Handling custom claims-based authentication

You can use global events to define custom actions that the system performs after a user signs in or out of Kentico when using claims-based authentication. See the SecurityEvents section of the global event reference to learn more about the available options.

Sign-in events

To set up a custom action, which the system performs after a user tries to access a restricted section of Kentico, implement a handler for the SecurityEvents.AuthenticationRequested.Execute event. For example, you can set up your own redirection to an identity provider.

The following code is a simple example of a custom module class that writes information into the system event log when a user attempts to access a restricted page or section in Kentico.

using CMS;
using CMS.DataEngine;
using CMS.Membership;
using CMS.EventLog;

// Registers the custom module into the system
[assembly: RegisterModule(typeof(CustomAuthenticationModule))]

public class CustomAuthenticationModule : Module
{
	// Module class constructor, the system registers the module under the name "CustomAuthentication"
	public CustomAuthenticationModule()
		: base("CustomAuthentication")
	{
	}

	// Contains initialization code that is executed when the application starts
	protected override void OnInit()
	{
		base.OnInit();

		// Assigns a handler to the SecurityEvents.AuthenticationRequested.Execute event
		// This event occurs when users attempt to access a restricted section of Kentico
		SecurityEvents.AuthenticationRequested.Execute += SignIn_Execute;
	}

	// Handler method that writes the URL from which the authentication request was made into the event log
	// You can replace it with your custom code
	private void SignIn_Execute(object sender, AuthenticationRequestEventArgs e)
	{
		string message = string.Format("Custom code handled the authentication event on URL: {0}", e.RequestedUrl);
		EventLogProvider.LogInformation("Custom code", "SIGN_IN", message);
	}
}

Sign-out events

To set up a custom action that the system performs after a user signs out of Kentico, implement a handler for the SecurityEvents.SignOut.Before event. For example, you can set up simultaneous sign-out from an external CRM or another system.

The following code is a simple example of a custom module class that writes information into the system event log when a user attempts to sign out of Kentico.

using CMS;
using CMS.DataEngine;
using CMS.Membership;
using CMS.EventLog;

// Registers the custom module into the system
[assembly: RegisterModule(typeof(CustomAuthenticationModule))]

public class CustomAuthenticationModule : Module
{
	// Module class constructor, the system registers the module under the name "CustomAuthentication"
	public CustomAuthenticationModule()
		: base("CustomAuthentication")
	{
	}

	// Contains initialization code that is executed when the application starts
	protected override void OnInit()
	{
		base.OnInit();

		// Assigns a handler to the SecurityEvents.SignOut.Before event
		// This event occurs when users attempt to sign out of Kentico
		SecurityEvents.SignOut.Before += SignOut_Before;
	}

	// Handler method that writes the username and sign-out URL into the event log
	// You can replace it with your custom code
	private void SignOut_Before(object sender, SignOutEventArgs e)
	{
		string message = string.Format("Custom code handled the sign-out event for user {0} on URL {1}", e.User.FullName, e.SignOutUrl);
		EventLogProvider.LogInformation("Custom code", "SIGN_OUT", message);
	}
}

Was this page helpful?