I apologize if this has been answered before, but I have looked around and not found an answer.
I'm trying to implement authentication for protected pages on my website. I would prefer it to be similar to the [Authorize] attribute in ASP.NET MVC, wherein if a user requests a page that is protected, if he or she is not logged in, he is redirected to the login page, and so on.
Here's my problem: I need to use a third-party authentication service to log users in. This is somewhat similar to that used by StackOverflow and its ilk, in that a user is redirected to that particular site for authentication and redirected back to the original website once the authentication provider logs them in successfully. However, the protected pages are for certain members, not the general public. I can't use OpenID or any like providers for this to authenticate them; I must use a particular service, so an Open ID interface will not work.
My first thought was to use a custom Membership Provider. Then I realized that, since logging the user in requires redirection to another page, I did not know how to make that work. Then I thought I could add a handler to HttpApplication.PostRequestHandlerExecute, but then I realized that wouldn't be ideal because the page would have already executed. I'm not sure what other event I could use.
Does anyone have any idea how to go about this?
Thanks!
For reference: Umbraco 4.7.1, ASP.NET 4, Windows Server 2008, IIS 7
We did actually find a solution that seems to be working okay. If you still have a need for this I'll see if I can repost what we're doing; it's not as simple as a couple sentences, and it may not be the best way, but it seems fine for now.
Protect pages with third-party authentication
I apologize if this has been answered before, but I have looked around and not found an answer.
I'm trying to implement authentication for protected pages on my website. I would prefer it to be similar to the [Authorize] attribute in ASP.NET MVC, wherein if a user requests a page that is protected, if he or she is not logged in, he is redirected to the login page, and so on.
Here's my problem: I need to use a third-party authentication service to log users in. This is somewhat similar to that used by StackOverflow and its ilk, in that a user is redirected to that particular site for authentication and redirected back to the original website once the authentication provider logs them in successfully. However, the protected pages are for certain members, not the general public. I can't use OpenID or any like providers for this to authenticate them; I must use a particular service, so an Open ID interface will not work.
My first thought was to use a custom Membership Provider. Then I realized that, since logging the user in requires redirection to another page, I did not know how to make that work. Then I thought I could add a handler to HttpApplication.PostRequestHandlerExecute, but then I realized that wouldn't be ideal because the page would have already executed. I'm not sure what other event I could use.
Does anyone have any idea how to go about this?
Thanks!
For reference: Umbraco 4.7.1, ASP.NET 4, Windows Server 2008, IIS 7
Hi Andy,
Just wondering if you have had any luck with this? I am trying to do the something similar.
Before a user can access the Umbraco site, I want them to be authenticated through a third party application.
Let me know if you've had any success.
Angel,
We did actually find a solution that seems to be working okay. If you still have a need for this I'll see if I can repost what we're doing; it's not as simple as a couple sentences, and it may not be the best way, but it seems fine for now.
is working on a reply...