able to login to dotnetnuke with incorrect password

384 views Asked by At

I am able to login to dnn website with incorrect password. When i click on login button after typing incorrect password, it gives me the proper validation message. However, I am logged in because if I refresh or browse the site pages, I get access and I can see my screen name.

I am using dnn version 7.1.2

On login button click, I am using the below C# code:

var user = UserController.UserLogin(
            portalId, userName, password, string.Empty,
            portalName, ipAddress, ref loginStatus, checked);

Values for each :

portId = 0
ipAddress = ::1
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
var checked = false;

Below is the configuation for the membership.

<add name="AspNetSqlMembershipProvider" 
          type="System.Web.Security.SqlMembershipProvider" 
          connectionStringName="SiteSqlServer" 
          enablePasswordRetrieval="false" 
          enablePasswordReset="true" 
          requiresQuestionAndAnswer="false" 
          minRequiredPasswordLength="7" 
          minRequiredNonalphanumericCharacters="0" 
          requiresUniqueEmail="false" 
          passwordFormat="Hashed" 
          applicationName="DotNetNuke" 
          description="Stores and retrieves membership data from the local Microsoft SQL Server database"/>

Any help here. I checked the link mentioned below, which has the same core issue but havent got any solution from the suggestion there.

Programmatically login in dotnetnuke

Any suggestions or help would be appreciated a lot.

Thanks, Sam

1

There are 1 answers

2
Fix It Scotty On BEST ANSWER

This is what I do in my authentication provider:

var loginStatus = UserLoginStatus.LOGIN_FAILURE;
UserInfo user = UserController.ValidateUser(portalId, userName, password, string.Empty, string.Empty, Request.UserHostAddress.ToString(), ref loginStatus);

bool authenticated = (loginStatus == UserLoginStatus.LOGIN_SUCCESS || loginStatus == UserLoginStatus.LOGIN_SUPERUSER);
var eventArgs = new UserAuthenticatedEventArgs(user, user.Username, loginStatus, "DNN");
eventArgs.Authenticated = authenticated;
OnUserAuthenticated(eventArgs);