hi,
woul be great if there was some "How to code my own ExternalAuth" documentation, just like:
https://www.nopcommerce.com/docs/76/how-to-code-my-own-payment-method.aspx
For example, I want to be able to share users/logins between a DotNetNuke website and a nopCommerce shop.
Would this be possible using a custom ExternalAuth plugin? (or is that just suited for OAuth based verification methods?)
Thanks!
How to code my own ExternalAuth documentation?
MVP
- 2128
- 19233
- 6/11/2009
- Malaysia
rudgr wrote:
The best documentation is the source code! Have you had a look at the one of the External Auth plugins?
hi,
woul be great if there was some "How to code my own ExternalAuth" documentation, just like:
https://www.nopcommerce.com/docs/76/how-to-code-my-own-payment-method.aspx
For example, I want to be able to share users/logins between a DotNetNuke website and a nopCommerce shop.
Would this be possible using a custom ExternalAuth plugin? (or is that just suited for OAuth based verification methods?)
Thanks!
woul be great if there was some "How to code my own ExternalAuth" documentation, just like:
https://www.nopcommerce.com/docs/76/how-to-code-my-own-payment-method.aspx
For example, I want to be able to share users/logins between a DotNetNuke website and a nopCommerce shop.
Would this be possible using a custom ExternalAuth plugin? (or is that just suited for OAuth based verification methods?)
Thanks!
The best documentation is the source code! Have you had a look at the one of the External Auth plugins?
MVP
- 2128
- 19233
- 6/11/2009
- Malaysia
rudgr wrote:
If you have a look at the Nop.Plugin.ExternalAuth.OpenId plugin, you'll see that 'IExternalAuthenticationMethod' actually does nothing more than assigning an Action for the external login button. Then if we look at the 'PublicInfo' Action method (in ExternalAuthOpenIdController), there is this line:
Then if we look at OpenIdProviderAuthorizer.Authorize() method, you can see there is a call to '_authorizer.Authorize()' which then brings us to ExternalAuthorizer.Authorize() method. In that method, we can see there is these lines:
Which means the method that actually log your user in is the _authenticationService.SignIn() method.
In other words, we can safely say that, whatever the case is, as long as we call AuthenticationService.SignIn(), we'll be able to actually sign a user in. The ExternalAuth plugin is just a helper method to do the verification on the 3rd party side (to verify user existence in the 3rd party side). But once the identity is confirmed on the 3rd party side, the method that actually logs the user in is AuthenticationService.SignIn(). Knowing this allows us to do anything we want to do! :D
yeah, you're absolutely right! I looked in source code, just wanted to check if I could use ExternalAuth also for non-oAuth based authentication methods.
If you have a look at the Nop.Plugin.ExternalAuth.OpenId plugin, you'll see that 'IExternalAuthenticationMethod' actually does nothing more than assigning an Action for the external login button. Then if we look at the 'PublicInfo' Action method (in ExternalAuthOpenIdController), there is this line:
_openIdProviderAuthorizer.Authorize(returnUrl);
Then if we look at OpenIdProviderAuthorizer.Authorize() method, you can see there is a call to '_authorizer.Authorize()' which then brings us to ExternalAuthorizer.Authorize() method. In that method, we can see there is these lines:
//migrate shopping cart
_shoppingCartService.MigrateShoppingCart(_workContext.CurrentCustomer, userFound ?? userLoggedIn);
//authenticate
_authenticationService.SignIn(userFound ?? userLoggedIn, false);
//activity log
_customerActivityService.InsertActivity("PublicStore.Login", _localizationService.GetResource("ActivityLog.PublicStore.Login"),
userFound ?? userLoggedIn);
Which means the method that actually log your user in is the _authenticationService.SignIn() method.
In other words, we can safely say that, whatever the case is, as long as we call AuthenticationService.SignIn(), we'll be able to actually sign a user in. The ExternalAuth plugin is just a helper method to do the verification on the 3rd party side (to verify user existence in the 3rd party side). But once the identity is confirmed on the 3rd party side, the method that actually logs the user in is AuthenticationService.SignIn(). Knowing this allows us to do anything we want to do! :D
- 1
- 15
- 9/1/2014
- France
Following your indication, I've successfully implemented my own external authentication plugin.
I've written (quickly, sorry for my bad english) an article about how to do it. source code is also available.
you can find it on my blog: http://predicatet.blogspot.fr/2014/01/nopcommerce-how-to-code-my-own.html
I've written (quickly, sorry for my bad english) an article about how to do it. source code is also available.
you can find it on my blog: http://predicatet.blogspot.fr/2014/01/nopcommerce-how-to-code-my-own.html
