Hi all,

I am quite new to DNN/.Net development so feel free to correct me as I go along.

I have started building an authentication provider that would use information obtained from the HTTP Header to "automatically" log the user into DNN. The idea would be to have DNN sitting behind some 3rd party access management tool (i.e. Siteminder). The user would authenticate into the 3rd party tool which would then redirect them to the DNN home page. When the user is authenticated with the 3rd party tool, a set of HTTP Headers are created. One element would be the user id of the person logged in (i.e. SM_USER).

The DNN Authentication Module would sit on the home page. When the page loads, the authentication provider would read what HTTP Header element to look for, obtain the user id from that element, and log into DNN with no intervention from the user. If, for some reason, DNN could not authenticate the user id, then the user would be redirected to another address provided in the settings area.

I have started a project on CodePlex but there was a server error of some sort and I will post the project that I have so far when I can. The intention would be to make it public domain and hope that it helps someone including myself. In the meantime, does anybody have any recommendations as to how to proceed?

Currently, I am having a problem just reading from the settings section of the module. Below is the login.ascx.cs file that I currently have. Any suggestions or comments would be appreciated. Thanks.

using System;
//using System.Collections;
using System.Collections.Specialized;
using System.Reflection;
using System.Web;
using DotNetNuke.Services.Authentication;
using DotNetNuke.UI.Utilities;
using DotNetNuke;
using DotNetNuke.Entities.Users;
using DotNetNuke.Security.Membership;
using DotNetNuke.Common;
using DotNetNuke.Common.Utilities;
using DotNetNuke.Entities.Modules;
using DotNetNuke.Services.Exceptions;


namespace IAPWS.Modules.HeaderAuthentication
{

public partial class Login : AuthenticationLoginBase
{

private string _appID;
private string _sHeader; // Used to identify what HTTP Header will contain the username of the pre-validated user.
private string _sUserName; // Used to store the actual username of the logged in user.
private string _sFailedLoginURL; // If authentication in DNN fails, where do I go? (HTTP Address)
private string _sLogoutURL; // When the user clicks logout, where do I go? (HTTP Address)
UserInfo objUser;
//bool bAmAdmin; // Is this person listed as an administrator?


#region Public Properties
public string AppID
{
get { return _appID; }
set { _appID = value; }
}

public string sHeader
{
get { return _sHeader; }
set { _sHeader = value; }
}

public string sUserName
{
get { return _sUserName; }
set { _sUserName = value; }
}

public string sFailedLoginURL
{
get { return _sFailedLoginURL; }
set { _sFailedLoginURL = value; }
}

public string sLogoutURL
{
get { return _sLogoutURL; }
set { _sLogoutURL = value; }
}

public override bool Enabled
{
get { return AuthenticationConfig.GetConfig(PortalId).Enabled; }

}

public string ReturnURL
{
get { return Null.NullString; }
}
#endregion

#region Private Methods
private void loginUser(string pUserName)
{
//Try and Log User into DNN
UserLoginStatus loginStatus = UserLoginStatus.LOGIN_FAILURE;

// Alterations to be done..
// user object will need to be populated.
UserInfo objUser = UserController.ValidateUser(PortalId, pUserName, "DNN", "", PortalSettings.PortalName, IPAddress, ref loginStatus);

//Raise UserAuthentication Event
UserAuthenticatedEventArgs eventArgs = new UserAuthenticatedEventArgs(objUser, sUserName, loginStatus, "DNN");

OnUserAuthenticated(eventArgs);
}
#endregion

#region Protected Methods

protected override void OnInit(EventArgs e)
{
base.OnInit(e);
}

protected override void OnLoad(EventArgs e)
{
// This is the key area..
// 1. Obtain HTTP Header marker to look for.
// 2. Using HTTP Header marker, obtain username.
// 3. Log user into DNN using username.


try
{

// 1. Obtain HTTP Header marker (i.e. SM_USER) to look for. Obtain the redirect to an error page.
AuthenticationConfig config = AuthenticationConfig.GetConfig(PortalId);
sHeader = config.HeaderVariable;
sFailedLoginURL = config.FailedLoginURL;

// 2. Using username header marker, obtain username from header.
NameValueCollection colHeaders = req.Headers;
sUserName = colHeaders.GetValues(sHeader);

// 3. Log user into DNN.
loginUser(sUserName);
}
catch (Exception exc)
{
HttpResponse res = HttpContext.Current.Response;
res.Redirect(sFailedLoginURL, true);

}
//base.OnLoad(e);
}

#endregion

}

}

Found what the problem was. Was using a completely wrong methodology for storing the settings information to begin with.

Thanks!