Getting Started with Sitecore Virtual Users

What is Sitecore Virtual Users?

Sitecore has the ability to create custom authentication without having the users saved in the core database, In other words you don't have to save the users information in Sitecore database.

Sitecore Virtual Users are created in the memory level, Sitecore does not save these users as a Sitecore Users.

When we can use Sitecore Virtual Users?

If the client want your Sitecore solution to be authenticated with a third-party API or another custom users database, then you can authenticate your Sitecore solution with these users without migrating users to your Sitecore database.

How Does It work?

This is a good feature in Sitecore. Sitecore made it very easy and straightforward to create a custom authentication with an external party in a clean way.

Let's say we have a login form with username and password, so now we need to pass the username/password to the external authentication service. After validating the authentication result we need to create sitecore virtual user. The following code snippet do all of this using an MVC POST action.

[HttpPost]
        public ActionResult AuthenticateExternalUsers(LoginInfo loginInfo)
        {
            try
            {
              if(this._accountRepository.Login(loginInfo.Email, loginInfo.Password))
                {
                    string domain = "external";

                    // Create virtual user
                    Sitecore.Security.Accounts.User user =
                        AuthenticationManager.BuildVirtualUser(string.Format(@"{0}\{1}", domain, loginInfo.Email), true);

                    // Login the virtual user
                    AuthenticationManager.LoginVirtualUser(user);

                    this.Redirect(Context.Site.GetRootItem().Url());
                }
              else
                {
                    this.ModelState.AddModelError("invalidCredentials", "Username or password is not valid.");
                }

            }
            catch (Exception ex)
            {
                Log.Error($"Can't authenticate user with {loginInfo.Email}", ex, this);
                this.ModelState.AddModelError(nameof(loginInfo.Email), ex.Message);

            }
            return View();
        }


What about Logout the Virtual Users?

It is very simple and straightforward, you can do it as logging out a non-virtual sitecore users. You can use Sitecore.Security.Authentication namespace.

AuthenticationManager.Logout();  


What about Setting Custom Information in the User Context?

Once you authenticate the virtual user, you can use the following code to fill the user information in Sitecore.Context.User.

user.Profile.Name = "User Name";  
user.Profile.Email = loginInfo.Email;  
// also you can set custom property
user.Profile.SetCustomProperty("Gender", "Male");