Custom Authentication

<< Click to Display Table of Contents >>

Navigation:  Bizagi Studio > Security definition > Work Portal Security > Work Portal Authentication > Advanced authentication >

Custom Authentication


Custom Authentication allows you to define your own component to be used by Bizagi's Work Portal authentication.

This means that through this option, you may override the methods used by Bizagi to allow login to end users.





This feature is not eligible for Automation Service.




If you plan on using an authentication method different than Bizagi and you are performing a deployment to an environment with no users on it (normally this would only be the case for a project's first deployment), follow these steps so that you can correctly configure your users and authentication without getting locked out of the Work Portal:

1.Perform the deployment with the authentication method set to Bizagi. This lets you access the Work Portal as the Admon user without providing any credentials.

2.Once in the Work Portal you can manually enter your users, or alternatively you can rely on the method of your choice to synchronize your users' information into the WFUser table (SOAP, Excel file, LDAP Synchronization, or performing a Data Synchronization procedure).

3.Perform an IISRESET so that the Admon user can no longer access the Work Portal.

4.After having your users registered in the Work Portal, use the Management Console to set the authentication method to your preferred one.


If you plan on using LDAP authentication with periodic users synchronization, you may ignore the previous steps since you will only need to wait until the next synchronization happens for your users to be able to log into the Work Portal.


What to implement?

The Authentication class of your custom component must implement the following methods:


public bool authenticate(string sDomain, string sUsername, string sPassword, ref string sErrorMessage)

This method is used to authenticate the user in the system.

The domain, user and password are sent as input parameters and a Boolean value is returned indicating successful authentication or not.

In the latter case the sErrorMessage parameter must be filled with the corresponding error.


public void logOff(string sDomain, string sUsername)

This method is used to send the remote system a notification that the user left the system, or his/her session has been inactive.


public bool changePassword(string sDomain, string sUsername, string sOldPassword, string sNewPassword, ref string sErrorMessage)

This method is used to allow a change of password for end user accounts (send the remote system a request for a password change).


public bool changePassword(string sDomain, string sUsername, string sOldPassword, string sNewPassword, string sSecretQuestion, string sSecretAnswer, ref string sErrorMessage)

This method is used to allow a change of password for end user accounts (send the remote system a request for a password change).

Unlike the previous method, this one has an overload with information of the secret question and its answer.


Setting Custom Authentication

To set Custom as the authentication type, select Custom from the drop-down list:




Click on the Update button.

When this option is selected, Bizagi is informed that the authentication will be handled by an external component (developed by a third party).

Therefore, this option requires that you both: Specify detail for the assembly and class to be used by the authentication module, and include this assembly in Bizagi's project solution (at the Web application's bin).


In summary, Custom Authentication has the following configuration options:

Cookie type: Defines whether Bizagi uses Persistent o Session cookies. The idle session time-out defines the expiration time for cookies.

Custom Authentication Class: Defines the name of the class that will perform the custom authentication within the component specified. You will need to include the namespace of that class (set as Namespace.Class).




Custom Authentication Component: Defines the name of the assembly that will perform the authentication. This assembly must be present  in the Web application bin or in the GAC.




Enable authentication logging: Establishes if an audit log is recorded with all authentication events. If enabled look for the table AUTHOLOG in the database.

Idle session time-out: Defines the time in minutes in which an idle session expires; in which case it would be required to authenticate again. This setting defines the expiration time for cookies

Show detailed authentication error messages: Defines if authentication errors are shown in a detailed way when they occur.


Once you have set the mentioned parameters, in execution your end users will input their credentials in the login page.

Bizagi will invoke the class and method as specified in the configuration and send these credentials.

If the user does exist in Bizagi and the custom method returns True, Bizagi will grant access.



To see an example of Custom authentication use and implementation, refer to Custom authentication example.