My requirements include: Authenticate BackOffice users using Active Directory and ensure members log in via login form.
The first part I've managed and so when our Users access Umbraco back office, they see the standard Umbraco login form and authentication is via AD.
Now, when I implement forms authentication, any url (including Umbraco back office) gets our custom (member) login form presented. So it would appear that in my login controller, I need to discern if the user is going to the back office then authenticate them via AD and if the user is going to the web site, then authenticate them as a Member.
In order to use my ADUserManager to CheckPasswordAsync, I need to present a BackOfficeIdentityUser user object - problem I have is how do I find the user from their email login name from a SurfaceController i.e. is there a service which I can use for this or am I approaching this the wrong way?
Also, our Users would be happy with the current Umbraco backoffice login - is there a way to present this to Users and present the custom login form to Members?
Update: It would appear than when you have custom User authentication in place, that a call to UmbracoContext.Security.ValidateBackOfficeCredentials(model.Username, model.Password) does not appear to use your custom authentication mechanism, even though its wired up via the UmbracoCustomOwinStartup.
Also, a call to UmbracoContext.Security.GetBackOfficeMembershipUser() returns a MembershipUser object but I need a BackOfficeIdentityUser.
On a side-note, the naming conventions used here are really confusing. BackOffice 'clients' are Users and web site 'clients' are Members - that's fine. But there's too much cross naming which causes (certainly me) confusion e.g. Membership.ValidateUser (Whaaat?)
Login form for members hides Umbraco BackOffice login form.
My requirements include: Authenticate BackOffice users using Active Directory and ensure members log in via login form.
The first part I've managed and so when our Users access Umbraco back office, they see the standard Umbraco login form and authentication is via AD.
Now, when I implement forms authentication, any url (including Umbraco back office) gets our custom (member) login form presented. So it would appear that in my login controller, I need to discern if the user is going to the back office then authenticate them via AD and if the user is going to the web site, then authenticate them as a Member.
In order to use my ADUserManager to CheckPasswordAsync, I need to present a BackOfficeIdentityUser user object - problem I have is how do I find the user from their email login name from a SurfaceController i.e. is there a service which I can use for this or am I approaching this the wrong way?
Also, our Users would be happy with the current Umbraco backoffice login - is there a way to present this to Users and present the custom login form to Members?
Update: It would appear than when you have custom User authentication in place, that a call to UmbracoContext.Security.ValidateBackOfficeCredentials(model.Username, model.Password) does not appear to use your custom authentication mechanism, even though its wired up via the UmbracoCustomOwinStartup. Also, a call to UmbracoContext.Security.GetBackOfficeMembershipUser() returns a MembershipUser object but I need a BackOfficeIdentityUser.
On a side-note, the naming conventions used here are really confusing. BackOffice 'clients' are Users and web site 'clients' are Members - that's fine. But there's too much cross naming which causes (certainly me) confusion e.g. Membership.ValidateUser (Whaaat?)
is working on a reply...