Hi all, I'm looking for some advice. My current project is our intranet employee site, where access to view contents on the site is granted by one role. There will be close to 1,000 users, with users being hired and terminated on a regular basis. Needless to say, I want to avoid having to manually maintain users in this site, if possible.
Access will be strictly by Active Directory login and auto-registration (site registration is turned off), so I know that if a user registers, they are authorized for access. Likewise, if a user is locked out in AD, they will no longer be able to log into the site, so that portion will take care of itself.
So for new user registration, my plan is to use a User Registered event handler to do the following:
-
Double check that site registration is turned off, and that the user's ID is present in AD (safety check)
-
Grant the security role to the user.
-
Sign the user out with a redirect to a page with an explanation that they are now registered, and instructions to sign in again.
I know that step 3 is the recommended way for users to be granted new security access, but for optimum user experience, I would like to make login seamless. Would it be possible (and safe) to instead call the portion of the login process code that establishes role membership (followed by a page refresh), so the user is granted the access on the fly?
Thanks!
Jamie