Authentication

One of the most common integration tasks is to Authenticate the currently logged in user against the MCImageManager. So that users that are logged in can do modifications and those not logged in can't access the files.

SessionAuthenticator

Most of the time you want to be able to simply use sessions to check if the user is logged on, and possibly override specific config options like the root path based on user name or group access. It's very easy to use the session authentication, simply setup a few sessions with specific values in them on your login page or at the specific page that uses the MCImageManager. See the example below how to do this in PHP and ASP.NET.

PHP Example

// Setup sessions on login page for example
session_start();
$_SESSION['MyIsLoggedInState'] = true;
$_SESSION['imagemanager.filesystem.path'] = "/www/myroot";
$_SESSION['imagemanager.filesystem.rootpath'] = "/www/myroot";

PHP Config example

// Authenication
$mcImageManagerConfig['authenticator'] = "SessionAuthenticator"; // Tell it to use the session authenticator
$mcImageManagerConfig['authenticator.login_page'] = "login_session_auth.php"; // <- URL to your login page if the user couldn't be verified

// SessionAuthenticator
$mcImageManagerConfig['SessionAuthenticator.logged_in_key'] = "MyIsLoggedInState"; // The name of the session to check for "true" in

ASP.NET Example

// Setup sessions on login page for example
Session("MyIsLoggedInState") = true;
Session("imagemanager.filesystem.path") = "/www/myroot";
Session("imagemanager.filesystem.rootpath") = "/www/myroot";

ASP.NET Config example

<!-- Authentication -->
<add key="authenticator" value="SessionAuthenticator" /> <!-- Tell it to use the session authenticator -->
<add key="authenticator.login_page" value="login_session_auth.aspx" /> <!-- URL to your login page if the user couldn't be verified -->

<!-- Session Authenticator -->
<add key="SessionAuthenticator.logged_in_key" value="mc_isLoggedIn" /> <!-- The name of the session to check for "true" in -->

ExternalAuthenticator

This authenticator makes it possible to verify the user access by requesting remote URL. This URL can be pointing to another domain or language so it can be used to integrate the .NET or PHP imagemanager with a asp or jsp site. The examples below authenticates the user against a JSP page on remote server. Remember that the secret_key config should be changed and the .jsp might need to be altered to check that remote systems session variables.

PHP Config example

// ExternalAuthenticator config
$mcImageManagerConfig['ExternalAuthenticator.external_auth_url'] = "http://www.somedomain.com/auth_example.jsp";
$mcImageManagerConfig['ExternalAuthenticator.secret_key'] = "someSecretKey";

ASP.NET Config example

First, add it to the plugins section.

<plugins>
<plugin class="Moxiecode.Manager.Plugins.ExternalAuthenticator" />
</plugins>

Then add the configuration values.

<!-- External authenticator -->
<add key="ExternalAuthenticator.external_auth_url" value="http://www.somedomain.com/auth_example.jsp" />
<add key="ExternalAuthenticator.secret_key" value="someSecretKey" />

CustomAuthenticator

You can also write your own authenticator class if needed. If you write your own authenticator you can for example query databases for information and use that to override any config value or verify security agains custom cookies for example. More details on how to write your own plugins.