Single Sign On for Sitecore CMS websites using Virtual Users.

Many times we have a central repository like an external database, Salesforce CRM, Microsoft Dynamics CRM, etc and we need to authenticate users against those external systems before allowing them to access secured data like media items, pdf’s, etc hosted on Sitecore website, this can be achieved by creating virtual users in Sitecore.

For this to happen the user needs to be an extranet user in Sitecore, to avoid adding thousands of such users as extranet users in Sitecore a better approach is to create a virtual user. Once the virtual user is created you can authenticate the user against any external system using there API’s, after the user is authenticated using external system we can create a Sitecore virtual user using Sitecore Security API’s. We can also make the virtual users members of different Sitecore roles and control there access using access rights.

Code snippet for creating virtual users is as follows:-

Sitecore.Security.Accounts.User user =  Sitecore.Security.Authentication.AuthenticationManager.BuildVirtualUser(@”domain\user”,true);

The above code snippet most preferably should be used in the login method of your login form after authenticating the user against external system.

Code snippet for Logging in virtual users:-

Note: By default Sitecore does not honor the expiration timeout value when using AuthenticationManager.Login(string userName). To enforce this and avoid having untold numbers of Virtual Users being orphaned in Sitecore you need to implement the fix detailed here: http://webcmd.wordpress.com/2012/03/07/sitecore-setting-timeout-on-a-virtual-user/

Code snippet for logging out and deleting the virtual users:-

Sitecore.Security.Authentication.AuthenticationManager.Logout();

VirtualUser.User.Delete();

 

The above code snippet should be a part logout method depending on your logic.

References:-

  1. http://sdn.sitecore.net/upload/sitecore6/62/security_api_cookbook_sc60-62-a4.pdf
  2. http://www.sitecore.net/Community/Technical-Blogs/John-West-Sitecore-Blog/Posts/2011/08/Authentication-Options-with-the-Sitecore-ASPNET-CMS.aspx
  3. http://webcmd.wordpress.com/2012/03/07/sitecore-setting-timeout-on-a-virtual-user/

 

 

One thought on “Single Sign On for Sitecore CMS websites using Virtual Users.

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: