Lynicon has a built in membership system based on ASP.Net Membership. There are a number of points where this is set up and accessed.
Configuration
There a several changes that need to be made to the web.config file to use the built in membership system. You can see these on the Manual Installation page. These are standard configuration elements for ASP,Net Membership. One key attribute is on the <add name="LightweightMembershipProvider"...> tag, the attribute is 'initPassword' and this value is used as the password for any user who has a null password field.
Also required is to in global.asax.cs add an event handler for OnPostAuthenticateRequest which calls LyniconSecurityManager.Current.EnsureLightweightIdentity(). This sets up ASP.Net with the identity of any logged in user from the built in system.
The Membership System
The membership system features an extensible User type. This can be extended as described in the Extend a Type section. This allows the client code to add extra fields into the membership record.
Roles in the membership system are made very simple, they are single letters. The core roles are A - Admin, E - Editor, U - User. You can use any single letter as a role simply by adding to it a user's details. The intention is that instead of the 'A' admin role being set up as authorized in any place where a 'U' user role is authorized, that an 'A' user always has the role 'U' as well.
Authorizing Action Methods
The built in system works with AuthorizeAttribute, and when you are setting the required role, the name is simply the appropriate single letter.
Logging In
You can build a custom log in system for site users, and then call
LyniconSecurityManager.Current.LoginUser(login.UserName, login.Password);
to actually log the user in - this returns null if there is no such user or their password is wrong.
There is also the standard editor login at /Lynicon/Login, which is the login page which is part of the CMS UI.
Getting the Current User
You can get the current user by calling:
LyniconSecurityManager.Current.User
It returns null if there is no logged in user.
User Management
You can get to the User Management page by clicking 'Users' on the Lynicon bar at the bottom of the screen, or just going to /Lynicon/Users. This opens a list/details editor for users. You can set a user's password here by typing it in the password box in clear text, then clicking 'Encrypt'. (then saving the user record).
Add Comment