Ok, i'm trying to implement a web service that allows users to log in using the same database as the website. From what i've noticed, passwords are kept in the Membership table, and in the web.config file, it appears they're encrypted using 3DES.

I've tried decrypting the passwords using the 3DES method with the provided decryption key in the web.config file, but i'm missing the initialisation Vector used to encrypt. I've also tried adding the DotNetNuke libraries and adding the connectionstring and machinekey and the rest of the required stuff to the web.config file used by the web service, but the UserLogin method fails. I've also noticed there's a salt value in the database, associated with each password.

Anyway, any ideas as to how i could use the login from within an external application ? All i need is a way to verify the identity of the user, because the rest of the stuff will be handled through my own external tables and methods.


Thank you in advance, and sorry if i'm beginning to be a pain in the a*s :D

Actually I've added the references in the web service, and called the method, but it fails. I suspect i may be missing something in the web service's web.config file, as it is not the same one as DNN's ...


Any idea about what specific config elements it requires from the web.config file ?

Actually i've been looking into the IWEB modules for a few of days now :) In the meantime i've managed to build the web service in the same directory as DNN so that the libraries could read the web.config file with all the proper settings. The issue was in the section, as i needed to place the codebehind file in a separate directory, so i added it and now i can use it fine with the ValidateUser() method. I'm developing in C# so the codefiles couldn't build together in the same directory.

Anyway, IWEB looks really interesting and i'm probably going to start using it for the website. The web service was required so that the users could log in from an external app using the same credentials.