Windows Authentication

Topics: General
Dec 16, 2010 at 7:59 PM

So I'm really digging this CMS but I was wanting to host our Intranet with it and we currently use Windows Authentication for identification.. In understand the need of forms auth of course but I already have SSO throughout 90% of my applications and to go to forms auth for this would be a step backwards.. Are there any plans to make authentication extensible or include a windows authentication feature?

Coordinator
Dec 16, 2010 at 9:52 PM

It's not on the immediate road map, but with very little code you should be able to get it. It haven't tried this in practice, but Composite C1 has a plug-in type called "Login Session Store" which is in charge of storing a user login. You can replace the default with one that returns the Windows authenticated username.

  1. Create a class that implement Composite.C1Console.Security.Plugins.LoginSessionStore.ILoginSessionStore - make ILoginSessionStore.StoredUsername return the current users windows login.
  2. Ensure that IIS force Windows Authentication on the /Composite folder 
  3. Edit /App_Data/Composite/Composite.config - search for "HttpContextBasedLoginSessionStore" which is the default login session sotre plug-in. Add a new element next to it with your new plugin and register it as the one in use on the parent element. Your XML should look something like this after the change:

      <Composite.C1Console.Security.Plugins.LoginSessionStoreConfiguration defaultProvider="WindowsAuth">
        <LoginSessionStore>
          <add name="AspNet" type="Composite.Plugins.Security.LoginSessionStores.HttpContextBasedLoginSessionStore.HttpContextBasedLoginSessionStore, Composite"/>
          <add name="WindowsAuth" type=" **Your type here** "/>
        </LoginSessionStore>
      </Composite.C1Console.Security.Plugins.LoginSessionStoreConfiguration>

Let me know if this works for you.

Marcus

Dec 17, 2010 at 10:18 PM

Thanks!! I'll give it a try soon!

Nov 10, 2011 at 4:33 PM

Potentially can the "Extranet" be something that Windows Authentication SSO could use as well? The reason I ask, is that Sales reps accessing the extranet. It would be nice if they could access the extranet while on the road with their network username and password.

What would be the best way to approach this? pass the values to a webservice and return a token?

To further complicate this, it would also be necessary to support Form-Auth for retailers.

 

Am I dreaming?

Nov 10, 2011 at 4:51 PM

not at all... i did this once and the trick is to send a challenge to the browser and see if it can give you the right credentials automatically. If it can, you just silently make the login on the users behalf, and if not you present the user with a normal form login page. In details you would send a 403 Code to the client, and the client will then send a Basic Authentication header back to you. In here the user credentials (name and password) is included and you just fetch that out, validate them, and if all goes okay they are just logged in - automatically.

This is a good article of how to do this in asp.net http://blog.smithfamily.dk/2008/08/27/ImplementingBasicAuthenticationInASPNET20.aspx

All browsers supports it and it usually just works http://en.wikipedia.org/wiki/Basic_access_authentication