Sitecore的验证用户抵御外部成员资格数据库 [英] Sitecore authenticate users against external membership database

问题描述

我有，我想有网站访客帐户存储在外部asp.net会员数据库，但保留通过Sitecore的管理接口（因此存储在核心数据库）Sitecore的内容编辑/管理员一个Sitecore的网站。

我已经通过下面的论坛帖子阅读
<一href=\"http://sdn.sitecore.net/SDN5/Forum/ShowPost.aspx?postid=35305\">http://sdn.sitecore.net/SDN5/Forum/ShowPost.aspx?postid=35305

，其中提到了下列文件
<一href=\"http://sdn.sitecore.net/upload/sitecore6/62/membership_providers_sc62-a4.pdf\">http://sdn.sitecore.net/upload/sitecore6/62/membership_providers_sc62-a4.pdf
<一href=\"http://sdn.sitecore.net/upload/sitecore6/62/security_api_cookbook_sc60-62-a4.pdf\">http://sdn.sitecore.net/upload/sitecore6/62/security_api_cookbook_sc60-62-a4.pdf
<一href=\"http://sdn.sitecore.net/upload/sdn5/modules/ad/low-level_sitecore_cms_security_and_custom_providers-a4.pdf\">http://sdn.sitecore.net/upload/sdn5/modules/ad/low-level_sitecore_cms_security_and_custom_providers-a4.pdf

但这些都不似乎提供什么，我需要做一个全面的了解。

我目前得到的＆LT;会员＆GT; 部分设置为使用'开关'供应商（与相应的供应商指着我的会员DB）和＆LT; roleManager方式＆gt; 部分还设置了与相应供应商指着再次使用交换机供应商说，会员DB

到目前为止，我只成功地突破了用户管理器在Sitecore的桌面上（它抛出任何异常项目已添加关键字典中，外网\\无名氏键被添加：外网\\无名氏如果Sitecore的创造外网\\匿名帐户，或对象引用未设置到对象的实例。如果我删除该用户帐户。

作为背景资料我使用Sitecore的6.5和我的web配置的相关部分如下：

 ＆LT;会员defaultProvider =切换＆GT;
  ＆LT;供应商＆GT;
    ＆LT;清/＆GT;
    ＆LT;添加名称=Sitecore的
         类型=Sitecore.Security.SitecoreMembershipProvider，Sitecore.Kernel
         realProviderName =MYPROVIDER
         providerWildcard =％
         raiseEvents =真/＆GT;
    ＆LT;添加名称=SQL
         类型=System.Web.Security.SqlMembershipProvider
         的connectionStringName =核心
         的applicationName =Sitecore的
         minRequiredPasswordLength =1
         minRequiredNonalphanumericCharacters =0
         requiresQuestionAndAnswer =假
         requiresUniqueEmail =假
         maxInvalidPasswordAttempts =256/＆GT;
    ＆LT;添加名称=切换
         类型=Sitecore.Security.SwitchingMembershipProvider，Sitecore.Kernel
         的applicationName =Sitecore的
         映射=switchingProviders /会员制/＆GT;
    ＆LT;添加名称=MYPROVIDER
         键入=System.Web.Security.SqlMembershipProvider，System.Web程序，版本= 2.0.0.0，文化=中性公钥= b03f5f7f11d50a3a
         的applicationName =Sitecore的
         的connectionStringName =MYDATABASE
         minRequiredPasswordLength =1
         minRequiredNonalphanumericCharacters =0
         requiresQuestionAndAnswer =假
         requiresUniqueEmail =假
         maxInvalidPasswordAttempts =10/＆GT;
  ＆LT; /供应商＆GT;
＆LT; /会员＆GT;
＆LT; roleManager defaultProvider =切换启用=真＆GT;
  ＆LT;供应商＆GT;
    ＆LT;清/＆GT;
    ＆LT;添加名称=Sitecore的
         类型=Sitecore.Security.SitecoreRoleProvider，Sitecore.Kernel
         realProviderName =MYPROVIDER
         raiseEvents =真/＆GT;
    ＆LT;添加名称=SQL
         类型=System.Web.Security.SqlRoleProvider
         的connectionStringName =核心
         的applicationName =Sitecore的/＆GT;
    ＆LT;添加名称=切换
         类型=Sitecore.Security.SwitchingRoleProvider，Sitecore.Kernel
         的applicationName =Sitecore的
         映射=switchingProviders / roleManager/＆GT;
    ＆LT;添加名称=MYPROVIDER
         键入=System.Web.Security.SqlRoleProvider，System.Web程序，版本= 2.0.0.0，文化=中性公钥= b03f5f7f11d50a3a
         的applicationName =Sitecore的
         的connectionStringName =MYDATABASE/＆GT;
  ＆LT; /供应商＆GT;
＆LT; / roleManager＆GT;
 

解决方案

您应该自定义成员资格的情况下遵循的理念/角色提供类似于什么的 AD模块href=\"http://sdn5.sitecore.net/Products/AD/Documentation.aspx\">其设置说明在列出。整个过程可以分成几个步骤：

• 添加一个连接字符串connectionstrings.config


• 添加会员/角色提供定义来的web.config system.web节


• 激活切换


• 创建一个新的域用户/自定义提供角色


• 添加域/供应商映射

添加一个连接字符串

这是pretty简单，看来这是你已经做了什么。问题的关键是有一个连接字符串到数据库，那么你可以从自定义提供参考。

添加会员/角色提供定义

另一个简单的步骤 - 只需加在的System.Web /会员/供应商会员提供定义（ MYPROVIDER 你的情况）在web.config中部分，并在的System.Web / roleManager /提供商部分添加一个角色提供的定义。顺序并不重要。在这一点上，你不修改任何其他供应商的定义中提到的部分。

激活切换

这是它变得复杂。首先，不改的 @defaultProvider 属性值。这是Sitecore的默认情况下，它应该保持原样。相反，找到一个名为Sitecore的的供应商，并改变其 @realProviderName 从属性值SQL到'切换'。

命名为开关的提供者负责背后切换提供商和GETALL的结果结合/ Find方法的所有魔法。

创建一个新的域

您应该为您会不会从您的自定义数据库通过您的自定义提供用户/角色的新领域。事情是这样的：

 ＆LT;域名=myDomain的ensureAnonymousUser =FALSE/＆GT;
 

的 @ensureAnonymousUser 属性被设置为Sitecore的不会匿名用户添加到您的域名虚假手段，所以不会有 myDomain的\\匿名。这通常是自定义域所需的行为。

添加域/供应商映射

这是最后一步，让Sitecore的知道哪些域送达每个供应商。一个供应商能够处理多个域（默认Sitecore的SQL提供存储从Sitecore的用户和外网域），而不是相反。

所以，打开主web.config文件，浏览到配置/ Sitecore的/ switchingProviders 部分。添加像这样的memberhip款：

 ＆LT;供应商的providerName =MYPROVIDERstoreFullNames =假通配符=％
域=myDomain的/＆GT;
 

和roleManager款类似的事情：

 ＆LT;供应商的providerName =MYPROVIDERstoreFullNames =假通配符=％
域=myDomain的/＆GT;
 

在此之后，从您的数据库的用户会像'myDomain的\\用户的UserManager中，同样是真正的角色可见。在 @ storeFullNames ='假'意味着您的数据库存储的用户/无域prefixes角色，只是本地名称。通配符应该是如果你的自定义源是SQL（这显然是）。默认值

这是它，现在它应该工作！ :-)的上面<一个所述的步骤的细节href=\"http://sdn5.sitecore.net/Articles/Security/Low_level_Sitecore_Security_and_Custom_Providers.aspx\">this文章。

I have a Sitecore site where I want to have website visitor accounts stored in an external asp.net membership database but keep Sitecore content editors/admins managed via the Sitecore interface (and hence stored in the 'Core' database).

I've read through the following forum post http://sdn.sitecore.net/SDN5/Forum/ShowPost.aspx?postid=35305

in which the following documents are mentioned http://sdn.sitecore.net/upload/sitecore6/62/membership_providers_sc62-a4.pdf http://sdn.sitecore.net/upload/sitecore6/62/security_api_cookbook_sc60-62-a4.pdf http://sdn.sitecore.net/upload/sdn5/modules/ad/low-level_sitecore_cms_security_and_custom_providers-a4.pdf

but none of these seem to provide a complete picture of what I need to do.

I've currently got the the <membership> section set up to use the 'switcher' provider (with a corresponding provider pointing to my membership DB) and the <roleManager> section also set up to use the switcher provider again with a corresponding provider pointing to said membership DB.

So far I have only succeeded in breaking the user manager in the Sitecore desktop (it throws either the exception Item has already been added. Key in dictionary: 'extranet\Anonymous' Key being added: 'extranet\Anonymous' if Sitecore has created the extranet\Anonymous account, or Object reference not set to an instance of an object. if I've deleted that user account.

As background information I'm using Sitecore 6.5 and the relevant section of my web config is as follows

<membership defaultProvider="switcher">
  <providers>
    <clear/>
    <add name="sitecore"
         type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel"
         realProviderName="myProvider"
         providerWildcard="%"
         raiseEvents="true"/>
    <add name="sql"
         type="System.Web.Security.SqlMembershipProvider"
         connectionStringName="core"
         applicationName="sitecore"
         minRequiredPasswordLength="1"
         minRequiredNonalphanumericCharacters="0"
         requiresQuestionAndAnswer="false"
         requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="256"/>
    <add name="switcher"
         type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel"
         applicationName="sitecore"
         mappings="switchingProviders/membership"/>
    <add name="myProvider"
         type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         applicationName="sitecore"
         connectionStringName="myDatabase"
         minRequiredPasswordLength="1"
         minRequiredNonalphanumericCharacters="0"
         requiresQuestionAndAnswer="false"
         requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="10" />
  </providers>
</membership>
<roleManager defaultProvider="switcher" enabled="true">
  <providers>
    <clear/>
    <add name="sitecore" 
         type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel"
         realProviderName="myProvider"
         raiseEvents="true"/>
    <add name="sql"
         type="System.Web.Security.SqlRoleProvider"
         connectionStringName="core"
         applicationName="sitecore"/>
    <add name="switcher"
         type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel"
         applicationName="sitecore"
         mappings="switchingProviders/roleManager"/>
    <add name="myProvider"
         type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         applicationName="sitecore"
         connectionStringName="myDatabase" />
  </providers>
</roleManager>

解决方案

The idea you should follow in the case of custom membership/role providers is similar to what AD module lists in its setup instructions. The entire process can be split into several steps:

• Adding a connection string to connectionstrings.config
• Adding membership/role provider definitions to the system.web section of web.config
• Activating switchers
• Creating a new domain for the users/roles from custom provider
• Adding domain/provider mappings

Adding a connection string

This is pretty straightforward and it seems this is what you've done already. The point is to have a connection string to the database you can then reference from the custom providers.

Adding membership/role provider definitions

Another simple step - just add a membership provider definition (myProvider in your case) under system.web/membership/providers section in web.config, and add a role provider definition under system.web/roleManager/providers section. The order is not important. At this point, you do not modify any other provider definitions in the mentioned sections.

Activating switchers

This is where it becomes complicated. First off, DON'T CHANGE the @defaultProvider attribute value. It is 'sitecore' by default and it should stay as is. Instead, find the provider called "sitecore", and change its @realProviderName attribute value from 'sql' to 'switcher'.

The provider named "switcher" is responsible for all the magic behind switching the providers and combining the results of GetAll/Find methods.

Create a new domain

You should create a new domain for the users/role you'll take from your custom DB through your custom providers. Something like this:

   <domain name="myDomain" ensureAnonymousUser="false"/>

The @ensureAnonymousUser attribute being set to false means that Sitecore won't add an anonymous user to your domain, so there won't be myDomain\Anonymous. This is usually the desired behavior for the custom domains.

Adding domain/provider mappings

This is the last step to let Sitecore know which domain is served with each provider. One provider can handle multiple domains (default Sitecore SQL provider stores the users from 'sitecore' and 'extranet' domains), but not vice versa.

So, open the main web.config file and browse to the configuration/sitecore/switchingProviders section. Add something like this for memberhip subsection:

<provider providerName="myProvider" storeFullNames="false" wildcard="%" 
domains="myDomain" />

and the similar thing for roleManager subsection:

<provider providerName="myProvider" storeFullNames="false" wildcard="%" 
domains="myDomain" />

After this, the users from your DB will be visible as 'myDomain\user' in UserManager, the same is true for roles. The @storeFullNames='false' means that your DB stores the users/roles without domain prefixes, just the local names. Wildcard should be the default value in case your custom source is SQL (which obviously is).

That's it, and now it should work! :-) The details of the steps above are described in this article.

这篇关于Sitecore的验证用户抵御外部成员资格数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！