I’m trying to implement a really really simple MembershipProvider for sitecore, but i’m not sure if it’s too simple to actually work. Basically we already have a custom store for user data so i know that a customer MembershipProvider is the way to go. However my app will not log anyone in, a different part of the system is responsible for that. Also, it doesn’t care who exactly is logged in, just whether they are or aren’t (the who part is irrelevant in the content area of my site).
So what is the best way to go about this? I am passed a token in the HTTP header which allows me to identify whether someone is logged in or not (i could even use this to actually find out who the customer is if i so wished) – don’t worry it’s encrypted.
I’ve read through the sitecore docs but they all deal with full implementations of MembershipProviders.
So is it possible to actually have a membership provider that does only this i.e. returns either a user to signify being logged or an “anonymous” user for those who are logged out? it need not be concerned with anything else – password reset, look up users by email and all that jazz.
Thanks,
Nick
EDIT: with the help of Jens below i have eschewed a full-blown MembershipProvider in favour of a more lightweight approach.
this is what i have so far, the problem being that users are not kept logged in over multiple requests.
public class TokenLogin : HttpRequestProcessor
{
#region Overrides of HttpRequestProcessor
/// <summary>
/// Processes the specified args.
/// </summary>
/// <param name="args">The args.</param>
public override void Process(HttpRequestArgs args)
{
var customer = SomeCodeToParseAndValidateToken();
//customer is null if token is invalid or missing
if(customer == null || Sitecore.Context.User.IsAuthenticated) return;
CreateVirtualUser(customer);
}
private static void CreateVirtualUser(CustomerAccount customer)
{
string userName = "extranet\\" + customer.CustomerAccountId;
User userItem = AuthenticationManager.BuildVirtualUser(userName, true);
userItem.Profile.Initialize(userName, true);
userItem.Profile.Save();
AuthenticationManager.Login(userItem.Name);
}
#endregion
}
Implementing a membershipprovider is a lot of work for what you seem to need. If I were you I would implement a scenario, where you create a virtual user everytime someone needs to be logged in.
So the logic would be to check if a user has your token, then create a virtual user, log the virtual user in and you should be good to go.
Here is a guide on the virual user thingie: http://sdn.sitecore.net/Articles/Security/Faking%20user%20roles/Virtual%20user.aspx
EDIT: The code in the link is depricated. Here is how you add virtual users:
EDIT 2: I have the following code:
This outputs the following the first time I hit the frontend:
extranet\Anonymous
False
extranet\jenneren
True
And the second time I hit the frontend I get:
extranet\jenneren
True
extranet\jenneren
True
So it should work.
Cheers
Jens