Single Sign On for Sitecore CMS websites using Virtual Users.

Many times we have a central repository like an external database, Salesforce CRM, Microsoft Dynamics CRM, etc and we need to authenticate users against those external systems before allowing them to access secured data like media items, pdf’s, etc hosted on Sitecore website, this can be achieved by creating virtual users in Sitecore.

For this to happen the user needs to be an extranet user in Sitecore, to avoid adding thousands of such users as extranet users in Sitecore a better approach is to create a virtual user. Once the virtual user is created you can authenticate the user against any external system using there API’s, after the user is authenticated using external system we can create a Sitecore virtual user using Sitecore Security API’s. We can also make the virtual users members of different Sitecore roles and control there access using access rights.

Code snippet for creating virtual users is as follows:-

Sitecore.Security.Accounts.User user =  Sitecore.Security.Authentication.AuthenticationManager.BuildVirtualUser(@"domain\user",true);

The above code snippet most preferably should be used in the login method of your login form after authenticating the user against external system.

Code snippet for Logging in virtual users:-

Note: By default Sitecore does not honor the expiration timeout value when using AuthenticationManager.Login(string userName). To enforce this and avoid having untold numbers of Virtual Users being orphaned in Sitecore you need to implement the fix detailed here:

Code snippet for logging out and deleting the virtual users:-




The above code snippet should be a part logout method depending on your logic.