External Authentication Module

« Return to Notes Listing

Author:JonK
Last Updated:August 29, 2017 1:31 PM

TitanCMS authenticates and authorizes through structures in the CMS database.  Some installations require authentication against an external source. This can be accomplished with the creation of an external authentication module. 

When an external authentication module is installed in the CMS, the user login process will first delegate to the external authentication module.  It is the responsibility of the external authentication module to verify the user and return an authentication status.  The module may also perform any synchronization with the CMS database that it deems necessary and it may also return a substitute user name and password for the CMS to use for all further authorization processes.  

The external authentication module must implement the IExternalAuthentication interface:

public interface IExternalAuthentication
{
    bool AuthenticateUser(int appID, ref string userCN, ref string password, bool isWorkstationLogin);
}

Notes:

  • userCN and password are passed by ref.  This allows the external module to provide a substitute account and/or password for use by the CMS.  The account that is returned must exist in the AD/AM database
  • The module is passed the current applicationID in situations where different applicationIDs may share the same external authentication module, but behave differently.
  • The module is passed a flag indicating whether this is a workstation login.  Some sites may only use external authentication for just the display or just the workstation.  This provides the opportunity to short-circuit based on the login source.
  • There is only one method in the interface—that of authenticating the user.  The single method returns only true/false.  It is the external module’s responsibility to perform any site-specific synchronization.  It is assumed that the module will make use of existing CMS web service and/or component calls.  Examples of external synchronizations that may be performed during the authentication request:
    • Sync-ing of the user’s groups with those within the CMS.
    • Auto creating accounts in the CMS for the user that is logging in.

 

Installation

To build and deploy an External Authentication Module

  • Create DLL for the module
    • The DLL will need to reference CmsSecurity.dll (found in the web service’s bin directory)
    • The DLL will need to contain a class that implements IExternalAuthentication
  • Deploy the DLL to the bin/customerBin directory of both the Wkst and Display web service directories.
  • Modify the following AppControl variables:
    • ExternalAuthenticationActive – set it to 1 to indicate that you are now using external authentication
    • ExternalAuthenticationDLL – set this to match your class within your DLL.
  • RefreshAppVars and reset your web services for the change to take place

 

top