Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • David Negley 9 posts 51 karma points
    Jun 29, 2015 @ 15:42
    David Negley
    0

    Security Question

    I am working on a site for a client with high security requirements. They have a unified registrar, and everyone who visits the site must be registered there. I have access to all the data connections, etc., that are needed to validate my user when he tries to login.

    We want out process to be:

    1. User visits http://www.sitename.com/umbraco.

    2. User is validated by external application as being a registered user at the central registrar app.

    3. User is then validated as an Admin user within Umbraco.

    My questions are--

    1. In looking at the Umbraco project code, where would I go to find where a user is validated for Admin access?

    2. Would it be accurate to think that I can add in my call to the external registration site at this point?

    I look forward to your input. Thanks very much.

    David Negley

  • Jason Prothero 422 posts 1243 karma points MVP c-trib
    Jul 01, 2015 @ 19:57
    Jason Prothero
    100

    David,

    I would recommend taking a look at the new 7.3 back-office SSO tools (yet to be released). They allow you to use third-party authentication (Google, Microsoft, etc).

    I haven't had a chance to implement anything custom, but the demo at CodeGarden was compelling.

    Thanks, Jason

  • David Negley 9 posts 51 karma points
    Jul 01, 2015 @ 21:47
    David Negley
    1

    Thanks!

    We are sort of making things happen by manipulating the web.config file for the MembershipProvider. But it isn't quite coming together, yet.

    I will definitely check out version 7.3.

    Unfortunately, our client requires SSO now, with version 7.2.6. "Wait a few months" is not a legitimate answer.

    ~David

  • Jason Prothero 422 posts 1243 karma points MVP c-trib
    Jul 01, 2015 @ 21:51
    Jason Prothero
    0

    Have you taken a look at some of the Active Directory packages? They may give you an idea of how you can swap out the provider.

Please Sign in or register to post replies

Write your reply to:

Draft