We have an existing asp.net app that uses the standard asp.net role membership provide to user authentication.
We are about to implement a new site using nop and would like to configure NOP to use the existing tables for authentication so users can login using those credentials.
What is the correct approach to acheive this?
1. Writing an additional external authroizer
2. Writing another open authroizer provider
3. Some other mechanism.
Has anyone tried to do this before?
Cheers
Using standard asp.net role membership tables for authentication
- 25
- 135
- 22/3/2010
- United States
It appears that you haven't had any contributions to your questions. I have all of the same questions. Maybe my posting will help bubble this up.
(1) Is it even possible to utilize a membership database outside of the nopCommerce database?
(2) Does it require significant work to achieve this or is it as simple as changing web.config connection string information or has the membership provider been modified for use in nopCommerce?
Thanks!
Lynn
(1) Is it even possible to utilize a membership database outside of the nopCommerce database?
(2) Does it require significant work to achieve this or is it as simple as changing web.config connection string information or has the membership provider been modified for use in nopCommerce?
Thanks!
Lynn
- 657
- 7576
- 10/8/2011
- United States
LLahman wrote:
Because the source is available and because many best practices were followed it is possible to use an external membership provider. However, I wouldn't recommend using the custom membership provider as your basis for authentication. I think this increases the potential that you will no longer be able to take advantage of free work being done in future releases of nopCommerce.
So if I were in this position what I would do is extend the current authentication/authorization provider so that if a user is not found in the nopCommerce database it will attempt (via web services or some other loose coupling) to find the user in the legacy database and create an account in the nopCommerce database based on that information (if the user provided correct information).
Switching out the providers is going to be much more involved than synchronizing credential records.
It appears that you haven't had any contributions to your questions. I have all of the same questions. Maybe my posting will help bubble this up.
(1) Is it even possible to utilize a membership database outside of the nopCommerce database?
(2) Does it require significant work to achieve this or is it as simple as changing web.config connection string information or has the membership provider been modified for use in nopCommerce?
Thanks!
Lynn
(1) Is it even possible to utilize a membership database outside of the nopCommerce database?
(2) Does it require significant work to achieve this or is it as simple as changing web.config connection string information or has the membership provider been modified for use in nopCommerce?
Thanks!
Lynn
Because the source is available and because many best practices were followed it is possible to use an external membership provider. However, I wouldn't recommend using the custom membership provider as your basis for authentication. I think this increases the potential that you will no longer be able to take advantage of free work being done in future releases of nopCommerce.
So if I were in this position what I would do is extend the current authentication/authorization provider so that if a user is not found in the nopCommerce database it will attempt (via web services or some other loose coupling) to find the user in the legacy database and create an account in the nopCommerce database based on that information (if the user provided correct information).
Switching out the providers is going to be much more involved than synchronizing credential records.
- 2
- 20
- 9/3/2012
- Germany
Hi,
I purchased the doc. Sadly, it is not for developers, and I don't see anywhere that handles authentication integration.
I believe I see where to handle this. I just need to encapsulate the:
CustomerRegistrationService.cs
public virtual CustomerRegistrationResult RegisterCustomer(CustomerRegistrationRequest request)
in a protected WCF service and call it when a new user is registered in my ASP.NET/MVC3 application (which uses the std ASP.NET Auth DB). The thing I'm not sure about is how to handle the password, since the ASP.NET AUTH DBs handle this behind the scenes:
Here is the code from CustomerRegistrationServices.cs:RegisterCustomer
switch (request.PasswordFormat)
{
case PasswordFormat.Clear:
{
request.Customer.Password = request.Password;
}
break;
case PasswordFormat.Encrypted:
{
request.Customer.Password = _encryptionService.EncryptText(request.Password);
}
break;
case PasswordFormat.Hashed:
{
string saltKey = _encryptionService.CreateSaltKey(5);
request.Customer.PasswordSalt = saltKey;
request.Customer.Password = _encryptionService.CreatePasswordHash(request.Password, saltKey, _customerSettings.HashedPasswordFormat);
}
break;
default:
break;
}
---
Can I pass in the encrypted password from the ASP.NET AUTH DB? Will this enable the user to log into nopCommerce (stand alone) using same password?
And what do I do when the user comes back: I'd use FormsAuthenticationService.cs, but what do I provide as password, the encrypted one again?? I certainly can't add a user to nopCommers without a password?
I've integrated several apps via WCF that use a common ASP.NET AUTH DB, but since the nopCommerce user DB is different, it is hard to know what will work. Any tips?
Thanks!
R
I purchased the doc. Sadly, it is not for developers, and I don't see anywhere that handles authentication integration.
I believe I see where to handle this. I just need to encapsulate the:
CustomerRegistrationService.cs
public virtual CustomerRegistrationResult RegisterCustomer(CustomerRegistrationRequest request)
in a protected WCF service and call it when a new user is registered in my ASP.NET/MVC3 application (which uses the std ASP.NET Auth DB). The thing I'm not sure about is how to handle the password, since the ASP.NET AUTH DBs handle this behind the scenes:
Here is the code from CustomerRegistrationServices.cs:RegisterCustomer
switch (request.PasswordFormat)
{
case PasswordFormat.Clear:
{
request.Customer.Password = request.Password;
}
break;
case PasswordFormat.Encrypted:
{
request.Customer.Password = _encryptionService.EncryptText(request.Password);
}
break;
case PasswordFormat.Hashed:
{
string saltKey = _encryptionService.CreateSaltKey(5);
request.Customer.PasswordSalt = saltKey;
request.Customer.Password = _encryptionService.CreatePasswordHash(request.Password, saltKey, _customerSettings.HashedPasswordFormat);
}
break;
default:
break;
}
---
Can I pass in the encrypted password from the ASP.NET AUTH DB? Will this enable the user to log into nopCommerce (stand alone) using same password?
And what do I do when the user comes back: I'd use FormsAuthenticationService.cs, but what do I provide as password, the encrypted one again?? I certainly can't add a user to nopCommers without a password?
I've integrated several apps via WCF that use a common ASP.NET AUTH DB, but since the nopCommerce user DB is different, it is hard to know what will work. Any tips?
Thanks!
R