More in this section

Forums / General Discussions / Authentication Overview

Authentication Overview

2 posts, 0 answered
  1. Chris
    Chris avatar
    10 posts
    Registered:
    13 Jan 2011
    20 Jan 2011
    Link to this post
    Is there a reference that will explain in more detail how authentication works in Sitefinity?  
    How do the pages know if a user is logged in or not?

    Our current architecture is:  I've built a custom login user control(included the control in a sitefinity built webpage).  The UC creates an object CustomMembershipProvider(that inherits MembershipDataProvider).  The CustomMembershpProvider(implemented method GetUser(string un)) connects to a wcf server(passing Login/Pword), the wcf server then connects to an in-house sql server for validation.  If the credentials are good, then we create an object(Credentials) and pass it back to the CustomMembershipProvider. The CustomMembershipProvider uses the values(from Credentials) to create a Telerik.Sitefinity.Security.Model.User object and returns it back to the custom login user control.

    At this point I get a little fuzzy on what I need to do.  Do I put the User object in Session?  Any cookies I need to write?  I'd like to use as much SF built in functionality as possible to control access to the pages(and to build pages), but I need to know what those pages are looking for to determine if a user is logged in or not.

    I've set up two test pages(called CustomLogin & LoggedInPage), 
    I set the Permissions for LoggedInPage:
    Allow: Authenticated
    Deny: Anonymous
    CustomLogin has default permissions.

    If I try to access LoggedInPage directly, I get an HTTP 404 error, I don't understand why I would get that error message(instead of a "you're not logged in" message or something like that).

    P.S.  It's impossible for us to use the built in tables/authentication for Sitefinity.  We have too many users in other tables(other applications) for us to try and synch them up.  Also we're in the health care industry, we can't put the database outside the firewall if it contains personal data(the wcf part).
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    31 Jan 2011
    Link to this post
    Hello Chris,

    You can take a look at Sitefinity 4.0 Developers Guide - Security

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered