Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD Provider logs out DNN accounts when using the Auto-login IP settingAD Provider logs out DNN accounts when using the Auto-login IP setting
Previous
 
Next
New Post
2/19/2009 10:18 PM
 
Nick

Joined: 10/15/2007
Posts: 2

I wanted to point out an issue with the AD Provider in hopes that it can be fixed in a future release.

We are running DNN 4.9.0 w/ AD Provider 01.00.04. We use mixed mode authentication with Integrated Windows Authentication for intranet users based on the Auto-login IP setting. Some intranet users occasionally need to use DNN accounts instead of their AD accounts, so they log out and manually log in with a DNN account. We found that the AD Provider was automatically reauthenticating these users with their AD account after exactly one hour. This occurred whether or not they were inactive and whether or not “Remember Login” was checked.

The culprit is the authentication.status. cookie timeout set inside the AD Provider. When the cookie expires the provider forces AD authentication to occur by redirecting the user to WindowsSignin.aspx because it considers the authentication status to be undefined. My current workaround is to recreate the cookie and set no expiration so that it lasts for the entire session. If the user checks “Remember Login” I set the expiration to PersistentCookieTimeout from web.config. This seems to make DNN account logins work like they should for internal users instead of kicking them out after an hour.
 
To do this I added the following code to /admin/Authentication/Login.ascx.vb right after UserController.UserLogin is called to complete the login.
 
 ---------------Begin Code----------------
Dim authCookies As String = "authentication.status." & PortalId.ToString
 
If Not Request.Cookies(authCookies) Is Nothing Then
                Dim Status As String = System.Web.Security.formsAuthentication.Decrypt(Request.Cookies(authCookies).Value).UserData
                Dim Expiration As DateTime = DateTime.Now.AddMinutes(60)
 
                If chkCookie.Checked Then
                                If Not DotNetNuke.Common.Utilities.Config.GetSetting("PersistentCookieTimeout") Is Nothing Then
                                                Dim PersistentCookieTimeout As Integer = Integer.Parse(DotNetNuke.Common.Utilities.Config.GetSetting("PersistentCookieTimeout"))
 
                                                If PersistentCookieTimeout <> 0 Then
                                                                Expiration = DateTime.Now.AddMinutes(PersistentCookieTimeout)
                                                End If
                                End If
                End If
 
                ' expire
                Request.Cookies(authCookies).Value = Nothing
                Request.Cookies(authCookies).Path = "/"
                Request.Cookies(authCookies).Expires = DateTime.Now.AddYears(-1)
 
                Dim AuthenticationTicket As New System.Web.Security.formsAuthenticationTicket(1, authCookies, DateTime.Now, Expiration, chkCookie.Checked, Status)
 
                Response.Cookies(authCookies).Value = System.Web.Security.formsAuthentication.Encrypt(AuthenticationTicket)
                Response.Cookies(authCookies).Path = "/"
 
                If chkCookie.Checked Then                             
                                Response.Cookies(authCookies).Expires = Expiration
                End If
 
End If
 --------------- End Code -----------------
 
 
New Post
2/19/2009 11:17 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

For the 01.00.05 release I added code that checks if the user is a Host or Admin user and bypasses the authentication process if they are. Does this satisfy your needs?

The changes you've made are part of the core code which I have no control over and would need to be submitted to the core team.
 
New Post
2/19/2009 11:36 PM
 
Nick

Joined: 10/15/2007
Posts: 2

Unfortunately it wouldn't help because our users are not granted Host or Admin access. They are just assigned to other less-privledged DNN roles that their AD account should not belong to. The code would need to bypass the authentication process if the user is logged in under any DNN account not just Host or Admin users.  This would eliminate the undesirable effect of being automatically logged into the AD account when already logged in under a DNN account.
 
New Post
2/20/2009 11:23 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Well darn. I'll have to see if I can figure out another way of doing things. I've got some ideas but it'll have to wait until the code rewrite before it could be implemented I think.
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD Provider logs out DNN accounts when using the Auto-login IP settingAD Provider logs out DNN accounts when using the Auto-login IP setting


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out