Security handler (CustomSecurityHandler class)

The security handler allows you to integrate external user databases and modify the authentication and authorization process.

In the following example, you will learn how to integrate an external user authentication using the custom security handler. For simplicity, it doesn't use any particular database. Instead, it only checks if the current user name and password are equal to some constants.

In real-world scenario, you will need to replace this condition with lookup of the user name with given password in your external database.

using CMS.SiteProvider;

using CMS.CMSHelper;

// Check if the user was authenticated by the system

if (userInfo != null)

{

return userInfo;

}

// Sample external user credentials

UserInfo usr = null;

// Not authenticated, authenticate from the external source

if ((username.ToLower() == "externaluser") && (password == "pass"))

{

// Create base user record if user found

usr = new UserInfo();

usr.IsExternal = true;

usr.UserName = "externaluser";

usr.FullName = "external user";

usr.Enabled = true;

// Init user sites and roles if requested

Hashtable rolesTable = new Hashtable();

string siteName = CMSContext.CurrentSite.SiteName;

// Assign user to the current site

usr.SitesRoles[siteName.ToLower()] = rolesTable;

// Add new role "external role" and assign it to the user

rolesTable["external role"] = 0;

}

// Return the user info

return usr;