Adding option for users to register and login to my website

Vote:
 

I'm developing a website on soccer players in Episerver and I want my visitor to register (preferably in the future with Facebook, Google or Microsoft), login and manage a watchlist of their favorite players on my website. After reading a few docs I have four solutions to go for;

  • EPiServerProfile; this gives me a head start, still I don't know if I can ever use social logins?
  • Epi server commerce; this seems like overfitting the problem. I don't intent to sell anything. But maybe feature complete?
  • Use EPiServer.Cms.UI.AspNetIdentity; this allready got my cms account it so why not use this?
  • Build everthing custom and try to manage users; I like to do this but would take me along time and I want to manage the users in Epi server (Maybe descend from PageData?)

I'm a bit new to episerver so who is whiling to rate my solutions? 

#205374
Jul 09, 2019 13:53
Vote:
 

Hi,

Please refer the below blog post for creating custom logins using facebook and google oauth.

https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

Thanks

Ravindra

#205405
Jul 09, 2019 16:33
Vote:
 

I would also recommend the EPiServer.Cms.UI.AspNetIdentity. Because, as internally CMS accounts are also stored in the same table (dbo.AspNetUsers). Even if in future you install and use the commerce you can import your user into contacts using script.

And, the blog shared by Ravindra very well fits for your requirement.

Thanks

Praful

#205435
Jul 10, 2019 8:56
Vote:
 

Thanks Praful, one question.

Are there any security issues with combing the cms users and the website users in the same system? I can imagine that mixing these can give some website users more rights then they need.

#205439
Jul 10, 2019 10:00
Vote:
 

Hi Holden

The solution Ravindra points at supports both regular users (username and password), external users and linked users (those with password and external key).

All those users will be created in the same user table in the database, and are equal in terms of how they can be used. External-only users will get a NULL password and an external login key reference.

In the Episerver Admin section, you can then list and assign roles to them. And technically, if you choose to assign such backend rights to a user with an external claim, you will actually be able to login to Episerver with external OAuth providers, like Facebook or Github.

#205440
Jul 10, 2019 10:20
Vote:
 

Thanks Stefan, can you also explain what the purpose of EPiServerProfile is?

#205452
Jul 10, 2019 16:45
Vote:
 

I think the EPiServerProfile is for internal use (personalization) purpose and we should not mix it with the user managment. You can read more about it on developer guide

https://world.episerver.com/documentation/developer-guides/profile-store/

Thanks.

#205453
Jul 10, 2019 16:54
Vote:
 

Storing user extended profile in Profile store is only helpful if you want to do any personalisation on this data. 

#205456
Jul 10, 2019 20:27
Vote:
 

EpiserverProfile is used internally by Episerver to store some editor user preferences, like preferred language of the editor UI etc.

Historically, it has also been used for storing user metadata data (like first name, last name, time zone, company etc.) for Membership users.

You can still use it for this. Even with ASP.Net Identity available. But I prefer to extend the Identity SiteUser object with the custom properties I need.

In Commerce solutions, I always opt to add most of the custom user properties to the Contact entity type.

Performance-wise, beware that Contact objects are cached, but profile and Identity objects are not. So if you make a popular website with profile or Identity data, consider whether you need to look up and print the user's first name on all pages (for example). 😉

#205458
Jul 10, 2019 21:03