Security question

Posted by Community Admin on 04-Aug-2018 19:04

Security question

All Replies

Posted by Community Admin on 07-Oct-2013 00:00
1.  I have a forms authentication against a SQLmembershipDB.  however it has custom code in it.
2.  I have all this in a usercontrol that I can just drop on a page.
3.  I'm looking for the quickest way I can make this work in sitefinity.

the reason I say quickest is I need it to work quick but in the near future I am going to re-write out security using a STS service for Single Signon so if it's not pretty or fast right now I'm fine with that as in (hopefully) 3-4 months I can find the time to re-write our security properly.

I have a secure area in sitefinity that only a special role can view.  "sfUser"
when this page is hit it redirects to my login page with my usercontrol in it.  it logs in correctly but I don't guess sitefinity see's it as I get redirected back evertime I hit the page

I have tried adding the following in just after Authentication in the usercontrol in sitefinity but it doesn't seem to be working.
//for sitefinity.  this is really cheating as the login has already happened but this makes sitefinity aware of it.
                   if (!sUserName.Contains("@"))
                   
                       sUserName += "@kantarhealth.com";
                   
                   var userMan = UserManager.GetManager("AspNetSqlMembershipProvider");
                   var currUser = userMan.GetUser(sUserName);
                   if (userMan.ValidateUser(sUserName, sPassword))
                   
                       if (userMan.ValidateUser(sUserName, sPassword))
                       
                           //if you need to get the user instance use the out parameter
                           Telerik.Sitefinity.Security.Model.User userToAuthenticate = null;
                           SecurityManager.AuthenticateUser(userMan.Provider.Name, sUserName, sPassword, false, out userToAuthenticate);
  
                           RoleManager roleManager = RoleManager.GetManager("AspNetSqlRoleProvider");
                           if (!roleManager.RoleExists(roleName))
                           
                               roleManager.CreateRole(roleName);
                               roleManager.SaveChanges();
                           
                           User user = userMan.GetUser(sUserName);
  
                           bool isUserInRole = roleManager.IsUserInRole(user.Id, roleName);
  
                           Role role = roleManager.GetRole(roleName);
                           if (! isUserInRole)
                           
                               roleManager.AddUserToRole(userToAuthenticate, role);
                           
                           roleManager.SaveChanges();
                       
                   
                   //end for sitefinity
This thread is closed