Handling custom claims-based authentication

You can use global events to define custom actions that the system performs after a user signs in or out of Kentico when using claims-based authentication. See the SecurityEvents section of the global event reference to learn more about the available options.

Sign-in events

To set up a custom action, which the system performs after a user tries to access a restricted section of Kentico, implement a handler for the SecurityEvents.AuthenticationRequested.Execute event. For example, you can set up your own redirection to an identity provider.

The following code is a simple example of a custom module class that writes information into the system event log when a user attempts to access a restricted page or section in Kentico.




using CMS;
using CMS.DataEngine;
using CMS.Membership;
using CMS.EventLog;

// Registers the custom module into the system
[assembly: RegisterModule(typeof(CustomAuthenticationModule))]

public class CustomAuthenticationModule : Module
{
    // Module class constructor, the system registers the module under the name "CustomAuthentication"
    public CustomAuthenticationModule()
        : base("CustomAuthentication")
    {
    }

    // Contains initialization code that is executed when the application starts
    protected override void OnInit()
    {
        base.OnInit();

        // Assigns a handler to the SecurityEvents.AuthenticationRequested.Execute event
        // This event occurs when users attempt to access a restricted section of Kentico
        SecurityEvents.AuthenticationRequested.Execute += SignIn_Execute;
    }

    // Handler method that writes the URL from which the authentication request was made into the event log
    // You can replace it with your custom code
    private void SignIn_Execute(object sender, AuthenticationRequestEventArgs e)
    {
        string message = string.Format("Custom code handled the authentication event on URL: {0}", e.RequestedUrl);
        EventLogProvider.LogInformation("Custom code", "SIGN_IN", message);
    }
}


Sign-out events

To set up a custom action that the system performs after a user signs out of Kentico, implement a handler for theĀ SecurityEvents.SignOut.Before event. For example, you can set up simultaneous sign-out from an external CRM or another system.

The following code is a simple example of a custom module class that writes information into the system event log when a user attempts to sign out of Kentico.




using CMS;
using CMS.DataEngine;
using CMS.Membership;
using CMS.EventLog;

// Registers the custom module into the system
[assembly: RegisterModule(typeof(CustomAuthenticationModule))]

public class CustomAuthenticationModule : Module
{
    // Module class constructor, the system registers the module under the name "CustomAuthentication"
    public CustomAuthenticationModule()
        : base("CustomAuthentication")
    {
    }

    // Contains initialization code that is executed when the application starts
    protected override void OnInit()
    {
        base.OnInit();

        // Assigns a handler to the SecurityEvents.SignOut.Before event
        // This event occurs when users attempt to sign out of Kentico
        SecurityEvents.SignOut.Before += SignOut_Before;
    }

    // Handler method that writes the username and sign-out URL into the event log
    // You can replace it with your custom code
    private void SignOut_Before(object sender, SignOutEventArgs e)
    {
        string message = string.Format("Custom code handled the sign-out event for user {0} on URL {1}", e.User.FullName, e.SignOutUrl);
        EventLogProvider.LogInformation("Custom code", "SIGN_OUT", message);
    }
}