I'm trying to create members from code for an intranett. The members already exists in AD, but I want to create them as members in umbraco so that the editors can use role-based authentication to hide certain information, based on groupmembership in AD. I've haven't seen, or read about, any built in features for this?????
I manage to create the members and groups, and assign group membership in umbraco.
My question is: Is it possible to auto authenticate/login members? I've read the api-cheatsheet and tried the Member.AddMemberToCache(m); method, but that didn't do the trick. It might not be intended for this purpose??
The intranett is running in an Remote desktop/Terminal Server enviroment, Umbraco version 4.
I belive you'll run into trouble if you're trying to create members in both AD and Umbraco. How we've dealt with this in the past is to use the Active Directory Membership Provider and to create a custom routine to check roles (AD groups) in Umbraco.
While the members may appear in the Umbraco Member Section - you cannot mange them from Umbraco - it must be from AD or a custom editior. I think this makes sense, else you're dealing with the multiple-master scenario that Membership does not address.
Paul's right about the fact that it'd be best to have the create/ edit/ delete handled outside of Umbraco but I believe he's wrong about it not being possible. As I pointed out in this post http://our.umbraco.org/forum/developers/extending-umbraco/2484-Members-and-Active-Directory-(How-to) (I can't believe the number of AD authentication questions recently!) The ActiveDirectoryMembershipProvider has all the functionality for doing complete CRUD against the AD user store, you'd just need to make sure that the site has enough permissions to your AD store to achieve this.
I wouldn't recommend it though, just saying that it's theoretically possible
thx for the replies, but I think I gave a poor description of my problem :) I'll try again!
I do not want to have CRUD functionality for AD users from umbraco. The users will be created and maintained in AD. All I want is to be able to use the Umbraco function "Public access" to hide some information for members in certain groups. I was under the impression that the users then had to be saved as members in umbraco. Is this not true?
I have created a customsync that checks what groups the logged on windowsuser(this is on terminal server) is member of, in ad, and then create this user, if he not already exists, as an member in umbraco, and assign group membership in umbraco. The groups are, for now, created manually in umbraco, with the same name as the AD group. This is because it's just a few groups that's relavant.
This is maybe not the "best practice", but it works :) The thing I want to do now is to autologin the member that correspond to the logged in windowsuser when he log on to the terminal server enviroment and browse the intranett. The username is the same in both AD and umbraco. I can get hold of the username and use:
Problem with member authentication
Hi,
I'm trying to create members from code for an intranett. The members already exists in AD, but I want to create them as members in umbraco so that the editors can use role-based authentication to hide certain information, based on groupmembership in AD. I've haven't seen, or read about, any built in features for this?????
I manage to create the members and groups, and assign group membership in umbraco.
My question is: Is it possible to auto authenticate/login members? I've read the api-cheatsheet and tried the Member.AddMemberToCache(m); method, but that didn't do the trick. It might not be intended for this purpose??
The intranett is running in an Remote desktop/Terminal Server enviroment, Umbraco version 4.
/Bård
Duckface -
I belive you'll run into trouble if you're trying to create members in both AD and Umbraco. How we've dealt with this in the past is to use the Active Directory Membership Provider and to create a custom routine to check roles (AD groups) in Umbraco.
http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider(VS.80).aspx
While the members may appear in the Umbraco Member Section - you cannot mange them from Umbraco - it must be from AD or a custom editior. I think this makes sense, else you're dealing with the multiple-master scenario that Membership does not address.
-Paul
Paul's right about the fact that it'd be best to have the create/ edit/ delete handled outside of Umbraco but I believe he's wrong about it not being possible. As I pointed out in this post http://our.umbraco.org/forum/developers/extending-umbraco/2484-Members-and-Active-Directory-(How-to) (I can't believe the number of AD authentication questions recently!) The ActiveDirectoryMembershipProvider has all the functionality for doing complete CRUD against the AD user store, you'd just need to make sure that the site has enough permissions to your AD store to achieve this.
I wouldn't recommend it though, just saying that it's theoretically possible
thx for the replies, but I think I gave a poor description of my problem :) I'll try again!
I do not want to have CRUD functionality for AD users from umbraco. The users will be created and maintained in AD. All I want is to be able to use the Umbraco function "Public access" to hide some information for members in certain groups. I was under the impression that the users then had to be saved as members in umbraco. Is this not true?
I have created a customsync that checks what groups the logged on windowsuser(this is on terminal server) is member of, in ad, and then create this user, if he not already exists, as an member in umbraco, and assign group membership in umbraco. The groups are, for now, created manually in umbraco, with the same name as the AD group. This is because it's just a few groups that's relavant.
This is maybe not the "best practice", but it works :) The thing I want to do now is to autologin the member that correspond to the logged in windowsuser when he log on to the terminal server enviroment and browse the intranett. The username is the same in both AD and umbraco. I can get hold of the username and use:
m =
The las section got messed up:) :
Member.GetMemberFromLoginName(txtUserName);
So, my actual question is: Can I autologin this member, from code, so that the user does not have to do a seperate login to umbraco?
The backoffice users will be umbraco users, and have nothing to do with AD. At least for now :-)
You will need to add a membership provider to your web.config. This can help get you started: http://www.mortenbock.dk/setting-up-membership-in-umbraco-116.htm</span></span> as well as this http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx</span></span>. If you still want it connected to member groups in umbraco, you will need to write a custom membership provider then (because you will be checking against the AD Users and then logging into the umbraco Members). This forum thread is also really helpful: http://forum.umbraco.org/yaf_postst8294_using-LDAP-to-auto-authenticate-users-on-an-Intranet.aspx</span></span>.
is working on a reply...