This version of the Ed-Fi Dashboards is no longer supported. See the Ed-Fi Technology Version Index for a link to the latest version.

 

File-Based Authentication

File-Based Authentication Overview


The Ed-Fi Dashboards application supports a variety of authentication methods suitable for production environments. However, file-based authentication can be useful for developers during testing and initial development because the technique avoids the complexities of Active Directory or other integration-based authentication. To set up file-based authentication, follow the steps below.

Identify an Authentication File Directory

Look into the web.config file of the EdFi.Dashboards.SecurityTokenService.Web project and find the credentialsFilePath setting under appSettings. This is the directory where your auth.txt file will need to be stored. You can change the path as you see fit if you choose to store the file in another location. If the credentialsFilePath setting does not exist, add it under the appSettings section.

Create Authentication File

Create an auth.txt (example below). This file has a list of test users that will have access to the system. The comma-delimited list of attributes for a user are as follows - LoginId, password, start date from which the login is valid, end date by which the login is invalid, email address, and staff category. For the staff category, use "LEA System Administrator", "Superintendent", "Principal", "Assistant Principal", "School Administrative Support Staff", "Teacher", and "School Administrator".

JoeClark,cH9FrU6e,01/01/2010,01/01/2050,JoeClark@example.com,Superintendent
SandyMcMann,5UsAcuVu,01/01/2010,01/01/2050,SandyMcMann@example.com,District System Administrator

Link to Existing User by Email Address

Find a user in the Dashboard database for which you would like to add a login account. Add a corresponding entry in the auth.txt with an email address in the text file that maps to their email address in the database. You may have to add an email address for them in the database.

Enable File-Based Authentication

In the EdFi.Dashboards.SecurityTokenService.Web project, open Utilities\CastleWindsor\Development\ConfigurationSpecifictInstaller.cs. Add the methods below to the class:

  protected override void RegisterIAuthenticationProvider(IWindsorContainer container)
        {
            var config = GetConfigValueProvider(container);

            container.Register(Component
                .For<IAuthenticationProvider>()
                .ImplementedBy<TextFileAuthenticationProvider>()
                .DependsOn(Property.ForKey("credentialsFilePath").Eq(config.GetValue("credentialsFilePath"))));
        }

        private static IConfigValueProvider GetConfigValueProvider(IWindsorContainer container)
        {
            IConfigValueProvider config;

            try
            {
                config = container.Resolve<IConfigValueProvider>();
            }
            catch (Exception ex)
            {
                throw new ConfigurationErrorsException("Unable to resolve the IConfigValueProvider while registering Demo user role provider.  The configuration value provider is used to read the 'credentialsFilePath' setting from the web.config appSettings section to supply to the service.  Make sure the IConfigValueProvider is being registered with the container before the IUserRolesProvider.", ex);
            }
            return config;
        }

Once these steps are performed, developers should be able to log in to the dashboards using the credentials added to the auth.txt file.