Vulnerability in EPiServer.Forms
I'm trying to add user settings to our intranet solution. We're based on Windows/AD users, and now I wonder whether the built-in personalization functionality (of CMS 5 R 2) may be used when EPiServer users don't exist ?
The idea is to implement functionality in the master for sensing whether or not the current page has any properties available for customization, possibly through the page implementing an interface of my design.
Do I have to write my own personalization data storage routines, and if so, would it be a good idea to "borrow" the functionality from asp.net (LoadPersonalizationBlob / SavePersonalizationBlob) ?
You should be able to use the standard SQL profile provider (on which the EPiServerProfile is built). It only matches usernames of the logged in user and the profile so I don't think it would care which membership provider authenticates the user.
Beware though, that if the user name changes in the AD the profile settings will be lost (or mixed if changed to a preexisting username).
Thank you, got i to work. An OK solution, simple & easy.
What baffled me for a while, was that only predefined properties (in web.config / profile) may be used, where I expected to be able to use it as an associative array.
What I did not find, was a method in EPiServerProfile to check if a property with a certain name actually exists (only built-in option to try/catch - wrap an access attempt) ? Well, it could be done with an enumrator, I guess, it just, well, baffled me. ;-)