Lynicon has a built in membership system based on ASP.Net Membership. There are a number of points where this is set up and accessed.
Configuration
There a several changes that need to be made to the web.config file to use the built in membership system. You can see these on theInstallation page. These are standard configuration elements for ASP,Net Membership. One key attribute is on the <add name="LightweightMembershipProvider"...> tag, the attribute is 'initPassword' and this value is used as the password for any user who has a null password field.
Also required is to in global.asax.cs add an event handler for OnPostAuthenticateRequest which calls LyniconSecurityManager.Current.EnsureLightweightIdentity(). This sets up ASP.Net with the identity of any logged in user from the built in system.
The Membership System
The membership system features an extensible User type. This can be extended as described in the Extend a Type section. This allows the client code to add extra fields into the membership record.pluggable membership system. By default the current NuGet package will set up Lynicon to work with standard ASP.Net Identity users. Any membership system which works with ASP.Net MVC AuthorizeAttribute can be used, if you write appropriate providers for it.
Interface
The Membership system as used by Lynicon includes a number of components. You can access these in your code if you prefer this to going directly to the underlying membership system.
Lynicon.Membership.User
The User type represents the view of the user needed by the CMS. This type is extensible (see Extend a Type) to allow for modules and client code to add extra fields to the data store for a user.
Lynicon.Membership.ISecurityManager
This is a service interface, which is accessible via the service locator Lynicon.Membership.LyniconSecurityManager on the Current static property. It provides all the operations required by the CMS to handle membership. The first step of using a custom membership system with Lynicon is to build an ISecurityManager service.
Collator and Repository
You can use the Data System to access User records like any other content (e.g. Collator.Instance.Get<User>()).
If you want to use a custom membership system, Lynicon expects the Data System to be configured so that a request for a User type will work. You have different options in making this happen:
- Probably the most straightforward is to write an implementer of Lynicon.DataSources.IDataSource or use one of the provided ones to access your user data and return it converted to the User type. You would then need to register Lynicon.Collators.BasicCollator for use with the User type to pass it unchanged back to the client code.
- It might be simpler to use Lynicon.Collators.AdaptorCollator to convert the type at the collator level, this class provides facilities to make this easier to do.
If you look at the source for Lynicon.Membership.LyniconIdentitySecurityManager in the InitializeDataApi method, you can see the more difficult route the default Identity based system uses.
Roles
Roles in the membership system are made very simple, they are single letters. The core roles are A - Admin, E - Editor, U - User. You can use any single letter as a role simply by adding to it a user's details. The intention is that instead of the 'A' admin role being set up as authorized in any place where a 'U' user role is authorized, that an 'A' user always has the role 'U' as well.
Authorizing Action Methods
The built in system works Any compatible membership system will work with AuthorizeAttribute, and when you are setting the required role, the name is simply the appropriate single letter.
...
You can build a custom log in system for site users, and then call
LyniconSecurityManager.Current.LoginUser(login.UserName, login.Password);...
to actually log the user in - this returns null if there is no such user or their password is wrong.
...
You can get the current user by calling:
LyniconSecurityManager.Current.User...
It returns null if there is no logged in user.
...