Old Forums
Search:
Portal Engine Questions on portal engine and web parts.
Version 5.x > Portal Engine > Custom Security Handler - OnAuthenticate View modes: 
User avatar
Member
Member
Raja Tirumala Rao - 9/30/2010 11:43:37 PM
   
Custom Security Handler - OnAuthenticate
Hi ,

When we try to use Kentico Api for authentication , does that cause the OnAuthenticate event to be raised ,if the custom security handler is implemented ?
User avatar
Kentico Support
Kentico Support
kentico_radekm - 10/1/2010 5:47:45 AM
   
RE:Custom Security Handler - OnAuthenticate
Hello.

CustomSecurityHandler class handles following events:

OnAuthentication - the user tries to sign in with user name and password
OnClassNameAuthorization - checking user's permissions for particular document type
OnResourceAuthorization - checking user's permissions for particular module
OnTreeNodeAuthorization - checking user's permissions for particular document
OnFilterDataSetByPermissions - filtering a DataSet with documents based on permissions or custom personalization rules

You can find more info here: http://devnet.kentico.com/docs/devguide/security_handler.htm

Best Regards,
Radek Macalik

User avatar
Member
Member
Raja Tirumala Rao - 10/1/2010 6:22:24 AM
   
RE:Custom Security Handler - OnAuthenticate
Hi ,

Thanks for the response. I guess i did not make the question clear.
I have implemented the "OnAuthentication" event handler, when i try to login from the UI i am able to get into the OnAuthentication method.

How ever my question if if i programaticallly try to login using calling the AuthenticateAPU method directly , would this cause OnAuthentication even to be fired?

Thanks in advance for the response.

User avatar
Kentico Support
Kentico Support
kentico_radekm - 10/18/2010 4:58:34 AM
   
RE:Custom Security Handler - OnAuthenticate
Hello.

Yes, when CustomSecurityHandler is enabled, it should handle this situation as well.

There is a condition for this directly in AuthenticateUser() method:
// Run custom authentication event if set
            if (SettingsKeyProvider.UseCustomHandlers)
            {
               //...
            }

Best Regards,
Radek Macalik

User avatar
Member
Member
Sendil - 1/31/2011 11:35:39 AM
   
RE:Custom Security Handler - OnAuthenticate
Hi,

We are looking to authenticate and establish CMS session without using the Login Page.
i,e through a webservice/wcf call, we would like to use an API in kentico which would Authenticate and establish Session, so that when a user from an external System deep links to a Page [To be Authenticated] in Kentico CMS should not be authenticated by Kentico, as the user is already authenticated by External System[WebService/WCF]

Please let us know if you have any info related to this scenario.

Thank you,
Sendil

User avatar
Kentico Support
Kentico Support
kentico_radekm - 3/7/2011 3:15:36 AM
   
RE:Custom Security Handler - OnAuthenticate
Hello.

Kentico CMS allows you to write a custom authentication provider. In this way, the provided user name and password are checked against an external user profile source/authentication source and if the user is successfully authenticated, the user account is automatically created/updated in the Kentico CMS database, without copying the user password.

You can learn more about custom authentication in chapter Security handler (CustomSecurityHandler class)..

This is related to integrating authentication with external systems, which is what you want to achieve. Could you please clarify what exact problem do you have, compared to example provided in our documentation?

Basically, our system needs existing record for given user (in our system). To authenticate given user, you can use following example code:

/// <summary>
        /// Authenticate given user.
        /// </summary>
        /// <param name="userName">User name</param>
        /// <param name="createPresistentCookie">Indicates if persistent cookie should be created</param>
        public static void AuthenticateUser(string userName, bool createPresistentCookie)
        {
            UserInfo ui = UserInfoProvider.GetUserInfo(userName);
            if (ui != null)
            {
                // Set authentication cookie
                FormsAuthentication.SetAuthCookie(ui.UserName, createPresistentCookie);

                // Set context values
                SetCurrentUser(new CurrentUserInfo(ui, true));
                UserInfoProvider.SetPreferredCultures(ui);

                // Log authentication event
                EventLogProvider ev = new EventLogProvider();
                ev.LogEvent(EventLogProvider.EVENT_TYPE_INFORMATION, DateTime.Now, "Authentication", "AUTHENTICATED", ui.UserID, ui.UserName, 0, null, HTTPHelper.GetUserHostAddress(), null, CurrentSiteID, HTTPHelper.GetAbsoluteUri());
            }
        }


Best Regards,
Radek Macalik

User avatar
Member
Member
jharris2-sorenson - 2/2/2012 4:55:57 PM
   
RE:Custom Security Handler - OnAuthenticate
You said the user account is automatically created/updated in the Kentico CMS database. We are changing the code to allow username changes. But every time we change the username it creates a new user in the database instead of updating the old one. Is there something I need to do in order to allow it to update?
User avatar
Kentico Support
Kentico Support
kentico_radekm - 2/20/2012 6:29:20 AM
   
RE:Custom Security Handler - OnAuthenticate
Hello.

Can you clarify where do you change that user name? Do you mean on external DB against which you authenticate users? If so, I am afraid this will be a problem, as our AuthenticateUser method uses single parameter for user's identification only - userName. So when you change it and it does not match anymore, it is being consider as a new user and corresponding logic is done.

Best Regards,
Radek Macalik

Top