Custom Authentication Provider?

This is an open forum for any mojoPortal topics that don't fall into the other categories.

This thread is closed to new posts. You must sign in to post in the forums.

2/8/2009 6:56:32 PM

aussiegirl

Total Posts 1

View Posts

Custom Authentication Provider?

We are evaluating different open source CMS solutions for our next development project and I have a question about MojoPortal. Is it possible to plugin a custom authentication provider to MojoPortal?. All our users already exist in our main application and the web site would communicate with it through web services - authentication of users would need to go through the web service. Is it possible to plug in our own authentication provider that implements our own logic or would this require changes to the core? Any guidance would be appreciated.

Thanks

2/9/2009 4:31:06 AM

Joe Audette

Total Posts 18439

View Posts

Re: Custom Authentication Provider?

Hi,

There are a number of ways it could be done. I think the approach I would pursue would have the basic steps of:

1. Remove the exsisting login/register links from the layout.master file of the skin.

2. Implement a custom module that you could plug into the page or a custom page and your own cusotm login/register links to put in layout.master.

3. In your custom module or page you validate the user against your web service and then set a FormsAuthentication cookie to log the user in. Add some logic to check if the user exists in the mojoportal database and if not create one for the user. There are existing methods to check the exsitence and create a user. mojoPortal does use its own users and roles internally so it must create a user internaly even if it auths against your web service. The same is true when using ldap/active directory or NTLM authentication

The above should not require any changes to mojoportal core but if you encounter something that is needed in the core to support what you are trying to do, you can submit the change and I will review it and consider it for inclusion. With the above scenario the only thing I think of that would be desireable is a web.config setting to disable the existing login and register pages since removing the links doesn't prevent someone from navigating to them.

Hope it helps,

Joe

10/12/2009 3:43:48 AM

stickymantis

Total Posts 1

View Posts

Re: Custom Authentication Provider?

Hi Joe,

I've seen a few threads now which concern the same problem I have. I would like to plug in my own authentication (and other) provider but mojoPortal does not make this easy since the use of mojoMembershipProvider is hard-coded and we should not need to modify core functionality. If the chosen provider was set in a .config file that would make life so much easier. If there are new methods implemented/required by mojoMembershipProvider beyond the base class then you could create an ImojoPortalMembershipProvider interface for us to implement. This would apply to all Provider classes used by mojoPortal.

It's early days for me using this so maybe I'm missing something.

Many thanks.

10/12/2009 2:10:47 PM

Joe Audette

Total Posts 18439

View Posts

Re: Custom Authentication Provider?

Hi,

The way I would solve this is to create a project with a custom Login.aspx and optionally Register.aspx page (depending if new users can register) and use post build events to copy those up to Web/Secure as well as copy your dll to the Web/bin

You can bypass our membership provider completely, you do not have to implement one and should not. You can do what we do when using LDAP or Windows auth. In your custom page you would authenticate against whatever you like, if the authentication succeeds you check if its an existing mojoportal user and if not then just create one to keep mojo in sync with your members. We do need a mojoPortal SiteUser for each of your users but it is not needed to use the membership system.

Look in the Web/Components/AuthHandlerHttpModule.cs for example code how to check if the user exists and create if needed.

Hope it helps,

Joe

You must sign in to post in the forums. This thread is closed to new posts.