Claims-based authentication failing after upgrade to R2

Vote:
 

We have a claims-based authentication solution set up pretty much like in Ben's post:

http://world.episerver.com/Blogs/Ben-Morris/Dates/2010/6/Converting-EPiServer-6-to-use-claims-based-authentication-with-WIF/

We have custom role- and membership-providers for storing role-information in SQL when a user is offline.

After upgrading from CMS 6 to CMS 6 R2, our custom role- and membership-providers are no longer called, so login always fails.

 

As an experiment, I setup an out-of-the-box EPiServer 6 site with "Demo Templates" and added the WIF-configuration in Ben's post. I added a custom WindowsRoleProvider to simply log calls to GetRolesForUser. The role-provider would get called when logging in to the site.

But, after upgrading the demo-site to R2 with Deployment Center, the role-provider would never get called again.

After removing the 2 HTTP-modules:

 <add name="WSFederationAuthenticationModule" type="..."/>
 <add name="SessionAuthenticationModule" type="..."/>
, from the demo-site, the role-provider would again be called.
 

 Is there a way to use custom role/membership-providers in a claims-based solution with CMS 6 R2 ?

#54705
Oct 29, 2011 12:35
Vote:
 

A workaround for this is to manually decorate the ClaimsPrincipal with role-claims like in Adis' blogpost: http://adisdelalic.wordpress.com/2010/09/15/episerver-and-claims-based-security/

This gives some challenges in CMS 6 R2 when keeping track of virtual roles vs. roles from claims.

#54733
Oct 31, 2011 19:59
Vote:
 

Hi Mads

I blogged about using custom role/membership providers with WIF:

http://world.episerver.com/Blogs/David-Knipe/Dates/2010/9/Enabling-Windows-Identity-Foundation-WIF-in-EPiServer/

I am using this on a project at the moment (still in dev right now).

David

#54768
Nov 01, 2011 23:27
Vote:
 

Thanks David,

In our CMS 6 solution, we were relying on EPiServer to call our custom ClaimsRoleProvider for us, and that worked out fine, until the upgrade to R2.

Now we just need to call the provider ourselves as you (and Adis) have shown.

 

Mads

 

#54769
Nov 01, 2011 23:51
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.