Changes in the service for managing user accounts in version 3.11
1. Terms used
Provider - the old version of the authentication component. It is supported in the version 3.11, but its use is discouraged in creating new extensions.
Module - a new version of the authentication component. It allows creating instances of connections to external account storages directly from the web interface. With the release of 3.11.0, two modules became available: "LDAP" and "Active Directory". You can create a custom authentication module, different from LDAP.
Module instance - a set of authentication module connection settings.
2. Moving the system authentication provider settings to LDAP
When updating ELMA to 3.11, the system authentication provider in LDAP is deleted. Instead of it, an LDAP module instance is created, and the deleted provider settings are moved in it automatically.
3. Updating a custom authentication provider
Version 3.11 supports authentication providers, however, to be able to authenticate users, you must edit the code.
The void Validating(UserValidationContext context) method of the authentication event handler in the EleWise.ELMA.Security.Services.IMembershipServiceEventHandler system is no longer used for validation, its execution results in the context will not be taken into account. Instead, validation is performed in the bool ValidateUser(string userNameOrEmail, string password) method of the extension point of the internal authentication implementation EleWise.ELMA.Security.IExternalMembershipService.
Thus, the code, responsible for user authentication should be moved from the метода void Validating(UserValidationContext context) method to bool ValidateUser(string userNameOrEmail, string password). At the same time, keep in mind that the ValidateUser method does not require AuthProviderGuid user authentication. The bool value returned by the method will show whether the authentication is successful or not.
Example of moving code:
Old version of the IExternalMembershipService implementation
[Component]
public class LdapExternalMembershipService : IExternalMembershipService
{
...
public bool ValidateUser(string userNameOrEmail, string password)
{
return false;
}
...
}
Old version of the IMembershipServiceEventHandler implementation
[Component]
internal class LdapUserModelMembershipEventHandler : IMembershipServiceEventHandler2
{
...
public void Validating(UserValidationContext context)
{
var lLdapExternalMembershipService = Locator.GetServiceNotNull<LdapExternalMembershipService>();
if (context.User.AuthProviderGuid == lLdapExternalMembershipService.ServiceUid)
{
if (context.Authorized) return;
//try DN authentication
try
{
if (!ValidatingDN(context))
{
context.Error = new Exception(SR.T("DN authentication error"));
return;
}
}
catch (Exception ex1)
{
//try template authentication
try
{
if (!ValidatingTemplate(context))
{
context.Error = new Exception(SR.T("Template authentication error"));
return;
}
}
catch (Exception ex2)
{
context.Error = ex2;
context.Authorized = false;
Logger.Log.Error(string.Format("LDAP DN fail. Login: {0}. {1}", context.User.UserName, ex1.Message), ex1);
Logger.Log.Error(string.Format("LDAP Template fail. Login: {0}. {1}", context.User.UserName, ex2.Message), ex2);
return;
}
}
context.Authorized = true;
}
}
...
}
New version of the IExternalMembershipService implementation
[Component]
internal class LdapUserModelMembershipEventHandler : IMembershipServiceEventHandler2
{
...
public void Validating(UserValidationContext context)
{
var lLdapExternalMembershipService = Locator.GetServiceNotNull<LdapExternalMembershipService>();
if (context.User.AuthProviderGuid == lLdapExternalMembershipService.ServiceUid)
{
if (context.Authorized) return;
//try DN authentication
try
{
if (!ValidatingDN(context))
{
context.Error = new Exception(SR.T("DN authentication error"));
return;
}
}
catch (Exception ex1)
{
//try template authentication
try
{
if (!ValidatingTemplate(context))
{
context.Error = new Exception(SR.T("Template authentication error"));
return;
}
}
catch (Exception ex2)
{
context.Error = ex2;
context.Authorized = false;
Logger.Log.Error(string.Format("LDAP DN fail. Login: {0}. {1}", context.User.UserName, ex1.Message), ex1);
Logger.Log.Error(string.Format("LDAP Template fail. Login: {0}. {1}", context.User.UserName, ex2.Message), ex2);
return;
}
}
context.Authorized = true;
}
}
...
}
New version of the IMembershipServiceEventHandler implementation
[Component]
internal class LdapUserModelMembershipEventHandler : IMembershipServiceEventHandler2
{
...
public void Validating(UserValidationContext context)
{
}
...
}
4. Obsolete classes and interfaces
The EleWise.ELMA.Security.MembershipSettings class is obsolete. You should avoid using it unless it is necessary for the EleWise.ELMA.Security.IExternalMembershipService interface implementation. It will be removed in the upcoming ELMA versions.
The extension point of the external authentication implementation EleWise.ELMA.Security.IExternalMembershipService, which is the base interface of authentication providers, is obsolete. It will be removed in the upcoming ELMA versions, therefore, if you have custom authentication providers, prepare to move their logic to authentication modules beforehand.