In EPiServer 4 I've created a custom authentication provider by simply creating a class with an event handler that is pointed out in the authentication provider chain in web.config. In this event handler I match the user against a customer specific user database and, if validated, I create a generic principal for that user.
The question is how I can achive this behaviour in CMS 5. Since CMS 5 is using the ASP.NET 2.0 built-in authentication provider model there are tons of information about this online but I cant find any hands-on examples. Anyone who has built one for EPiServer that can post an example?
Thanks in advance!
You simply create a new class and derive it from System.Web.Security.MembershipProvider, provide code to implement the abstract methods/properties needed (see below) and then configure it to be used through the Membership section in the web.config.
What methods/properties that are needed to implement depends a little on your requirements (and custom datasource capabilities), but in a membership in its simplest form that just supports login would need to implement the methods GetUser() and ValidateUser().
However, if you do throw NotImplentedExceptions on the other methods, those exceptions will be thrown if you try to use EPiServer's admin tools for managing users.
Thanks for your quick respond Johan, your answer was exactly what I was asking for. Unfortunately I got stuck anyway...
What I want to do is automatically logon Windows and Novell users on an intranet site. The Windows users are handled by the existing WindowsMembershipProvider but I dont now how to automatically login Novell users. Any ideas? I dont need to identify or gather any information about the Novell user since this is a temporary solution, the Novell users are to be moved to the Windows network. I simply want to create a "principal" based on the IP-address/computer name of the computer the user is logging in from making that computer a unique "user". Is this possible (or just insane...;)? Are there any better (read simplier) solutions?
Do you by "automatically" mean integrated windows authentication as opposed to forms login (e.g. users doesnt "see" a login prompt but are logged in right away using their windows credentials)
If so, Im afraid the answer would be no.
If you go with forms login, you could do pretty much whatever you want to authenticate users in your customprovider.