Custom User Authentication

Posted by Community Admin on 03-Aug-2018 13:41

Custom User Authentication

All Replies

Posted by Community Admin on 14-Oct-2014 00:00


I have an external authentication service that (for brevity) returns true if the user is authenticated. 

Now, to start the session and authenticate them (HttpContext.Current.User.IsAuthenticated) do I absolutely have to use SecurityManager.AuthenticateUser method or is there an easier way without implementing my own CustomMembershipProvider?

If I do need to go down the CustomMP route, exactly what class do I need to inherit in order to get AuthenticateUser to work? 

I've looked at many posts regarding this topic but the answers mostly refer to MembershipDataProvider which involves overrding methods that return Users/ MembershipUsers (which I don't have since I'm authenticating externally).

Basically I guess I need an example of Case 2 in this page


Posted by Community Admin on 16-Oct-2014 00:00

Hello John, I too am going to advise to go the Custom Membership Provider route.

depending on how integrated you want the custom provider to be, you need to implement the following methods:

least amount:

- ValidateUser: use the available user and password to authenticate on your external service
- GetUser(username, isOnline) and GetUser(providerUserKey, isOnline): when the providerUserKey is used, you need two custom methods that can translate between a GUID (SF user id) and your User Id, and viceversa. For this, I use emails as my user ids, so I have a table that stores SF_guid, email, and use that to translate to SF when it needs a user from me.

To return a MembershipUser, you can instantiate it as a new object, and assign the properties from your user, at least the ones you have... the important thing is the providerUserKey, where I rely on my method GetGuidFromEmail, so I use the email to figure out the guid SF needs.

I think these two methods will let you now authenticate users with a SF login widget that is set up to use your custom provider

I also needed role management on my users, and used the roles in SF, so I had to make these methods work so that I can see the users in the backend and assign SF roles to them (and so that the user search worked):

- FindUsersByEmail
- FindUsersByName
- GetAllUsers

basically, find the users, loop thru them and create the collection of MembershipUsers to return to SF.

Other methods I implemented:

- GetUserNameByEmail: I dont know if this one was required.

The other methods I did not care about, changePassword, passwordChange settings, etc

This thread is closed