Handling custom claims-based authentication

You can use global events to define custom actions that the system performs after a user logs in or out of Kentico when using claims-based authentication. See the SecurityEvents section of the global event reference to learn more about the available options.

Login events

To set up a custom action, which the system performs after a user tries to access a restricted section of Kentico, implement a handler for the SecurityEvents.AuthenticationRequested.Execute event. For example, you can set up your own redirection to an identity provider.

The following is a simple example of writing information into the event log. The example uses a custom class in the App_Code folder to register the event handler:




using CMS.Base;
using CMS.Membership;
using CMS.EventLog;

[CustomWIFAuthentication]
public partial class CMSModuleLoader
{
    /// <summary>
    /// Attribute class that ensures the loading of custom handlers.
    /// </summary>
    public class CustomWIFAuthenticationAttribute : CMSLoaderAttribute
    {
        /// <summary>
        /// The system executes the Init method of the CMSModuleLoader attributes when the application starts.
        /// </summary>
        public override void Init()
        {
            // Assigns a handler to the event
            // This event occurs when users attempt to access a restricted section of Kentico
            SecurityEvents.AuthenticationRequested.Execute += SignIn_Execute;
        }

        // The handler method, which writes the URL, from which the authentication request was made, to the event log
        // You can replace it with your custom code
        private void SignIn_Execute(object sender, AuthenticationRequestEventArgs e)
        {
            string message = string.Format("Custom code handled the authentication event on URL: {0}", e.RequestedUrl);
            EventLogProvider.LogInformation("Custom code", "SIGN_IN", message);
        }
    }
}


Logout events

To set up a custom action, which the system performs after a user logs out of Kentico, implement a handler for theĀ SecurityEvents.SignOut.Before event. For example, you can set up logging out from a CRM or another system.

The following is a simple example of writing information into the event log. The example uses a custom class in the App_Code folder to register the event handler:




using CMS.Base;
using CMS.Membership;
using CMS.EventLog;

[CustomWIFAuthentication]
public partial class CMSModuleLoader
{
    /// <summary>
    /// Attribute class that ensures the loading of custom handlers.
    /// </summary>
    public class CustomWIFAuthenticationAttribute : CMSLoaderAttribute
    {
        /// <summary>
        /// The system executes the Init method of the CMSModuleLoader attributes when the application starts.
        /// </summary>
        public override void Init()
        {
            // Assigns a handler to the event
            // This event occurs when users attempt to log out of Kentico
            SecurityEvents.SignOut.Before += SignOut_Before;
        }

        // The handler method, which writes information to the event log
        // You can replace it with your custom code
        private void SignOut_Before(object sender, SignOutEventArgs e)
        {
            string message = string.Format("Custom code handled the sign out event for user {0} on URL {1}", e.User.FullName, e.SignOutUrl);
            EventLogProvider.LogInformation("Custom code", "SIGN_OUT", message);
        }
    }
}