Implementing a Custom Authentication

If you want to implement a custom authentication, you need to implement the ISecurityManager interface and set a connection string, in the UI web.config, who's ProviderName points to the concrete implementation. (The example below uses the Microsoft Entra ID Security Manager)

<connectionStrings>
    <add name="ImageVaultSecurityManager"
         providerName="ImageVault.Adal.Providers.AdalSecurityManager,ImageVault.Adal.Providers"
         connectionString="key1=value1;key2=value2;..."/>
</connectionStrings>

The interface contains of three members described below;

Initialize

This method passes a ISecurityManagerConfiguration that contains all keys and values passed in the connectionString attribute. This method will be called before any of the other members is invoked.

ConfigureAuth

This method is implemented to configure the authentication pipeline according to the Owin standard. For more information, see the owin-katana documentation on asp.net.

The important part for the auth configuration is that the authenticated user should be a Claims user containing the roles/groups that it belongs to as claims where the value matches the identity of the IClaimDescriptor (see below).

IIdentityDescriptorService

You also need to implement a custom identity descriptor service. This allows the application to lookup users/roles/groups from the catalog. Those identities are returned as IClaimDescriptor objects.