Hi,

I'm in the process of implementing forms authentication and need some help
with the concepts.

I've created a normal aspx (not a cms template file is this correct?) which
authenticated the username and password against a MS SQL db. This provides m
e
with an ASP authentication ticket / cookie (correct so far?)

From what i understand next i need to match the authenticated user against a
CMS roles? To do this i need to create a local account (machine not on a
domain) and using site manager etc add this local account to a CMS rights
role? Does the local account need to be a user account or could it be a
security group? if so do i need to create a local account for every user or
just for everytype of user e.g cms_moderator, cms_editor etc?

Think i'm semi ok so far. So in my MS SQL db do i add another column stating
which local account the user should be associated with? The next steps
confuse me greatly.... authorizing the user on the cms etc.

Are there any code examples of a completed login? i have the books but they
only go part way.

Any help would be great.

Thanks,

Michael

[ Post a follow-up to this message ]

Hi Michael,

yes you need to have a user account for this. A security group does not work
as the user will be impersonated (similar to a logon) when you are using it.
Check out the "custom authentication" section in the MCMS documenation. It
covers your scenario.

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
----------------------


"drazic19" <drazic19@discussions.microsoft.com> wrote in message
news:F81698E8-9A6C-4C44-BB20-ED4D77351F61@microsoft.com...
> Hi,
>
> I'm in the process of implementing forms authentication and need some help
> with the concepts.
>
> I've created a normal aspx (not a cms template file is this correct?)
> which
> authenticated the username and password against a MS SQL db. This provides
> me
> with an ASP authentication ticket / cookie (correct so far?)
>
> From what i understand next i need to match the authenticated user against
> a
> CMS roles? To do this i need to create a local account (machine not on a
> domain) and using site manager etc add this local account to a CMS rights
> role? Does the local account need to be a user account or could it be a
> security group? if so do i need to create a local account for every user
> or
> just for everytype of user e.g cms_moderator, cms_editor etc?
>
> Think i'm semi ok so far. So in my MS SQL db do i add another column
> stating
> which local account the user should be associated with? The next steps
> confuse me greatly.... authorizing the user on the cms etc.
>
> Are there any code examples of a completed login? i have the books but
> they
> only go part way.
>
> Any help would be great.
>
> Thanks,
>
> Michael

[ Post a follow-up to this message ]

Hi Stefan et al,

I'm sorry but i'm just not getting the non windows authentication. So far i
have this:

If field = True Then 'flag to check if username and password are not
null

If FormsAuthentication.Authenticate(txtUsername.Text,
txtPassword.Text) Then
lblMessage.Text = "Forms Authentication complete - "
'FormsAuthentication.RedirectFromLoginPage(txtUsername.Text,
chkPersistLogin.Checked)
lblMessage.Text += User.Identity.Name
Exit Sub ' remove after testing

Dim ticket As CmsAuthenticationTicket

Dim fulluser As String
Dim domain As String = Environment.MachineName
Dim username As String = "cms_editor"
Dim password As String = "editor"

fulluser = "WinNT://" + domain + "/" + username

ticket = CmsFormsAuthentication.AuthenticateAsUser(username,
password)


If Not (ticket Is Nothing) Then
Dim strReturnUrl As String =
Request.QueryString("ReturnUrl")
CmsFormsAuthentication.SetAuthCookie(ticket, True, False)
Dim strUrl As StringBuilder = New StringBuilder
strUrl.Append("http://")
strUrl.Append(Environment.MachineName)
strUrl.Append(strReturnUrl)
Response.Redirect(strUrl.ToString)
Else
lblMessage.Text = "Your username or password are
incorrect. Please re-enter your username and password."
End If
Else
lblMessage.Text = "Your username or password are incorrect.
Please re-enter your username and password."
Exit Sub
End If

End If

This checks the user in the web.config file using Forms authentication,
therefore the're authenticated, not i don't get how to match them to a local
windows acocunt to further authorize them with the cms, without hard coding
as above, ideally i'd like my mssql db to hold uID | username | password |
cms_rights_group

is this possible if so how. the cms documentation is flaky and incomplete,
with several key parts missing. Sorry to be a pain.

Thanks for the help.

Michael

"Stefan [MSFT]" wrote:

> Hi Michael,
>
> yes you need to have a user account for this. A security group does not wo
rk
> as the user will be impersonated (similar to a logon) when you are using i
t.
> Check out the "custom authentication" section in the MCMS documenation. It
> covers your scenario.
>
> Cheers,
> Stefan
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights
>
> New to MCMS?
> Check out this book: Building Websites Using MCMS: [url]http://tinyurl.com/6zj44[/url
]
> ----------------------
>
>
> "drazic19" <drazic19@discussions.microsoft.com> wrote in message
> news:F81698E8-9A6C-4C44-BB20-ED4D77351F61@microsoft.com... 
>
>
>

[ Post a follow-up to this message ]

Hi Michael,

yes you need to implement a mapping table.
I would suggest to create a table that holds the authentication user in one
row and the authorization user and password in two additional rows.

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
----------------------


"drazic19" <drazic19@discussions.microsoft.com> wrote in message
news:0BFB1026-C18D-4F56-B64D-D9735DAA33C7@microsoft.com...[vbcol=seagreen]
> Hi Stefan et al,
>
> I'm sorry but i'm just not getting the non windows authentication. So far
> i
> have this:
>
>        If field = True Then 'flag to check if username and password are
> not
> null
>
>            If FormsAuthentication.Authenticate(txtUsername.Text,
> txtPassword.Text) Then
>                lblMessage.Text = "Forms Authentication complete - "
>
> 'FormsAuthentication.RedirectFromLoginPage(txtUsername.Text,
> chkPersistLogin.Checked)
>                lblMessage.Text += User.Identity.Name
>                Exit Sub ' remove after testing
>
>                Dim ticket As CmsAuthenticationTicket
>
>                Dim fulluser As String
>                Dim domain As String = Environment.MachineName
>                Dim username As String = "cms_editor"
>                Dim password As String = "editor"
>
>                fulluser = "WinNT://" + domain + "/" + username
>
>                ticket =
> CmsFormsAuthentication.AuthenticateAsUser(username,
> password)
>
>
>                If Not (ticket Is Nothing) Then
>                    Dim strReturnUrl As String =
> Request.QueryString("ReturnUrl")
>                    CmsFormsAuthentication.SetAuthCookie(ticket, True,
> False)
>                    Dim strUrl As StringBuilder = New StringBuilder
>                    strUrl.Append("http://")
>                    strUrl.Append(Environment.MachineName)
>                    strUrl.Append(strReturnUrl)
>                    Response.Redirect(strUrl.ToString)
>                Else
>                    lblMessage.Text = "Your username or password are
> incorrect. Please re-enter your username and password."
>                End If
>            Else
>                lblMessage.Text = "Your username or password are incorrect.
> Please re-enter your username and password."
>                Exit Sub
>            End If
>
>        End If
>
> This checks the user in the web.config file using Forms authentication,
> therefore the're authenticated, not i don't get how to match them to a
> local
> windows acocunt to further authorize them with the cms, without hard
> coding
> as above, ideally i'd like my mssql db to hold uID | username | password |
> cms_rights_group
>
> is this possible if so how. the cms documentation is flaky and incomplete,
> with several key parts missing. Sorry to be a pain.
>
> Thanks for the help.
>
> Michael
>
> "Stefan [MSFT]" wrote:
> 

[ Post a follow-up to this message ]

Hi Stefan,

Got my head round the whole concept of authentication / authorization now
and beginning to implement it. The "custom authentication" section of the
help did help a lot, could you just clarify a single line of code for me:

CmsFormsAuthentication.AuthenticateAsUser(serverAccountName,
serverAccountPassword, clientAccountName, clientAccountType)

For each of the parameters what is it looking for? i.e.

what is the serverAccountName? my local user i created e.g.
NT:\\localcomputer\auser

serverAccountPassword? the local password for the above account?

clientAccountName? no idea

clientAccountType? no idea

Any help would be good. Also once i've got this all sorted and out the way i
wish to write a how to for people like myself on this, wheres best for this?

Thanks,

Michael

"Stefan [MSFT]" wrote:

> Hi Michael,
>
> yes you need to implement a mapping table.
> I would suggest to create a table that holds the authentication user in on
e
> row and the authorization user and password in two additional rows.
>
> Cheers,
> Stefan
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights
>
> New to MCMS?
> Check out this book: Building Websites Using MCMS: [url]http://tinyurl.com/6zj44[/url
]
> ----------------------
>
>
> "drazic19" <drazic19@discussions.microsoft.com> wrote in message
> news:0BFB1026-C18D-4F56-B64D-D9735DAA33C7@microsoft.com... 
>
>
>

[ Post a follow-up to this message ]

Hi Michael,

server account name and password is the NT/AD account you created for
mapping.
The client account name can be anything you like - usually the original
incoming account.
So your code can see both: the original user using
CmsHttpContext.Current.User.ClientAccountName and the mapped account:
CmsHttpContext.Current.User.ServerAccountName

Client account type is also just another string and can be null or anything
you like to give additional information to your code and can be retrieved
using CmsHttpContext.Current.User.ClientAccountType.

Cheers,
Stefan

--
This posting is provided "AS IS" with no warranties, and confers no rights

New to MCMS?
Check out this book: Building Websites Using MCMS: http://tinyurl.com/6zj44
----------------------


"drazic19" <drazic19@discussions.microsoft.com> wrote in message
news:85269B8E-970C-4431-BBAE-1A6074AAF184@microsoft.com...[vbcol=seagreen]
> Hi Stefan,
>
> Got my head round the whole concept of authentication / authorization now
> and beginning to implement it. The "custom authentication" section of the
> help did help a lot, could you just clarify a single line of code for me:
>
> CmsFormsAuthentication.AuthenticateAsUser(serverAccountName,
> serverAccountPassword, clientAccountName, clientAccountType)
>
> For each of the parameters what is it looking for? i.e.
>
> what is the serverAccountName? my local user i created e.g.
> NT:\\localcomputer\auser
>
> serverAccountPassword? the local password for the above account?
>
> clientAccountName? no idea
>
> clientAccountType? no idea
>
> Any help would be good. Also once i've got this all sorted and out the way
> i
> wish to write a how to for people like myself on this, wheres best for
> this?
>
> Thanks,
>
> Michael
>
> "Stefan [MSFT]" wrote:
> 

[ Post a follow-up to this message ]