I'm trying to automatically log in a user that is coming from another portal where they were already logged in. I pass an ID value that allows me to retrieve the username and password from an external table that I use for authentication. When logging in normally I use ICG's External Database Authentication provider.
After retrieving the username and password, I attempt to use UserController.ValidateUser and upon success UserController.UserLogin. It keeps returning LOGIN_FAILURE on validation as the status. However, when I pass the login information for my host account it works, and logs in the host account.
One of the parameters for Validation is the AuthType. I've tried both the default "DNN" and "ICGCustom" which is the authtype for the ICG provider. Host account only works when using "DNN".
Any thoughts would be appreciated.
I found the following post which gave me my answer...
https://stackoverflow.com...ssword-in-dotnetnuke
Apparently the UserController.UserLogin does not require that the password be supplied in the UserInfo passed to it. This surprised me.
Posted By John Svoboda on 12 Jul 2022 01:49 PM I found the following post which gave me my answer... https://stackoverflow.com...ssword-in-dotnetnuke Apparently the UserController.UserLogin does not require that the password be supplied in the UserInfo passed to it. This surprised me.
Well, you should realise this method is probably used to login users the already have been authenticated. (which can be done using one of the DNN or a custom provider, so on "another level") Also as this is server side code, if an attacker / user can get to the point where they can execute this kind of code, they can already do whatever they want.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.