Membership
Lynicon has a pluggable membership system. By default the current NuGet package will set up Lynicon to work with a customised version of ASP.Net Identity. Any membership system which works with ASP.Net MVC AuthorizeAttribute can be used, if you write appropriate providers for it.
Interface
The Membership system as used by Lynicon includes a number of components. You can access these in your code if you prefer this to going directly to the underlying membership system.
Lynicon.Membership.User
The User type represents the view of the user needed by the CMS. This type is extensible (see Extend a Type) to allow for modules and client code to add extra fields to the data store for a user.
Lynicon.Membership.ISecurityManager
This is a service interface, which is accessible via the service locator Lynicon.Membership.LyniconSecurityManager on the Current static property. It provides all the operations required by the CMS to handle membership. The first step of using a custom membership system with Lynicon is to build an ISecurityManager service.
Collator and Repository
You can use the Data System to access User records like any other content (e.g. Collator.Instance.Get<User>()).
If you want to use a custom membership system, Lynicon expects the Data System to be configured so that a request for a User type will work. You have different options in making this happen:
- Probably the most straightforward is to write an implementer of Lynicon.DataSources.IDataSource or use one of the provided ones to access your user data and return it converted to the User type. You would then need to register Lynicon.Collators.BasicCollator for use with the User type to pass it unchanged back to the client code.
- It might be simpler to use Lynicon.Collators.AdaptorCollator to convert the type at the collator level, this class provides facilities to make this easier to do.
If you look at the source for Lynicon.Membership.LyniconIdentitySecurityManager in the InitializeDataApi method, you can see the more difficult route the default Identity based system uses.
Roles
Roles in the membership system are made very simple, they are single letters. The core roles are A - Admin, E - Editor, U - User. You can use any single letter as a role simply by adding to it a user's details. The intention is that instead of the 'A' admin role being set up as authorized in any place where a 'U' user role is authorized, that an 'A' user always has the role 'U' as well.
Authorizing Action Methods
Any compatible membership system will work with AuthorizeAttribute, and when you are setting the required role, the name is simply the appropriate single letter.
Logging In
You can build a custom log in system for site users, and then call
SecurityManager.Current.LoginUser(login.UserName, login.Password);
to actually log the user in - this returns null if there is no such user or their password is wrong.
There is also the standard editor login at /Lynicon/Login, which is the login page which is part of the CMS UI.
Getting the Current User
You can get the current user by calling:
SecurityManager.Current.User
It returns null if there is no logged in user.
User Management
You can get to the User Management page by clicking 'Users' on the Lynicon bar at the bottom of the screen, or just going to /Lynicon/Users. This opens a list/details editor for users. You can set a user's password here by typing it in the password box in clear text, then clicking Change Password (this immediately updates the password without saving).
Adding Fields to the User Record
This can be done by extending the User type: for how to do this see Extend a Type in which the example shows you how to add fields to the user record.