New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationControlling Automatic Creation of New Users in DNN 3.2Controlling Automatic Creation of New Users in DNN 3.2
Previous
 
Next
New Post
4/3/2006 10:32 AM
 
Nathan Truhan

Joined: 7/30/2003
Posts: 27

All,

Since DNN 3.2 has entered with tighter AD integration, I noticed one slight flaw in the archicture.  At least from my point of view.

When a new user is authenticated via AD, the system checks if the user exists, if not it AUTOMATICALLY adds them as a user to the site.

This is good for an internet site, or a company wide site, however for smaller departmental intranets, this can pose a problem as you don't want users from another department accessing your sites.  One way to do this is to change the File Structure security underneath the site to narrow the access, although this restricts access to all portals sharing the same code location.

I used this method in DNN 3.1.1, but have taken a different approach in DNN 3.2.

I have made a few CORE changes to enable a checkbox to be added to the AD module, which states to automatically create new users.  It defaults to checked, which has the same effect as the current core.  If you remove the check, it will NOT automatically authenticate the user, but set them as an unauthorized user, in the way the non AD modules do, where you can add a module to your home page for non authorized users stating this is a private site, etc....

I have a screen shot of the addition here: http://www.registrars.kent.edu/home/dotnetnuke/ADCoreMod.gif

I have also created a zip file of the files that were changed with documented changes, and the screenshot.  This can be found here:
http://www.registrars.kent.edu/home/dotnetnuke/dnn32ad.zip

This has only been changed on DNN 3.2 since I do not run DNN 4.x yet, although, performing a diff on the files from their origional versions, the code should be fairly easy to implement on DNN 4 as it is basically an IF statement wrapper checking for that flag before adding the user.

Note: That this IS a CORE change, and has the possibility of being overwritten when another core is released. 

To The CORE TEAM, this is a small incremental change that could be easily implemented and provides a little more security control over an AD site, without affecting the origional functionality of the site.  Please consider adding this small change to the AD core.
 
New Post
9/19/2006 10:01 AM
 
Nathan Truhan

Joined: 7/30/2003
Posts: 27

Has Anyone else tried this? or find that it is usefull?

Is there any way I can make some kind of official request to have this added to the core?

I finally made the plunge to upgrade from 3.2 to 3.3.4 (getting ready for 3.3.5) and still no sign
of this change .  The only differences than the one from above is I am now using a DNNLabel for the Auto-Create users checkbox and using the resources file to store the text.

This is not a bug, per se, so I don't think it does in Gemini, although I do see a section for new requests there, but no requests outstanding.

Thank you,

Nathan
 
New Post
9/19/2006 11:05 AM
 
Daniel Struve


Daniel Struve's Avatar

Joined: 2/11/2003
Posts: 475

There has been a lot of changes since 3.2 I wouldnt be surprised if it breaks somethign you did.

You might want to check it out.

DotNetNuke Search Engine
ASP.Net Search Engine
Email me to add your favorite sites to the search List.
 
New Post
9/20/2006 2:24 PM
 
Nathan Truhan

Joined: 7/30/2003
Posts: 27

Well,

I had implemented in 3.3.5 without any issues.  And just to make it easier for all, I have created
a new zip file containing the changes made.  http://www.registrars.kent.edu/home/DotNetNuke/dnn335ad.zip

There are only 5 files (including the resource file) that have changed which are organized in their proper folder location in the zip file.  There is also an updated screen shot showing the checkbox. 

Basically it adds another property to the Authenticaiton form, then in the controller when it goes to create a new user, it will see if that check has been set before it creates the user.  Otherwise it will not and return an access denied as if you weren't using AD.  If you have never configured this new property, it assumes it was checked if it cannot find the value and will therefore work as it does now, automatically creating new users.

Since DNN 3.2, when AD was integrated in the core, it was even easier to make the changes.  Take a diff of the files to see that not much has changed.
 
New Post
10/9/2006 12:27 PM
 
Nathan Truhan

Joined: 7/30/2003
Posts: 27

All,

I have found a slight bug in the Auto Create Users Logic.  There is a modification that also needs done to the SignIn.aspx.vb page under admin\security. 

Inside the WindowsAuthorization function,

Change the following:

If (Not objAuthUser Is Nothing) AndAlso (objUser Is Nothing) Then

' Add this user into DNN database for better performance on next logon

Dim createStatus As UserCreateStatus

Dim objAuthUsers As New DotNetNuke.Security.Authentication.UserController

createStatus = objAuthUsers.AddDNNUser(objAuthUser)

_userID = objAuthUser.UserID

' Windows/DNN password validation should be same, check this status here

strMessage = UserController.GetUserCreateStatus(createStatus)

To:

If (Not objAuthUser Is Nothing) AndAlso (objUser Is Nothing) Then

Dim _config As DotNetNuke.Security.Authentication.Configuration = DotNetNuke.Security.Authentication.Configuration.GetConfig()

If _config.AutoCreateUsers Then

' Add this user into DNN database for better performance on next logon

Dim createStatus As UserCreateStatus

Dim objAuthUsers As New DotNetNuke.Security.Authentication.UserController

createStatus = objAuthUsers.AddDNNUser(objAuthUser)

_userID = objAuthUser.UserID

' Windows/DNN password validation should be same, check this status here

strMessage = UserController.GetUserCreateStatus(createStatus)

End If

 

The BOLD lines are the additions.  This will also wrap the Login.aspx page's Login Button functionality.  Without this, if you have auto Create Users turned off, they may be redirected to the Login control and if they would click Login, it would still create an empty account for caching purposes.  However, this account lacks a few properties, such as Full Name and Email address, so it also causes the User Accounts Control to error out.

Wrapping the inside of the If statement with the check for the auto create users, will not auto create the cached account and return a username/password error like it should.

I have updated the zip file for any new users who implement this.

 

 
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationControlling Automatic Creation of New Users in DNN 3.2Controlling Automatic Creation of New Users in DNN 3.2


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.