I am linking the Umbraco CMS with a CRM system with online modules. Now all the online authenication is taken care of by the CRM system and it provides a .asp file where I can add code so it can be used to authenicate against umbraco.
Basically I need to make a member's area where I will have two generic users with two groups - registered users and members. Is there any standard package available for umbraco where I can pass on the authenication via url i.e. login.aspx?username=visitor&password=sambob so then the user can move between the CRM online pages and umbraco (restricted) member's pages in the one session??
It's never a good idea to pass a password (no pun intended) in the url especially in clear text. If you must pass it in the url perhaps combine the username/pass and encrypt the value and then decode within the login page. Or better yet, simply validate in the CRM and pass an encrypted value to indicate user has been authenticated and which user, and then the other system simply validates the user exists and logs them in.
Definately take a look at doing some base64 encoding on these strings if this is how you're intending on working the "single sign-on". Best case scenario is creating a handshake between the systems so that you have validate the user on both ends, then pass back a token (like Chris suggests) that validates the user and sets the session appropriately on the Umbraco end. Should be relatively simple to do assuming you have access to the API of the CRM.
Would either of you being happy to assist me with this? Happy to talk about costs with you as it seems relatively simple for you but not me!! I am relatively new with Umbraco. My Email is sam [AT] at hostbyte dot com
which CRM system are you using? Me and my office mate are currently relaunching our website with contact forms, newsletter signup and stuff that needs to be written to Microsoft CRM. We use the MS CRM web service interface to write to and read from CRM, so there is no hopping between pages served by CRM and pages served by umbraco. It's great, fast and quite secure (at least the web service interface of MS CRM is cool, MS CRM itself sucks).
User Authenication
Dear All,
I am linking the Umbraco CMS with a CRM system with online modules. Now all the online authenication is taken care of by the CRM system and it provides a .asp file where I can add code so it can be used to authenicate against umbraco.
Basically I need to make a member's area where I will have two generic users with two groups - registered users and members. Is there any standard package available for umbraco where I can pass on the authenication via url i.e. login.aspx?username=visitor&password=sambob so then the user can move between the CRM online pages and umbraco (restricted) member's pages in the one session??
Regards,
Sam
It's never a good idea to pass a password (no pun intended) in the url especially in clear text. If you must pass it in the url perhaps combine the username/pass and encrypt the value and then decode within the login page. Or better yet, simply validate in the CRM and pass an encrypted value to indicate user has been authenticated and which user, and then the other system simply validates the user exists and logs them in.
Or maybe try good old cookies.
Just my 2cents :)
-Chris
Definately take a look at doing some base64 encoding on these strings if this is how you're intending on working the "single sign-on". Best case scenario is creating a handshake between the systems so that you have validate the user on both ends, then pass back a token (like Chris suggests) that validates the user and sets the session appropriately on the Umbraco end. Should be relatively simple to do assuming you have access to the API of the CRM.
Happy coding.
Hi Nik or Chris,
Would either of you being happy to assist me with this? Happy to talk about costs with you as it seems relatively simple for you but not me!! I am relatively new with Umbraco. My Email is sam [AT] at hostbyte dot com
Regards,
Sam
Hi Sam,
which CRM system are you using? Me and my office mate are currently relaunching our website with contact forms, newsletter signup and stuff that needs to be written to Microsoft CRM. We use the MS CRM web service interface to write to and read from CRM, so there is no hopping between pages served by CRM and pages served by umbraco. It's great, fast and quite secure (at least the web service interface of MS CRM is cool, MS CRM itself sucks).
Cheers,
André
is working on a reply...