Authenticate users from custom SQL database
Hi Everyone,
I have a few custom controls in SiteFinity 4 that i want to protect. These controls communicatie with their own SQL database and this database also has a users table. I've setup a small control with username and password field, and i want to redirect users to a page that has this login control. In my login control i use the standard way of creating a FormsAuthenticationTicket to login the user.
This last bit doesn't work! It did, before, in SiteFinity 3.7, but my user never gets the IsAuthenticated status.
Can anyone point me in right direction on how to solve this / setup this login mechanism?
Thanks in advance, Tevez
Hello Tevez,
You need to use SecurityManager.AuthenticateUser
sample
User sfUser;
var result = SecurityManager.AuthenticateUser(
this
.MembershipProvider,
this
.UserName,
this
.Password,
this
.RememberMeSet, outsfUser);
boolauthenticated = result == UserLoggingReason.Success;
This works for authenticating users that are registered within sitefinity,
but can i use this to authenticate my customers (that are stored in a database outside sitefinity) as well?
Hello Tevez,
If you use ASP.NET Membership provider then you can use the same code. In this case it does not matter if you use separate database to store the user or the database generated by Sitefinity.
You can gather more information about how authentication works from this post.
Regards,
Ivan Dimitrov
the Telerik team
Hi Ivan,
I see lot of information on the forum, but also lot's of questions, .. i didn't solve mine by reading all the posts.
It looks like there is 3.7 and 4.x information (because people are upgrading).
At some point it seems very easy to me; just write a custom membership provider, right?
One that inherits from either Telerik.Sitefinity.Security.Data.MembershipDataProvider or Telerik.Sitefinity.Security.Data.OpenAccessMembershipProvider.
But i tried to do so, with a class that inherits the OA provider, with some overrides for the ValidateUser methods. I registered the provider in the backend and tried to validate a user with the following code:
UserLoggingReason reason = SecurityManager.AuthenticateUser("myMembershipProvider", txtLogin.Text.Trim(), txtPass.Text.Trim(), true);
Hello Tevez,
Could you check what returns the highlighted line?
User sfUser;
var result = SecurityManager.AuthenticateUser(this.MembershipProvider, this.UserName, this.Password, this.RememberMeSet, outsfUser);
bool authenticated = result == UserLoggingReason.Success;
Regards,
Ivan Dimitrov
the Telerik team
Hi Ivan,
This returns false. And result = Unknown.
Does this give you any clue?
Regards, Tevez
Hello Tevez,
"Unknown" generally means Invalid username or password specified.
Success | 0 | User was successfully registered as logged in | |
UserLimitReached | 1 | The limit of maximum simultaneous logged in users is reached | |
UserNotFound | 2 | User not found in any provider | |
UserLoggedFromDifferentIp | 3 | User is already logged in from different IP address | |
SessionExpired | 4 | Indicates that the user logical session has expired | |
UserLoggedOff | 5 | User have the authentication cookie but does not have logged in the database or user is already logged out. | |
UserLoggedFromDifferentComputer | 6 | More than one users trying to login from the same IP but from different computers. | |
Unknown | 7 | Invalid username or password specified. | |
NeedAdminRights | 8 | User is not administrator to logout other users | |
UserAlreadyLoggedIn | 9 | User already is logged in. We need to ask the user to logout someone or himself | |
UserRevoked | 10 | User was revoked. The reason is that the user was deleted or user rights and role membership was changed. |