Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationCan LiveID be customized for my needs?Can LiveID be customized for my needs?
Previous
 
Next
New Post
6/4/2008 4:18 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102

While using Windows LiveID,  I need to (i) disable the Standard Login on the DNN login page in order for it to display only the LiveID login option (I guess this can easily be done by disabling the standard DNN login in host settings), (ii) to force Windows LiveID to go through the secure login by default (not the standard LiveID login) and (iii) to force an auto logout from DNN as well as Windows Live whenever the DNN Logout link is clicked (Currently, we have to logout from DNN as well as LiveID, necessitating 2 logouts with LiveID. I'd like to know whether (ii) and (iii) are possible and if yes, how?
 
New Post
6/4/2008 10:49 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

I'm not as well versed in the LiveID code as I should be and I think Charles is away so I don't know how soon I can get an answer for your questions for you.

For 1. you can disable the Standard DNN login on the Admin->Authentication page.
2. Do you mean on a secure page? If so, then if you create a secure page and place the login on there that should do the trick.
3. I'm not sure if this would require a core change or if you could override the Logout click to include LiveID.
 
New Post
6/5/2008 4:12 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102


Thanks, Mike. Yes I suppose Charles is away, but I hope he'll respond when he's back.

First off, I forgot to say that my DNN portal needs only admin and host accounts. No other users will be required now or in the future. So what I wanted was to secure the transmission of these 2 accounts'  passwords using the LiveID option.

I consider problem 1 as solved.

About problem 2- Let me clarify -- When I login using the LiveID option, I first get a warning that I'm about to get redirected to a connection that's not secure. Don't know whether this has any security implications, but I hope not! I click OK on the warning dialog. I'm then taken to the Microsoft LiveID site (http://login.live.com) and there I see a message like "Windows Live is not affiliated with www.dotnetnuke.com and will share with it only an anonymous ID" above the Signin section (although what this means, I've yet to find out). Now, below the Standard Signin there's a link, viz., Use enhanced security <https://login.live.com)

What I desired is this : (a) When I login to DNN using LiveID, I want to be redirected to the enhanced security (https://login.live.com) instead of to the standard Signin page (http://login.live.com) AND (b) I also want the things below to get disabled (at least make them invisible) on the secure Signin page :

Forgot your password,
Remember me on this computer,
Remember my password and
Use Standard Security.

I suppose there are ways of doing (a) from within DNN. I'd be glad if someone out there can tell me how.
As regards to (b), should I have to contact Microsoft?

About my problem No.3 - Well, I'm having the same questions as you!
 
New Post
6/5/2008 10:18 AM
 
Brandon Haynes Haynes


brandonhaynes.org
Joined: 2/6/2006
Posts: 1172

Hi Iadalang,

The LiveId site POSTs the login information to a SSL-enabled page (at https://login.live.com/ppsecure/post.srf).  Thus, credentials are never passed across an unsecured connection, despite the fact that the initial login page is served via unsecured HTTP.  This is a standard, secure setup and you should have no concerns about it.  I am unsure if the provider supports initial redirection to the LiveId site via HTTPS -- if it does not, I would suggest logging it as an enhancement in Gemini at http://support.dotnetnuke.com.  Again, however, you really do not need to be initially GET-HTTPS to be secure.  It's only the POST that matters.

I am not aware of a way to synchronize logouts between DNN's forms authentication and the LiveId site.  DNN does not support a Logout function at the provider level (I've requested this at http://support.dotnetnuke.com/issue/ViewIssue.aspx?id=4532&PROJID=2).  However, such a call would never be guaranteed to be executed, so it would only cover "some" cases at best.

You might be able to implement SOME synchronization via a modification to the Logout skinobject, but this would only cover explicit logouts.  You're probably just going to have to live with some DNN-LiveId decoupling.

Hope this helps!

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post
6/6/2008 8:32 AM
 
Iadalang Pyngrope

Joined: 6/20/2007
Posts: 102

This question might be more appropriately directed at Microsoft but I'm sure you can also explain - what's the difference between Standard login and Enhanced login if both were to go through an SSL-enabled channel anyway.

Actually what I wanted was to force admin/host accounts of DNN to login to LiveID only through the Enhanced Security option. This could be possible if the DNN provider supports redirection to this option as you said, but that's not enough. I also need to disable the option to click on Standard Security link as well as the other options I mentioned when the DNN user lands on Windows Live. But I guess that's beyond DNN's control?

 
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationCan LiveID be customized for my needs?Can LiveID be customized for my needs?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out