Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Aximili 177 posts 278 karma points
    May 31, 2011 @ 02:07
    Aximili
    0

    Custom member login

    Extending Umbraco

    I have some protected pages, where members have to login to view these pages.

    The problem is, I cannot use the Umbraco "Members" because I do not have access to the members, which are stored on an external system.

    All I can access is this API: OurExternalSystem.LoginIsValid(string username, string password)

    Any suggestion how to merge this with Umbraco pages? Thanks in advance.

    (I have no problem doing C# coding to manually authenticate as that's what I have been doing before trying out Umbraco)

    Copy Link
  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    May 31, 2011 @ 09:13
    Dirk De Grave
    0

    Hi Hardy,

    You should look into building your own membership provider, and override the ValidateUser() function to check the member's credentials against your external system. Doing so also makes it possible to use the standard asp.net login controls in your umbraco website.

    Depending on what other needs you have (eg getting member info, ...), you could inherit from the umbraco membership provider or inherit from the MembershipProvider class.

    Be aware that when using your own membership provider, your "members" section may become unusable!

    Don't forget to change the membership provider settings in web.config to use your own provider instead of umbraco's

    PS: Also deleted your second post :D

    Hope this helps.

    Regards,

    /Dirk

    Copy Link
  • Aximili 177 posts 278 karma points
    Jun 01, 2011 @ 03:24
    Aximili
    0

    Thanks a lot Dirk.

    It worked, on the login page, now I can login using the ExternalSystem authentication.

    However, when I go to the protected page, it is always still showing the login form, even though I am already logged in.

    This is my class

    public class MyMembershipProvider: umbraco.providers.members.UmbracoMembershipProvider
    {
      public override bool ValidateUser(string username, string password)
      {

          if(OurExternalSystem.LoginIsValid(username, password)
            return true;

        return base.ValidateUser(username, password);
      }
    }

    And in the web.config

        <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
          <providers>
            <clear/>
            <add name="UmbracoMembershipProvider" type="MyMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed"/>

    Copy Link
  • Aximili 177 posts 278 karma points
    Jun 01, 2011 @ 04:39
    Aximili
    0

    I think I know why the protected page is still showing the login form.

    Perhaps this has something to do with member group/role, which doesn't exist. How do we get around this, Dirk? Thank you :)

    Copy Link
  • Dirk De Grave 4541 posts 6021 karma points MVP 3x admin c-trib
    Jun 01, 2011 @ 09:26
    Dirk De Grave
    0

    Hi Hardy,

    Hmm, not sure what may be causing this... but here's a few things I'd change...

    - your ValidateUser() should only return the return value from OurExternalSystem.LoginIsValid()

    - a few props on your provider shouldn't be there as you've built your own (eg defaultMemberTypeAlias is umbraco specific)

    - may (as in - not sure if it will make a diff) need to change the name of the provider, something different from UmbracoMembershipProvider

    - may need to look into rolling your own RoleProvider to get roles to be set when protecting a specific area of the site.

     

    Hope this gets you closer to the solution.

    Btw, also deleted your obsolete posts.

    Cheers,

    /Dirk

    Copy Link
  • Aximili 177 posts 278 karma points
    Jun 02, 2011 @ 01:36
    Aximili
    0

    Thanks Dirk

    > a few props on your provider shouldn't be there as you've built your own (eg defaultMemberTypeAlias is umbraco specific)

    How do you delete properties...?
    But it doesn't really matter if we leave it, does it?

    The problem is that when I log in, I still can't view the protected page, so I think I need to do one of these 2:

    • Assign the user to a group/role after they login. But how and where (in what class/function) do you do it?
    • Protect a page in such a way so that it can be accessed if someone is logged in (regardless whether they are in a group/role). Is it even possible?

    I think your 4th point is trying to address this issue, but how do you roll your own RoleProvider and set the roles when protecting pages??
    Do you inherit some class and override some method, or...?

    Thanks again,
    Hardi

    Copy Link
  • Aximili 177 posts 278 karma points
    Jun 06, 2011 @ 06:48
    Aximili
    0

    Solution

    Create a new class MyMembershipProvider.cs:

    using System.Web.Security;

    public class MyMembershipProvider: umbraco.providers.members.UmbracoMembershipProvider
    {
      public override bool ValidateUser(string username, string password)
      {
        if (ExternalSystem.ValidateUser(username, password))
        {
          if (!base.ValidateUser(username, password))
            AddEditMemberToUmbraco(username, password);
          return true;
        }

        return false;
      }

      ///


      /// Add a Member to Umbraco or update the password if already exists.
      ///
      private void AddEditMemberToUmbraco(string username, string password)
      {
        const string DEFAULT_MEMBER_GROUP = "Active";

        MembershipUser member = Membership.GetUser(username);
        if (member == null)
        {
          member = Membership.CreateUser(username, password, "");
          Roles.AddUserToRole(member.UserName, DEFAULT_MEMBER_GROUP);
        }
        else // Member already exists, update password
          member.ChangePassword(member.GetPassword(), password);
      }
    }

     

    and in Web.config, change the type of UmbracoMembershipProvider to your class

        <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
          <providers>
            <clear/>
            <add name="UmbracoMembershipProvider" type="MyMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed"/>

     

    Copy Link
  • Nadia 45 posts 122 karma points
    Feb 14, 2013 @ 05:50
    Nadia
    0

    Hi,

    I have just implemented this solution. (using Umbraco 4.7)

    Web.config

    <membership defaultProvider="MFBMembershipProvider" userIsOnlineTimeWindow="15">

       <providers>

        <clear />

        <add enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" name="MFBMembershipProvider" type="Web.dev.app.MFBMembershipProvider" />

        <add enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" />

       </providers>

      </membership>

     

        public class MFBMembershipProvider : umbraco.providers.members.UmbracoMembershipProvider    

        {

         public override bool ValidateUser(string username, string password)

            {

                MFBIntegrationServiceClient client = new MFBIntegrationServiceClient();

                //validate from the MFB service

                AuthenticateContactResult authenticateUserResult = JavaScriptConvert.DeserializeObject<AuthenticateContactResult>(client.AuthenticateContact(username));

                //check that the passwords match

                //TODO hash the passwords

                if (authenticateUserResult._password.Trim() == password.Trim())

                {

                    if (!base.ValidateUser(username, password))

                    {  AddEditMemberToUmbraco(username, password);

                    }

                    return true;

                }

                else

                {

                    return false;   

                }

     

            }

     

            // Add a Member to Umbraco or update the password if already exists.

              /// 

              private void AddEditMemberToUmbraco(string username, string password)

              {

                const string DEFAULT_MEMBER_GROUP = "Active";

                MembershipUser member =Membership.GetUser(username);

                if (member == null)

                {        

                  member = Membership.CreateUser(username, password, "");

                  Roles.AddUserToRole(member.UserName, DEFAULT_MEMBER_GROUP);

                }

                else // Member already exists, update password

                  member.ChangePassword(member.GetPassword(), password);

              }

        }

     

    But I get the following error. Any ideas?

    Object reference not set to an instance of an object.


    Stack Trace: 

     
    [NullReferenceException: Object reference not set to an instance of an object.]
   umbraco.cms.businesslogic.Content.CreateContent(ContentType ct) +118
   umbraco.cms.businesslogic.member.Member.MakeNew(String Name, String LoginName, String Email, MemberType mbt, User u) +343
   umbraco.cms.businesslogic.member.Member.MakeNew(String Name, String Email, MemberType mbt, User u) +20
   umbraco.providers.members.UmbracoMembershipProvider.CreateUser(String username, String password, String email, String passwordQuestion, String passwordAnswer, Boolean isApproved, Object providerUserKey, MembershipCreateStatus& status) +157
   System.Web.Security.Membership.CreateUser(String username, String password, String email, String passwordQuestion, String passwordAnswer, Boolean isApproved, Object providerUserKey, MembershipCreateStatus& status) +207
   System.Web.Security.Membership.CreateUser(String username, String password, String email) +30
   Web.dev.app.MFBMembershipProvider.AddEditMemberToUmbraco(String username, String password) in C:\TFSCHCH\clients\MYFB01W1\Web\dev.app\MFBMembershipProvider.cs:58
   Web.dev.app.MFBMembershipProvider.ValidateUser(String username, String password) in C:\TFSCHCH\clients\MYFB01W1\Web\dev.app\MFBMembershipProvider.cs:18
   System.Web.Security.Membership.ValidateUser(String username, String password) +26
   Web.masterpages.Login.btnLogin_Click(Object sender, EventArgs e) in C:\TFSCHCH\clients\MYFB01W1\Web\masterpages\Login.master.cs:64
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +118
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +112
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563

    Copy Link
  • Harish 15 posts 74 karma points
    Dec 02, 2014 @ 11:29
    Harish
    0

    Hi , 

    when creating a member user in umbraco 6, an notification email, which contains username and password should be sent to the member user's email address, after creating member user.

    Is there any way I can do it. Thanks in advance.

    Many Thanks

    Harish 

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft