Developer forum

Forum » Development » Use Dynamicweb as External login provider for another application

Use Dynamicweb as External login provider for another application

E-mail notifications
Gaëtan Di Caro
Reply
Posted on 16/05/2018 15:05:01

Hello,

 

I have a custom mvc application next to a Dynamicweb solution. Right now it uses its own login provider. I would like to be able to log into that application using the user credentials from Dynamicweb. I need 2 features :

  • The customer should be able to log into the application with his DW UserName/Password
  • There should be a link on the DW website that takes the user to the application and logs him in automatically (if he's logged into DW of course)

I struggle a bit to find a good way to do this. Does anyone have any experience with this ?

 

Thanks !


Replies

 
Gaëtan Di Caro
Posted on 07/06/2018 15:53:18
Reply

Any idea ? I basically just need a way to authenticate a DW user's login/password from outside Dynamicweb.

 
Jonas Krarup Dam
Posted on 11/06/2018 09:44:53
Reply

Hi Gaƫtan,

I haven't heard of anyone doing this, so I'm afraid I don't have actual experience with this scenario.

This is not something that is explicitly implemented in Dynamicweb. 

However:

The user authentication api is public, in the Dynamicweb.Security.UserManagement.User class, so you should be able to implement simple username/password authentication fairly simply, either  by having your MVC application call dynamicweb, or by doing redirects, and passing login-tokens, to indicate which user has logged in. For a simple on-off application, I think you can do single-sign-on in the same way.

I think the main challenge is security (especially if the MVC application is hosted in a different environment). 

I know this isn't very specific, but I hope it's helpful none the less :-)

 

/Jonas

 

 
Gaëtan Di Caro
Posted on 11/06/2018 09:54:12
Reply

Thanks Jonas.

I had thought about using the api but I'm unsure how it would work outside of DW because there's a lot of context involved.

 

That being said, I have managed to find a way around my problem by having a login page inside DW redirecting to my application and then some logic in my application to check that the request is legit.

 

You must be logged in to post in the forum