I am working on a site for a client with high security requirements. They have a unified registrar, and everyone who visits the site must be registered there. I have access to all the data connections, etc., that are needed to validate my user when he tries to login.
I would recommend taking a look at the new 7.3 back-office SSO tools (yet to be released). They allow you to use third-party authentication (Google, Microsoft, etc).
I haven't had a chance to implement anything custom, but the demo at CodeGarden was compelling.
Security Question
I am working on a site for a client with high security requirements. They have a unified registrar, and everyone who visits the site must be registered there. I have access to all the data connections, etc., that are needed to validate my user when he tries to login.
We want out process to be:
User visits http://www.sitename.com/umbraco.
User is validated by external application as being a registered user at the central registrar app.
User is then validated as an Admin user within Umbraco.
My questions are--
In looking at the Umbraco project code, where would I go to find where a user is validated for Admin access?
Would it be accurate to think that I can add in my call to the external registration site at this point?
I look forward to your input. Thanks very much.
David Negley
David,
I would recommend taking a look at the new 7.3 back-office SSO tools (yet to be released). They allow you to use third-party authentication (Google, Microsoft, etc).
I haven't had a chance to implement anything custom, but the demo at CodeGarden was compelling.
Thanks, Jason
Thanks!
We are sort of making things happen by manipulating the web.config file for the MembershipProvider. But it isn't quite coming together, yet.
I will definitely check out version 7.3.
Unfortunately, our client requires SSO now, with version 7.2.6. "Wait a few months" is not a legitimate answer.
~David
Have you taken a look at some of the Active Directory packages? They may give you an idea of how you can swap out the provider.
is working on a reply...