MembershipProvider and oAuth to login into Umbraco backend
Hi all,
I am trying to get the UsersMembershipProvider to validate against a (external) webservice. This way I can make a single login system based on oAuth (which is provided by my client) where Umbraco is using the accounts of another (external) CMS-system to validate users against.
To make it clear: I am talking about the login into the umbraco CMS here... so not to be confused with members of the website. Users that are already logged in into the clients CMS should be (with a click on a menu-button) automatically loggin in into Umbraco by using the oAuth protocol.
Now I have it pretty much working, but I still need to do adminitration of users in Umbraco, as it seems that there the membershipprovider is not used...
So I would like to validate if my approach is correct... this is how it works now:
Step 1: implement a membership provider which inherits umbraco.providers.UsersMembershipProvider Step 2: implement an aspx which accepts an oAuth token and validates it against the other CMS returning true or false AND the roles the user has. Step 3: use the roles from the webservice to work with umbraco
If I look into the source of /umbraco/login.aspx.cs the following code is there:
protected void Button1_Click(object sender, System.EventArgs e) { // Authenticate users by using the provider specified in umbracoSettings.config if (Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser(lname.Text, passw.Text)) { if (Membership.Providers[UmbracoSettings.DefaultBackofficeProvider] is ActiveDirectoryMembershipProvider) ActiveDirectoryMapping(lname.Text, Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].GetUser(lname.Text, false).Email);
BusinessLogic.User u = new User(lname.Text); doLogin(u);
...
I would expect that it is possible to have no user administration in umbraco, because it is already in the other CMS. But somehow I am overlooking it. My solution now is to have atleast a username for each account in the other CMS to be duplicated in Umbraco. In my opinion not a very robust way (double administration you know)...
My code looks like this (pseudo)
protected void Page_Load(object sender, EventArgs e) { // use the oAuth request parameters to validate against the 3rdPartyCms webservice myUser = GetUserDetailsFromoAuth();
if (Membership.Providers["UsersMembershipProvider"].ValidateUser(myUser.userName, userPassword)) { umbracoUsername = convert3rdPartyCmsUser(); umbraco.BusinessLogic.User u = new User(umbracoUsername); doLogin(u);
Did you manage to improve it lately? I need to use oAuth with Umbraco. It would be appreciated if you could give me some more directions with some working code.
MembershipProvider and oAuth to login into Umbraco backend
Hi all,
I am trying to get the UsersMembershipProvider to validate against a (external) webservice. This way I can make a single login system based on oAuth (which is provided by my client) where Umbraco is using the accounts of another (external) CMS-system to validate users against.
To make it clear: I am talking about the login into the umbraco CMS here... so not to be confused with members of the website.
Users that are already logged in into the clients CMS should be (with a click on a menu-button) automatically loggin in into Umbraco by using the oAuth protocol.
Now I have it pretty much working, but I still need to do adminitration of users in Umbraco, as it seems that there the membershipprovider is not used...
So I would like to validate if my approach is correct... this is how it works now:
Step 1: implement a membership provider which inherits umbraco.providers.UsersMembershipProvider
Step 2: implement an aspx which accepts an oAuth token and validates it against the other CMS returning true or false AND the roles the user has.
Step 3: use the roles from the webservice to work with umbraco
If I look into the source of /umbraco/login.aspx.cs the following code is there:
I would expect that it is possible to have no user administration in umbraco, because it is already in the other CMS. But somehow I am overlooking it. My solution now is to have atleast a username for each account in the other CMS to be duplicated in Umbraco. In my opinion not a very robust way (double administration you know)...
My code looks like this (pseudo)
Any ideas on to improve this?
Nico
Hi,
Did you manage to improve it lately? I need to use oAuth with Umbraco. It would be appreciated if you could give me some more directions with some working code.
Thanks a lot.
is working on a reply...