Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Code Request - Could somebody make this please?Code Request - Could somebody make this please?
Previous
 
Next
New Post
11/29/2006 6:34 PM
 
Shawn Duggan


www.t4g.com
Joined: 8/19/2005
Posts: 303
timtimtimtimtim wrote
I think I might contact a programming house to come up with something..


Hey Tim - drop me a line at shawn at bluetango dot ca .  We can probably work something out.  What you're asking is pretty simple.
Shawn Duggan MCPD
BlueTango Software - Canada Web Content Management
Website Design | DotNetNuke Hosting | DotNetNuke Tips and Tricks Blog
AuthIntegrator - The Easy Way To Integrate DNN and ASP.NET Applications
KeepAlive - Why Should Your Site Be Slow?
 
New Post
12/1/2006 8:14 AM
 
Shawn Duggan


www.t4g.com
Joined: 8/19/2005
Posts: 303
After spending some time looking at the problem, I have to eat my words a little on this one.  Without an understanding of how the password salt is being used, or if an initialization vector is in play, the passwords I encrypt will not decrypt properly by the membership provider, nor can I decrypt existing passwords.  I guess that is what makes asp.net passwords secure. 

A less elegant solution would be to create the new user by cloning the password and password salt of an existing user (whose password you do know), then make the new user change their pw on first login.
Shawn Duggan MCPD
BlueTango Software - Canada Web Content Management
Website Design | DotNetNuke Hosting | DotNetNuke Tips and Tricks Blog
AuthIntegrator - The Easy Way To Integrate DNN and ASP.NET Applications
KeepAlive - Why Should Your Site Be Slow?
 
New Post
12/1/2006 10:04 PM
 
timtimtimtimtim timtimtimtimtim

Joined: 11/20/2004
Posts: 358
Here is an idea to make this a lot easier IMO.

Make the EXE simply log onto the DNN website as an admin, and then manually create an account, and then place it into the correct DNN Roles?

Wouldn't that be a lot easier? 

Let me know what you think!

Thanks,
Tim
 
New Post
12/1/2006 10:42 PM
 
Shawn Duggan


www.t4g.com
Joined: 8/19/2005
Posts: 303
I'm not sure what you mean. 

An EXE (aka console application) can only log into the database and perform actions.  I can certainly create accounts in the proper roles via command line in the database, but I cannot easily replicate exactly how the MembershipProvider creates its encrypted passwords and encrypted password salts, nor know how they are used in the encryption/decryption routines.  This means when you try to log in with a new account I create, the MembershipProvider will not be able to decrypt the newly created password.  You won't be able to log in.

I went as far as to throw the System.Web.Security.dll into .NET Reflector and checked out the methods....but pursuing that path would take time, and may not prove fruitful.  You're basically asking someone to hack ASP.NET's security (albeit the server and database would have been compromised already).

I don't think this is something I wish to pursue.  Such a tool, if it existed, could be used maliciously.

I'll eat crow on this one.  It isn't as easy I thought it was.  Let the public flogging begin.
Shawn Duggan MCPD
BlueTango Software - Canada Web Content Management
Website Design | DotNetNuke Hosting | DotNetNuke Tips and Tricks Blog
AuthIntegrator - The Easy Way To Integrate DNN and ASP.NET Applications
KeepAlive - Why Should Your Site Be Slow?
 
New Post
12/1/2006 10:46 PM
 
timtimtimtimtim timtimtimtimtim

Joined: 11/20/2004
Posts: 358
I thought about this a little bit more and I think it would be *very* easy using the method I mentioned.

What I mean is make your console application access the DNN website over the web interface.  So make the console application go to www.domain.com, then log in as an admin, then navigate to the account creation screen, fill in the info, submit it, then go to the security role and make a modification.

That should be very, very easy to create. 

Thoughts?
 
 Page 2 of 5
Previous123...5Next 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Code Request - Could somebody make this please?Code Request - Could somebody make this please?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out