CodeGarden 10: The sixth annual Umbraco Developer Conference
June 23-25th 2010 - free ASP.NET MVC pre-conference. Register today!

membershipprovider and oauth to login into umbraco backend

2/9/2010 2:37:09 PMAvatarNico LubbersLocation: wijchen, hollandposts: 141Karma: 143
0

Hi all,

I am trying to get the UsersMembershipProvider to validate against a (external) webservice. This way I can make a single login system based on oAuth (which is provided by my client) where Umbraco is using the accounts of another (external) CMS-system to validate users against.

To make it clear: I am talking about the login into the umbraco CMS here... so not to be confused with members of the website.
Users that are already logged in into the clients CMS should be (with a click on a menu-button) automatically loggin in into Umbraco by using the oAuth protocol.

Now I have it pretty much working, but I still need to do adminitration of users in Umbraco, as it seems that there the membershipprovider is not used...

So I would like to validate if my approach is correct... this is how it works now:

Step 1: implement a membership provider which inherits umbraco.providers.UsersMembershipProvider
Step 2: implement an aspx which accepts an oAuth token and validates it against the other CMS returning true or false AND the roles the user has.
Step 3: use the roles from the webservice to work with umbraco

If I look into the source of /umbraco/login.aspx.cs the following code is there:

        protected void Button1_Click(object sender, System.EventArgs e)
        {
            // Authenticate users by using the provider specified in umbracoSettings.config
            if (Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser(lname.Text, passw.Text))
            {
                if (Membership.Providers[UmbracoSettings.DefaultBackofficeProvider] is ActiveDirectoryMembershipProvider)
                    ActiveDirectoryMapping(lname.Text, Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].GetUser(lname.Text, false).Email);

                BusinessLogic.User u = new User(lname.Text);
                doLogin(u);

                ...

 

I would expect that it is possible to have no user administration in umbraco, because it is already in the other CMS. But somehow I am overlooking it. My solution now is to have atleast a username for each account in the other CMS to be duplicated in Umbraco. In my opinion not a very robust way (double administration you know)...

My code looks like this (pseudo)

    protected void Page_Load(object sender, EventArgs e)
    {
        // use the oAuth request parameters to validate against the 3rdPartyCms webservice
        myUser = GetUserDetailsFromoAuth();

        if (Membership.Providers["UsersMembershipProvider"].ValidateUser(myUser.userName, userPassword))
        {
            umbracoUsername = convert3rdPartyCmsUser();
            umbraco.BusinessLogic.User u = new User(umbracoUsername);
            doLogin(u);

 

Any ideas on to improve this?

Nico

 

 

 

 

Please login or Sign up To post replies