Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...How to prevent user changing password/profileHow to prevent user changing password/profile
Previous
 
Next
New Post
5/17/2006 9:31 AM
 
Jeff King

Joined: 1/28/2003
Posts: 57

Is there any way in DNN 3.2.2 to prevent a single, specific user from changing their profile and/or password?

I have a site where there is a single "all members" type login so the members can access the "members only" content without resorting to assigning every person their own unique username/password.  Well, even with reminders, someone is changing the password.  Is there a way to config a specific user so that they cant change their password? Even if I have to manually update the database like inside ASPNET tables, I would do that.

 

Thanks for any ideas.
 
New Post
6/7/2006 8:11 AM
 
Audun Dahl

Joined: 10/18/2003
Posts: 6

Hi, I don't have a quick fix for you, but more a suggesion to how to proceede. Given that you don't use the AD-integrated authentication, but instead uses plain DNN you should be able to achive what you want by using a SQL-server trigger on the "aspnet_Membership" database. The trigger should be of type "AFTER-trigger", and should simply check if there is an attempt to update a given userID, and if it's a match with the userID of your "common" user, it should simply rollback the update. The userID for your user you can find in the table "aspnet_Users".

Instead of hardcoding the userID in the trigger you could of course add a new table to the database where you store the Username of you "special" account. By doing so you can achieve two things - first you can remove the "common" user by simply removing the record in the table, and second - you can have several accounts that are "locked".

If you choose to implementing such a solution you should remember that it will disable all editing of the targeted account - even from the superuser. This means that you might have to remove the trigger in order to change the password of the user. (Based on security considerations you should never keep the same password for eternity).

Finally a disclaimer: I have not tried this myself yet, therefore I will absoulutely not give any guaranty that this will work, and that it won't mess up the rest of your DNN installation (so do not try it on a production system!).

I will however test it out when I have time. I'm currently working on a custom module that will enable automatic access to the portal based on the IP-address of the request, and in that solution I will need the same functionality as you describes.

If you need more information about triggers in SQL Server you can look at http://www.sql-server-performance.com/nn_triggers.asp or simply do a google for "sql server" and "trigger".

Hope that this can help you on your way to achieve your goal.

Regards

Audun
 
New Post
6/7/2006 9:27 AM
 
Jeff King

Joined: 1/28/2003
Posts: 57

I cam up with another solution to this that I believe works as well. It takes some carefull setting of users and roles but it seems to work.  It does not address your IP address allowed concept but it does not require modifying the SQL schema either.

In DNN default installation, when the user clicks on their name in the upper right to edit their profile, it takes them to a blank page and programmatically adds the User Profile module to this blank page.  As an option, the DotNetNuke software lets you define a specific page the user is shown when he clicks on his name instead.  So, the short description of how to do this is:
 
1. Create a new security role for those user(s) who you do not want them to be able to edit their profile. Say, "NoProfileEditRole"
2. Create a new page named "User Profile".  Mark as hidden so it does not show in menu.
3. Add the "User Profile" module to this new User Profile page. Set the module settings as viewable by all security roles except NoProfileEditRole, All Users, Registered Users and UnAuthenticated users.
4. Add a TextHTML block to top of page that says "Sorry you cant edit your profile" or similar. Mark as viewable only by NoProfileEditRole
5. Add the targeted users to the role "NoProfileEditRole".
6. Change site settings, Admin menu, Advanced "User Page" to the new User Profile page.
 
 
New Post
6/7/2006 11:52 AM
 
Claudiu Farcas

www.friendsoftware.ro
Joined: 6/16/2004
Posts: 39
Yes jking078.
Nice and clean.

Also, in addition,  you forgot to tell that we also must add a "ProfileEditRole" defined public: no and auto: yes.
And remove desired "no profile edit" users from it.
And set "User Profile" module setting permision only to "ProfileEditRole" role.

Done.
Indeed, nice and clean..

Thanks jking078 for tip.
Claudiu Farcas

FRIEND SOFTWARE
FRIEND SOFTWARE - business solutions for you ...
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...How to prevent user changing password/profileHow to prevent user changing password/profile


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out