more specific about my concern.
    For single signon, i have created a login status user control and placed it on the master page and suppose session is stored as-
    session["username"] = userName;
    session["token"] = someGuid;

    Now suppose a customer clicks on forums and wants to click on reply at a particular thread then how will the forum identify the username and if his session is valid by verifying token session against a webservice returning true or false.
    Also how can i set his role to edit, delete or just post.

    For blogs the same as when the customer wants to comment then how will the blog identify the username and verify token if his session has expired or not. 

    Thanks
  4. Slavo
    Slavo avatar
    295 posts
    Registered:
    24 Sep 2012
    15 Apr 2009
    Link to this post
    Hi Shishir,

    Basically all over Sitefinity we use the provider model. This includes membership, which you are asking about. We have provided two built-in membership providers, one for Forms authentication and one with Windows authentication (Active Directory). You can of course write your own membership provider and plug it in Sitefinity.

    Each module in the system, which needs to authenticate a user, does it through the Membership API, which in turn calls the provider you have specified. So in short Forums, Blogs and all other features of Sitefinity would use the same authentication API.

    It is up to you to decide what that authentication would be. The default provider for Forms authentication stores user information in the project database, so it wouldn't be suitable for your scenario, unless you use the same database for all your projects. I guess you don't want to use Active Directory as a membership source, so the other built-in provider does not work either. Then the only option left is to make your own membership provider. 

    The task here would be to implement the needed API, and basically you can do whatever you want. You can call a service to authenticate users, and if the service is called by the same membership provider present in all your sites, that would effectively provide the same membership to all of them. The task just becomes writing a membership provider and using it in all the sites. Here are some links, with more information about Sitefinity membership and writing custom membership providers in ASP.NET (the model used in Sitefinity):


    If you also need common roles for users in all you sites, then implement a role provider, the task is pretty much the same. Then you can use the Sitefinity admin interface to assign users to roles and set permissions for those roles. You can do it separately for each module.

    I hope this makes the picture clearer. Please ask if you have any other questions.

    All the best,
    Slavo
  5. sam
    sam avatar
    102 posts
    Registered:
    31 Jan 2008
    15 Apr 2009
    Link to this post
    Hi Slavo,

    You mentioned there is a built is AD provider. How do I implement this? Is there any info anywhere about this?

    Thanks
  6. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    15 Apr 2009
    Link to this post
    Hi Sam,

    Yes, we have this information available. Please take a look at this article - Dev.Manual - Active Directory Authentication.

    Kind regards,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  7. Shishir
    Shishir avatar
    7 posts
    Registered:
    22 Jan 2009
    03 Jun 2009
    Link to this post
    Environment:
    We pass username and password to webservices of different countries and get true(Authentication success) or false(authentication failed).
    I have implemented CustomMembershipProvider and CustomRoleProvider.
    i can view the custom roles from Forum->Permission and select provider as custom provider.
    I have created forums in sitefinity and am able to assign the permissions to the role.
    Issues:
    1.)
    I dont want even creator of thread be able to delete or edit the thread. All permissions are Denied including view but even then creator can edit or delete his thread.
    2.)
    The other thing is i can get the list of all the users specified in custom membership provider as i am returning 5 users. i can view the users and assign them to role. But in actual scenario i dont have list of all the users as they are in millions across different countries and i need to assign a particular role to a user as soon as he is authenticated. How can i achieve this without sitefinity admin.
    3.)
    Other Issue:
    If i do not logout of the test running website i cannot login to sitefinity admin area.
    error is:

    Server Error in '/POC' Application.

    This type of page is not served.

    Description: The type of page you have requested is not served because it has been explicitly forbidden.  The extension '.aspx' may be incorrect.   Please review the URL below and make sure that it is spelled correctly.

    Requested URL: /POC/Sitefinity/Admin/Default.aspx


    Version Information: Microsoft .NET Framework Version:2.0.50727.3082; ASP.NET Version:2.0.50727.3082

    Thank You
  8. Shishir
    Shishir avatar
    7 posts
    Registered:
    22 Jan 2009
    05 Jun 2009
    Link to this post
    In addition to the above post Shishir, 6/3/2009 6:09:55 PM
    point 1.) revised:
    The default Provider i notice is Sitefinity. but in web.config  securityProviderName=""

    Below is copy paste in respect to what i am talking.

    <forums defaultProvider="Sitefinity">
    <
    providers>
    <
    clear/>
    <
    add name="Sitefinity" securityProviderName="" profileProviderName="Sitefinity" type="Telerik.Forums.Data.DefaultProvider, Telerik.Forums.Data" connectionStringName="DefaultConnection" visible="true"/>
    </
    providers>
    </
    forums>

    Now i can just view the forum if the user is authenticated through CustomMembershipProvider as Provider.

    And if the user and role is created within sitefinity and assigned permissions it runs perfectly as expected according to assigned permissions.

    Now the task i want to do is:
    Set permissions for forums to my custom role.
    Assign role to user as soon as he is authenticated.
    Also do i need to change securityProviderName or anyother thing in web.config if i want to use my custom role but all data and functionality is maintained by sitefinity.

    Thanks
    SK
  9. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    08 Jun 2009
    Link to this post
    Hello Shishir,

    Set permissions for forums to my custom role.
    You can do this through Sitefinity interface - Permissions, there should be a drop down with your providers.

    Assign role to user as soon as he is authenticated.

    After you validate the user you an assign it to a role using Roles class. For instance you can check whether the user is authenticated

    this.Login1.Authenticate += new AuthenticateEventHandler(Login1_Authenticate); 

    Then validate it using UserManager.Default.ValidateUser. Finally you can assign the user to a role using

    Roles.AddUserToRole(username, rolename); 

    You can change the securityProviderName and use your custom provider or AD.

    Regards,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  10. Shishir
    Shishir avatar
    7 posts
    Registered:
    22 Jan 2009
    09 Jun 2009
    Link to this post

    Hi,

    Thanks for the reply. I have already been using that code with some issues.
    Let me elaborate the problem. The Custom Role i created and assigned permissions does not work. So to remove the scope of problem with CustomRole creation now using sitefinity roles.

    In CustomMembershipProvider class-
    ------------------------------------
    public override bool ValidateUser(string username, string password)
    {
       if (username and password match)
      {
         Roles.AddUserToRole(username, "DevelopmentTeam");
         // string[] user = { username };
         // string[] role = { "DevelopmentTeam" };
         // Roles.Providers["Sitefinity"].AddUsersToRoles(user, role);
      }
    }

    In a usercontrol to diaplay on page-
    -------------------------------------
    when i try to get this-

    string[] roles = Roles.GetRolesForUser();

    for (int i = 0; i <= roles.Length - 1; i++)
    {
         Response.Write(roles[i]);
    }

    Response.Write(Roles.RoleExists("DevelopmentTeam").ToString());

    The role "DevelopmentTeam" has been created in Sitefinity and the user is authenticated from validateUser in CustomMembershipProvider class.
    As seen above, as soon as the user is authenticated i am assigning him to the role whose provider is sitefinity.

    But with the check in Global.asax file.-
    i have also alternatively tried the commented code, but same behaviour.

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
            if (HttpContext.Current.User != null)
            {
                if (HttpContext.Current.User.Identity.IsAuthenticated)
                {
                    if (!Roles.IsUserInRole("DevelopmentTeam"))
                    {
    (BreakPoint)-------------->Roles.AddUserToRole(HttpContext.Current.User.Identity.Name, "DevelopmentTeam");
                             // string[] username = { HttpContext.Current.User.Identity.Name };
                            // string[] role = { "DevelopmentTeam" };
                            // Roles.Providers["Sitefinity"].AddUsersToRoles(username, role);
                    }
                }
            }
        }

    Scenario 1-
    When Provider is set to Sitefinity in Login Control.
    After authentication i CAN view, create, post reply and delete threads in forums.
    Roles.GetRolesForUser() returns roles[0] as "administrators" and roles[1] as "DevelopmentTeam".
    Roles.RoleExists("DevelopmentTeam").ToString() returns true.
    With the check in Global.asax file it DOES NOT come to Breakpoint.

    Scenario 2-
    When Provider is set to CustomProvider in Login Control.
    After authentication i CANNOT create, post reply and delete threads in forums, just view and edit and delete if the thread has been created by current user.
    Roles.GetRolesForUser() returns nothing for roles[0].
    Roles.RoleExists("DevelopmentTeam").ToString() returns true.
    With the check in Global.asax file it comes to Breakpoint on load/refresh of every page.

    So to conclude, the role exists but somehow AddUserToRole does not work with CustomProvider.

    Please help
    Thanks.

  11. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    12 Jun 2009
    Link to this post
    Hi Shishir,

    I assume that you have created the roles before assigning the users to them. It seems that the user you are authenticating has not been added to the role. Here is a sample code that you can use during the logging of your user

    protected void Page_Load(object sender, EventArgs e) 
        { 
            if (!IsPostBack) 
            {         
     
                this.Login1.MembershipProvider = UserManager.Default.MembershipProvider.Name; 
            } 
            this.Login1.LoggedIn += new EventHandler(Login1_LoggedIn); 
            this.Login1.Authenticate += new AuthenticateEventHandler(Login1_Authenticate); 
        } 
     
        void Login1_Authenticate(object sender, AuthenticateEventArgs e) 
        { 
            e.Authenticated = UserManager.Default.ValidateUser(this.Login1.UserName, this.Login1.Password); 
        } 
     
        void Login1_LoggedIn(object sender, EventArgs e) 
        { 
            UserManager userManager = new UserManager(this.Login1.MembershipProvider); 
            MembershipUser user = userManager.GetUser(this.Login1.UserName); 
            if (!userManager.IsUserInRole("myRole")) 
                userManager.AddUserToRole(user.UserName, "myRole"); 
        } 

    I hope this helps.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  12. Shishir
    Shishir avatar
    7 posts
    Registered:
    22 Jan 2009
    02 Jul 2009
    Link to this post

    Ahh Finally it works.
    First i would like to thank sitefinity support and i feel the response/help is simply overwhelming.

    The problem was even after authentication the user wasnt being added to the role.
    The reality is, even after user is valid for the current session and login / logout works.
    The user didnt really exist as i am not validating against ASP.Net database for Membership and Roles but just a webservice method where i pass

    username,password and it returns true or false.
    I dont have access to any other functionality like creating users etc so i could not define any other method in custom membership/role provider class.

    And the user could not access the permissions set as he dosent exist.

    I discarded the custom membership provider and custom role provider.

    Now As i have created a Role in Sitefinity.
    i.e Provider = Sitefinity, Role = DevelopmentTeam.

    This is how my class looks like now

    public partial class UserControls_FinalLoginControls_LoginControl : UserControl
    {
        void Page_Load(object sender, EventArgs e)
        {
            this.Login1.Authenticate += new AuthenticateEventHandler(Login1_Authenticate); 
        }

        void Login1_Authenticate(object sender, AuthenticateEventArgs e)
        {
              /////////////////Webservice WSLogin////////////////////////
             WSLogin.Login wsl = new WSLogin.Login();
             e.Authenticated = wsl.AuthenticateUser(this.Login1.UserName, this.Login1.Password);

             //Can write in LoggedIn too
            if (e.Authenticated)
            {
                UserManager.Default.CreateUser(this.Login1.UserName, this.Login1.Password);

                if (!UserManager.Default.IsUserInRole("DevelopmentTeam"))
                    UserManager.Default.AddUserToRole(this.Login1.UserName, "DevelopmentTeam");
            }
        }

        public Login Login
        {
            get
            {
                return this.Login1;
            }
            set
            {
                this.Login1 = value;
            }
        }
    }

    Now i can see the user also being added within sitefinity Admin. Altough i didnt want that but whatever works.

    All is fine but something more i want:

    1) I dont see any Method in UserManager like UserManager.Default.UserExists()
    i dont want GetAllUsers as it can return thousands of users.
    Something like first check if user exists, if not only then create user.
      if(!UserManager.Default.UserExists())
                  UserManager.Default.CreateUser(this.Login1.UserName, this.Login1.Password);

    2) I can clear the database when
    --a---) the user logs out and
    --b---) as soon session expires.
    --c---) even if still somehow user is left in databse (suppose if the person dosent logout and closes the browser or any unwanted event) a maintainence job to clear the database.

    SK

  13. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    07 Jul 2009
    Link to this post
    Hi Shishir,

    For the first request.

    1. You can use MembershipUserCollection to get all users and check whether the user that is trying to log in exists.

    sample code:


         MembershipUserCollection collection = Membership.GetAllUsers(); 
            foreach (MembershipUser user in collection) 
            { 
                if (user.UserName != Login1.UserName) 
                { 
                    // do something. 
                } 
            } 

    2. For the second request - "maintainence job to clear the database" I am not sure what you want to clear from the database. If you want to delete the user you can use uManager.DeleteUser() method.

    I hope this helps.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  14. Shishir
    Shishir avatar
    7 posts
    Registered:
    22 Jan 2009
    08 Jul 2009
    Link to this post

    Hi Ivan,

    Thanks for the reply.

    1. I dont want to get the list of all the users. Just check if the current user already exists or not.
    Maybe a small code to check that directly from the database, through sql query or Nolics ORM.

    2. I want to delete all the users belonging to the Role "DevelopmentTeam".

    SK

  15. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    08 Jul 2009
    Link to this post
    Hello Shishir,

    1. You can use GetUser and directly CreateUser - in this cases you need to catch or skip the exception. It does not make sense to use nolics since the provider users stored procedures and you will not get any resuts faster.

    2. To delete all users from a role you need first to check whether the user is in a role and then remove it -  UserManager.IsUserInRole().

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
Register for webinar
15 posts, 0 answered