Skip to main content
RSS feed Subscribe to feed


How to Implement Custom Authentication

Web Player custom authentication is implemented in two steps. First the custom authenticator is created, then it is enabled in the Web Player configuration.


This tutorial highlights the key programming actions when implementing custom Web Player authentication.

Background Information
  • Spotfire SDK\Examples\Extensions\SpotfireWebDeveloper.CustomWebAuthenticationExample

Implementing a Custom Authenticator

Implement the CustomAuthenticator abstract base class.

Override the AuthenticateTokenCore method to return an object representing the identity of the user logging in. In the following code sample the user login name is retrieved using the context parameter. The context parameter provides access to the user's HTTP session. In this example the username is passed as an HTTP header of the the HTTP session object:

using System;
using Spotfire.Dxp.Web;
using System.Security.Principal;

public class MyCustomAuthenticator : CustomAuthenticator
    // Empty constructor required
    public MyCustomAuthenticator() : base()

    protected override IIdentity AuthenticateTokenCore(AuthenticationContext context)
		// Assuming the token is contained in the request header
        string username = context.Context.Request.Headers["X-Username"];
		// Use the CreateIdentity helper method to create an
		// IIdentity object of the correct type. 
        return CustomAuthenticator.CreateIdentity(username);

Enabling Custom Authentication

Custom authentication is enabled in the web.config configuration file for the Web Player application. In the <customAuthenticator> element, define the implementation of the custom authentication logic to be used.

        <authentication analyticServerUrl="uri" >
			<customAuthenticator type="MyAssembly.MyCustomAuthenticator, MyAssembly"/>

Make sure the assembly is placed in the bin folder of the Web Player installation.

Web Player 2.1 Impersonator Notice

From Spotfire Web Player 2.2 there is a standard impersonator setting, but for 2.1 it has to be added in the the <authentication> element. Add the information of an impersonation account as an <impersonator> element, containing the impersonator identity to use when authenticating against the Analytics Server:

    <impersonator userName="userName" password="pwd"/>