Security question
1. I have a forms authentication against a SQLmembershipDB. however it has custom code in it.
2. I have all this in a usercontrol that I can just drop on a page.
3. I'm looking for the quickest way I can make this work in sitefinity.
the reason I say quickest is I need it to work quick but in the near future I am going to re-write out security using a STS service for Single Signon so if it's not pretty or fast right now I'm fine with that as in (hopefully) 3-4 months I can find the time to re-write our security properly.
I have a secure area in sitefinity that only a special role can view. "sfUser"
when this page is hit it redirects to my login page with my usercontrol in it. it logs in correctly but I don't guess sitefinity see's it as I get redirected back evertime I hit the page
I have tried adding the following in just after Authentication in the usercontrol in sitefinity but it doesn't seem to be working.
//for sitefinity. this is really cheating as the login has already happened but this makes sitefinity aware of it. if (!sUserName.Contains("@")) sUserName += "@kantarhealth.com"; var userMan = UserManager.GetManager("AspNetSqlMembershipProvider"); var currUser = userMan.GetUser(sUserName); if (userMan.ValidateUser(sUserName, sPassword)) if (userMan.ValidateUser(sUserName, sPassword)) //if you need to get the user instance use the out parameter Telerik.Sitefinity.Security.Model.User userToAuthenticate = null; SecurityManager.AuthenticateUser(userMan.Provider.Name, sUserName, sPassword, false, out userToAuthenticate); RoleManager roleManager = RoleManager.GetManager("AspNetSqlRoleProvider"); if (!roleManager.RoleExists(roleName)) roleManager.CreateRole(roleName); roleManager.SaveChanges(); User user = userMan.GetUser(sUserName); bool isUserInRole = roleManager.IsUserInRole(user.Id, roleName); Role role = roleManager.GetRole(roleName); if (! isUserInRole) roleManager.AddUserToRole(userToAuthenticate, role); roleManager.SaveChanges(); //end for sitefinity