User Registered handler - seeking advice

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
7/28/2011 1:27:48 PM
Jamie E
Gravatar
Total Posts 1203
View Posts
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

User Registered handler - seeking advice

Hi all, I'm looking for some advice. My current project is our intranet employee site, where access to view contents on the site is granted by one role. There will be close to 1,000 users, with users being hired and terminated on a regular basis. Needless to say, I want to avoid having to manually maintain users in this site, if possible.

Access will be strictly by Active Directory login and auto-registration (site registration is turned off), so I know that if a user registers, they are authorized for access. Likewise, if a user is locked out in AD, they will no longer be able to log into the site, so that portion will take care of itself.

So for new user registration, my plan is to use a User Registered event handler to do the following:

  1. Double check that site registration is turned off, and that the user's ID is present in AD (safety check)
  2. Grant the security role to the user.
  3. Sign the user out with a redirect to a page with an explanation that they are now registered, and instructions to sign in again.

I know that step 3 is the recommended way for users to be granted new security access, but for optimum user experience, I would like to make login seamless. Would it be possible (and safe) to instead call the portion of the login process code that establishes role membership (followed by a page refresh), so the user is granted the access on the fly?

Thanks!
Jamie

7/28/2011 5:04:17 PM
IndigoTea
Gravatar
Total Posts 355
View Posts

Re: User Registered handler - seeking advice

Jamie,

I haven't integrated mojoPortal with Active Directory yet; closest I've come was integrating AD and SharePoint.  Would it be more feasible to write a custom service that's called by AD to set up the profile, role, etc. in mojo? That way as soon as they hit the intranet, they get the info that's specific to their role (by dept.?)

7/29/2011 6:20:45 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: User Registered handler - seeking advice

Hi Jamie,

I would try in step 3 instead of logging out and redirecting, just call mojoRoleProvider.ResetCurrentUserRolesCookie();

I "think" that should do the trick.

Best,

Joe

8/1/2011 10:28:00 AM
Jamie E
Gravatar
Total Posts 1203
View Posts
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: User Registered handler - seeking advice

Thanks Joe! I'll give that a try and let you know how it goes.

Jamie

8/25/2011 6:31:02 PM
Jamie E
Gravatar
Total Posts 1203
View Posts
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: User Registered handler - seeking advice

Hey Joe, just to let you know (and anyone else who is interested), calling ResetCurrentUserRolesCookie() in my user registered handler after assigning roles to the user is working like a charm in my testing. Now we'll have a virtually self-maintaining security infrastructure for the Active Directory users on our sites. To make this customization really useful and future-proof, I created a custom Administration menu item where we can maintain, per site, a group of default roles to be assigned to all newly registered users, default roles for the users who exist in AD, and default roles for users who don't exist in AD. It's always great to work on mojoPortal extensions and features, because thanks to this great platform, everything just works, and it really feels like anything is possible.

Jamie

You must sign in to post in the forums. This thread is closed to new posts.