Whoa... If you're keeping up with the official DNN blog, this marks 3 different project releases for us in less than a week! This time, we're announcing a brand new extension that allows you to enable the ability for your website end-users to authenticate themselves using a far more modern means, than the aging username & password method.
Upendo Simple DNN Authentication Provider
We've been working on this one for a bit. When you install this extension and enable it as your authentication provider, it follows the following steps for your end-users:
- They arrive on the login page and see this new login form.
- They enter their username (email or username, based on the site configuration, no matter), then press the "Send Code" link.
- A formatted email is sent to the email address associated with the user account.
- There is a randomized code in that email that needs to be copied and then pasted into the code field in the login form.
- Once properly verified, they're logged in.
That's it! The security of the username and password storage has been at least partially alleviated in this case.
That's right... Now, you can lean on the likes of software behemoths like Microsoft, Google, and others for their security standards in allowing these folks to create and maintain their user credentials.
It's quick and easy for your end users to access the website now. And since you've removed the password requirement, it's technically a multi-factor authentication method by default. 🤯
A Few Notes on Security 🔏
When an authentication code is generated, it's stored in a local table, but the value of the code (and other details) are encrypted (AES) at rest. If someone has the ability to read the database, they can't figure out the codes.
If someone tries to authenticate using the wrong code a few times, they're locked out of the login for a full hour.
Oh, and if the username or code is incorrect, there aren't any obvious details to help bad actors to guess if a username is correct.
This is an initial release, with minimal features. We definitely want to do things like add the ability for you to fine-tune the randomized code that's sent to your end-users. This way, you can customize this through configuration.
We are also maybe thinking of adding configuration options for the number of tries before end-users are locked out, and for how long.
We definitely want to better expose the email template for editing right in the settings view itself.
Ooooo! What about a customer service dashboard to help you manage the user states as they've logged in? I don't know.
Any future updates are up to all of you... Create some issues in GitHub to let us know what you want to see next!
Video Summary 📷
What's that? You want to watch it in action? Well, you're in luck!
Download & Links
Are you ready to get started already? Awesome! Here are a few links to help you.
In Closing 🙏🏽
Hey DNN fans! Ever dreamed of supercharging the DNN world?
Will Strohl here, and I'm on a mission to make DNN CMS more awesome than ever – but I need YOUR help! 🚀
From firing up the Day of DotNetNuke to dancing across the DNNConnections stage in Vegas, I've been living and breathing DNN. And guess what? I've got a treasure trove of new ideas and I'm ready to spill the beans, all thanks to your support on GitHub Sponsors.
So, do you wanna be a part of this exciting DNN adventure?
Your sponsorship is not just a tap on the 'support' button; it's a high-five, a fist bump, a join-in-the-fun kind of partnership.
Together, we'll build, laugh, learn, and maybe even invent a new DNN dance move or two!
Ready to rock the DNN CMS world with me? Click that button and let's make some DNN magic happen! 🎉
Join this DNN Adventure with Will – Sponsor Now & Let's Innovate Together!