External authentication needed! OpenID, Active DIrectory, LDAP, anyelse...

Hi all,
I was really surprise to see so little info about external authentication... I'm going to setup a nopCommerce eshop for a customer's intranet, available to employees only.
They use Windows authentication everywhere (based on Active Directory) and it's not acceptable ask them to login twice for the eshop only... all the other applications are fully integrated (from sharepoint portal to everything else).

I've seen in this forum few threads about OpenID and few questions about active directory integration but with no or no clear answers about.

SSO is the 1st step for using a good ecommerce system like nopCommerce in already existing environments.

I didn't see anything about in the roadmap...

can you please provide a clear answer about having external authentication available to nopCommerce?

PS: what I would do, it's implementing OpenID relay authentication (in this way it's very easy to build openid providers who take care of interfacing the rest of the world, from AD to social logins -using RPX for example-, Lotus Notes, etc.) and gathering from there all the customer info using oAuth protocol and oAuth extensions (in order to get name, email, home address, phone, etc. from the user profile available on the master service).

My 2 cents.

Thx bye, Matteo

I would also like the ability to login via Active Directory in my SharePoint 2010 implementation.  Is this possible?

Hi,

Check our services here:

http://sibertek.net/services.aspx.

Tell us your needs.

Authentication should really be dependency injectable / IoC-enabled plug-in scenario. But, just browsing the source code, it looks like what's implemented right now is just a plain-vanilla implementation of ASP.NET System.Web.Security.MembershipProvider, which as a Microsoft API happens to implement both profile management as well as Forms Authentication, implemented as NopSolutions.NopCommerce.BusinessLogic.Profile.StoreMembershipProvider. I believe you can theoretically roll your own by updating the /configuration/system.web/membership node in web.config with a reference to your own System.Web.Security.MembershipProvider implementation--being wary, of course, that a nopCommerce Customer object probably needs to be tightly bound to your membership implementation in order for nopCommerce to function correctly. However, I'm only a few hours (combined) exposed to nopCommerce and its source code, so can anyone confirm my assumptions?

We implemented. After logging in from Facebook (usng OAuth 2.0 or the Javascript SDK's FB.Login(), see http://developers.facebook.com/docs/reference/javascript/FB.Login), sync the auth token with the Customer (using custom DB schema additions), copy code from CustomerService.Login (removing password validation), and invoke:

FormsAuthentication.SetAuthCookie(customer.Username, false);

This was a little hacky perhaps but that's what I did.

Any updates on this?

It is currently a feature request. You can view the details of the feature request as well as vote for it here: http://nopcommerce.codeplex.com/workitem/7699.