November Happy Hour will be moved to Thursday December 5th.

Isn't the Configurable Authentication Provider Chain a bit pointless?

Vote:
 
Hi, I'm building a solution using EPiServer 4.62 and the client I am building the solution for requires their users to Authenticate using an external datasource. Enter the Configurable Authentication Provider Chain. No problem, right? I thought I'd make life easy and hook into the built-in EPiServer page access rights functionality to control access to pages on the website, so I built my custom Authentication Provider and to integrate with EPiServer roles I added a Roles table to my external datastore made sure that the rolenames in this table had matching roles in EPiServer. Once Authentication succeeds, I use the user object returned from my external datastore to create a UserSid. The code extract below is a section of the DatabaseAuthenticationProvider that has been modified to suit my needs... .... UserSid sid = new UserSid(user.Id, SecurityIdentityType.ExtranetUser); sid.FirstName = user.Firstname; sid.LastName = user.Lastname; sid.Name = user.Username; sid.Password = user.Password; sid.Active = true; foreach (string membership in user.Memberships) sid.MemberOfGroups.Add(Sid.Load(membership)); UnifiedPrincipal principal = new UnifiedPrincipal(sid); principal.UserData["IsRestrictedSession"] = user.IsRestrictedSession; principal.SetIPRestriction(sid.AllowedIPAddress, sid.AllowedIPAddressMask); if (principal.CheckIPAddress(e.ClientIP)) if (!principal.CheckPassword(e.Password)) { .... Now, everything works fine up to here. The line in the code above where I insert a value into the PersonalisedData collection... principal.UserData["IsRestrictedSession"] = user.IsRestrictedSession; ...is where everything goes belly-up. When the PersonalizedData collection is accessed for the first time, the UnifiedPrincipal tries to load it from the datastore. The problem is, it tries to retrieve the data from the EPiServer datastore for my external user which will obviously fail! I can't set the PersonalizedData collection either... principal.UserData = new PersonalizedData(); ... because it is read-only! Through trying to find a solution I did come across the (undocumented it seems) EPiServer.Personalization.PersonalizedDataProvider and EPiServer.Personalization.PersonalizedDataProviderConfigurationHandler classes which led me to believe that the PersonalizedDataProvider might be configurable. From disassembling the code I found that the static constructor of the PersonalizedDataProviderConfigurationHandler tries to initialise the PersonalizedDataProvider from the applications configuration file... ... provider = ConfigurationSettings.GetConfig("episerver/personalizedDataProvider") as PersonalizedDataProviderConfigurationHandler; ... So, naturally I tried adding a "personalizedDataProvider" node to the "episerver" node in the web.config file. This made my web application bomb, throwing the following exception... ....Unrecognized configuration section episerver/personalizedDataProvider... What is the point of enabling external authentication of your shiny new Authenticated user can't integerate with EPiServer???
#13308
Dec 20, 2007 16:21
Vote:
 
Apologies, I just re-read this post and realised it is a bit harsh saying the Configurable Authentication Chain is a bit pointless. I just spent a couple of days trying to get this functionality to work the way I want it to and frustration was creeping in. On basic level the Configurable Authentication Provider Chain works like a charm. I just need to manage without touching the PersonalizedData collection of the UnifiedPrincipal. It would have been nice if I could have used it to store properties of my external users though. :( If anyone has figured out a way to do this, please let me know. Cheers,
#15589
Dec 20, 2007 17:00
Vote:
 
Hi, I've been helped by EPiServer support on this one. There is a way to implement a customised PersonalizedDataProvider. I've been pointed to this forum thread... http://www.episerver.com/en/EPiServer_Knowledge_Center/Developer-Forum2/EPiServer-Developer-Forums-/1805/12221/ Thanks guys,
#15590
Dec 21, 2007 11:28
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.