The Sitecore security framework is based on the .NET security. Managing Authentication, Authorization, User Accounts and Roles can be done using the standard System.Web.Security namespace.
But Sitecore also provides its own Security framework that you can use for easy manipulation of users and roles seen from a Sitecore perspective.
BASICS OF SITECORE SECURITY
There is 2 things you need to know about Security in Sitecore:
- Sitecore prefixes user names with a domain name. This is used to differentiate users between those with access to the Sitecore editor (domain: sitecore) and those with access to the Sitecore extranet (domain: extranet).
So when accessing Sitecore users from System.Web.Security, make sure you remember to ask for sitecore\admin, and not admin.
(Advanced Sitecore users know that you can create as many domains as you like). - In Sitecore there is no such thing as “not been logged in”. If you are not logged in, you will have a user called “extranet\Anonymous“.
This means that you will always have a user, no matter the context you are running in.
ENOUGH TALK, LETS CODE
Get a user from the domain name, user name and password:
using System.Linq;
using Sitecore.Common;
using Sitecore.Security;
using Sitecore.Security.Accounts;
namespace PT.Framework.NemLogin
{
public class UserRepository
{
/// <summary>
/// Gets the <see cref="Sitecore.Security.Accounts.User"/>.
/// </summary>
/// <param name="domainName">Name of the domain.</param>
/// <param name="userName">Name of the user.</param>
/// <param name="password">The password.</param>
/// <returns><see cref="Sitecore.Security.Accounts.User"/> if found or null if not found</returns>
public static User GetUser(string domainName, string userName, string password)
{
if (!System.Web.Security.Membership.ValidateUser(domainName + @"\" + userName, password))
return null;
if (User.Exists(domainName + @"\" + userName))
return User.FromName(domainName + @"\" + userName, true);
return null;
}
}
}
The above function demonstrates how you can use the System.Web.Security and the Sitecore.Security namespace simultaneously. The function first validates the user using standard .NET security, then uses the Sitecore namespace to get the user.
Login:
The following function will do a login of a specified user:
using Sitecore.Security.Accounts;
using Sitecore.Security.Authentication;
using Sitecore.Web.Authentication;
public static bool Login(string domainName, string userName, string password)
{
return AuthenticationManager.Login(domainName + @"\" + userName, password, false);
}
And this function will also do a login, but it utilizes the Sitecore TicketManager. The TicketManager manages persistent logins and is used to remember you when you log into the Sitecore backend:
public static bool Login(User user)
{
string ticketID = TicketManager.GetCurrentTicketId();
if (!string.IsNullOrEmpty(ticketID))
TicketManager.RemoveTicket(ticketID);
return AuthenticationManager.Login(user);
}
Managing Custom Properties on User Profiles:
This is an example on how to store custom data on a user profile, and later search for the user based on the value in the custom field:
#region
using System.Linq;
using Sitecore.Common;
using Sitecore.Security;
using Sitecore.Security.Accounts;
#endregion
namespace MyCode
{
public class UserRepository
{
public static User GetUserFromCustomField(string fieldName, string fieldValue)
{
IFilterable<User> allUsers = UserManager.GetUsers();
return allUsers.Where(user => user.Profile.GetCustomProperty(fieldName) == fieldValue).FirstOrDefault();
}
public static void SetCustomField(User user, string fieldName, string fieldValue)
{
UserProfile profile = user.Profile;
profile.SetCustomProperty(fieldName, fieldValue);
profile.Save();
}
}
}
Read more here:
- Sitecore Security API Cookbook – The essential reading
- Sitecore Membership Providers – The next book you will read
- Working with custom user profiles by Learn Sitecore
- Setting up a Sitecore Extranet by Mark Stiles
- Virtual Users in Sitecore 6 by iStern
- Setting up Security on Languages by briancaos
- Assigning Security to items by briancaos
Image may be NSFW.
Clik here to view.
Image may be NSFW.Clik here to view.
