Authentication service in mojo

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

8/26/2009 10:22:44 AM

Przemek Lopaciuk

Total Posts 37

View Posts

Authentication service in mojo

I have a website which is non-mojo, let's call it MyWebsite.

Let's now assume that when a user registers in either of the websites it's instance (in database) is created for both sites.

Now a question: Is there a way to authenticate the user in mojo when the user signs in with MyWebsite? Is there some service for it?

MyWebsite is WCF/ C# / ASP.MVC and it is custom built.

I just don't know where to start.

Thanks,

Przemek

8/27/2009 7:36:42 AM

Joe Audette

Total Posts 18439

View Posts

Re: Authentication service in mojo

Well the mechanics of signing in are basically 2 steps the lookup/validation and the setting of the FormsAuthentication cookie which is what makes a user signed in. Web apps can only set cookies in their own site host name so if both mojo and your app are in the same host name then signing into one is the same as signing into the other assuming both apps have the same users synchronized somehow.

If the apps are under different host names signing into one does not sign into the other because they can't set cookies for each other only for themselves. Security features of both the browser and the server prevent different sites from setting or reading each other's cookies.

Hope it helps,

Joe

9/24/2009 10:08:34 AM

Przemek Lopaciuk

Total Posts 37

View Posts

Re: Authentication service in mojo

Hi Joe,

I've been digging into authentication in mojo and I'm a little worried by one thing -> Role Providers.

There is a function in code called GetRolesAndSetCookie() and it creates a custom FormAuthenticationTicket and based on it the FormsAuthentication cookie is created.

Does it make any difference for authentication? It won't be enough just to call -> FormsAuthentication.SetAuthCookie(siteUser.Email, false); on the other site to authenticate?

I will put mojo in virtual directory so the hostname will be the same for both sites.

Thank you,

Przemek

9/24/2009 2:08:30 PM

Joe Audette

Total Posts 18439

View Posts

Re: Authentication service in mojo

I don't think you need to worry about the role provider.

Are you having any problem where the roles are not available after the user signs in?

The Roles Cookie is set using a custom forms authentication ticket simply as a means to encrypt it the same as the actual authentication cookie.

If the user is authenticated I "think" the role provider will create this cookie for you automatically. But if roles don't seem to work using your custom authentication then you can copy the role cookie code from the role provider and use it in your custom authentication.

Hope it helps,

Joe

10/26/2009 5:21:35 PM

Przemek Lopaciuk

Total Posts 37

View Posts

Re: Authentication service in mojo

There was no problem with role provider.

What I really did was

implemented forms authentication in my website
made sure that the machinekey in web.config is the same for both sites

And it works like a charm!

Thanks Joe,

Przemek

You must sign in to post in the forums. This thread is closed to new posts.