Best Practices
General > Best Practices > Check Credentials and Roles via 3rd party API View modes: 
User avatar
Member
Member
tag2453-gmail - 6/10/2009 1:17:09 PM
   
Check Credentials and Roles via 3rd party API
Where is the best place to implement the following?

When a user logs in to the site, I want to first check the kentico user database. If user does not exist there then I need to call an XML-RPC API from an external Contact Management System to check credentials there and also determine user's roles.

Looks like I have several choices but not sure which way is best:

1) Custom Login control
2) Custom Event handler
3) Custom UserInfo and Role Provider
4) Other???

If you could please tell me best method and provide any sample code or resources I'd appreciate it.


User avatar
Kentico Developer
Kentico Developer
kentico_martind - 6/21/2009 9:25:19 AM
   
RE:Check Credentials and Roles via 3rd party API
Hello,

I would recommend using Custom security handler. If UserInfo object in OnAuthentication method is null user hasn't been authenticated yet. You can also find some useful code examples in Managing users and Managing roles articles.

Best Regards,

Martin Dobsicek

User avatar
Member
Member
ndeych-gmail - 11/23/2011 11:26:49 AM
   
RE:Check Credentials and Roles via 3rd party API
Were you able to succesfully achieve this? I am using the Custom Security Handler but the userInfo object is always null even though the user exists in Kentico

User avatar
Member
Member
ndeych-gmail - 11/23/2011 11:27:03 AM
   
RE:Check Credentials and Roles via 3rd party API
Were you able to succesfully achieve this? I am using the Custom Security Handler but the userInfo object is always null even though the user exists in Kentico

User avatar
Member
Member
kentico_michal - 11/24/2011 6:35:46 AM
   
RE:Check Credentials and Roles via 3rd party API
Hello,

First of all, could you please let me know what version of Kentico CMS you are using?

If the UserInfo object is null, it means that the user has not been authenticated, for example because the UserName was not found in the system or the user has entered an incorrect password.

Anyway, what password format do you use?

Best regards,
Michal Legen