User Content Type
The User content type is the base type for creating user content. Logging into the portal is done with credentials that belong to specific user content.
- User is the base content for defining users who can log into the portal
- fields include basic properties of users (ie. Name, Email, etc.), advanced administration fields (ie. Enabled, Password, etc.) and some technical fields (ie. SyncGuid)
- password is never persisted to repository, only the hash of the password which exposes no security threats
- Users are created under a specific Domain in the /Root/IMS (Users and Groups) folder
- Users may be organized under OrganizationalUnits and referenced in Groups to model organizational hierarchy and to define custom permission levels in the portal (see Permission settings for details)
- Users may be synchronized from and to an Active Directory
The content handler of the User content type handles the following:
- encodes passwords when saving the content
- sets adequate permissions to user content when new user is created (thus every user has rights to update own properties)
- synchronizes user to Active Directory when configured
Only those users that have an actual user content in the Content Repository may log in to the system (there is an exception though: when you decide to [against Active Directory] without syncing the users to Sense/Net).
If you are using Active Directory Synchronization, you do not have to bother with user names and passwords: they are taken care of by AD.
But if you have both users and passwords in the Content Repository and want to let users log in using their passwords than you should be aware of how we handle login names.
The following applies to Sense/Net ECM from version 6.5.3.
Previously users could log in to the system by typing the content name of their user content (the same name that is part of the user's path, for example the admin user has a path /Root/IMS/BuiltIn/admin) and providing the password. Beginning with version 6.5.3 we identify users by a new field:
The advantage of separating the content name and the login name is that users may have special characters in their login names that are not allowed in the content name because of restrictions of URLs.
If you are working with users - e.g. you create or edit them using a custom UI or in your custom code - you always have to take care of both the content name and login name as they both have to be unique under a domain.
There are no examples for this article.
- Permission settings
- Active Directory Synchronization
- Content Type
- User Profile
There are no external references for this article.