able to login to dotnetnuke with incorrect password

Question

able to login to dotnetnuke with incorrect password

401 views Asked by Sumesh Kuttan At 14 September 2024 at 03:38

I am able to login to dnn website with incorrect password. When i click on login button after typing incorrect password, it gives me the proper validation message. However, I am logged in because if I refresh or browse the site pages, I get access and I can see my screen name.

I am using dnn version 7.1.2

On login button click, I am using the below C# code:

var user = UserController.UserLogin(
            portalId, userName, password, string.Empty,
            portalName, ipAddress, ref loginStatus, checked);

Values for each :

portId = 0
ipAddress = ::1
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
var checked = false;

Below is the configuation for the membership.

<add name="AspNetSqlMembershipProvider" 
          type="System.Web.Security.SqlMembershipProvider" 
          connectionStringName="SiteSqlServer" 
          enablePasswordRetrieval="false" 
          enablePasswordReset="true" 
          requiresQuestionAndAnswer="false" 
          minRequiredPasswordLength="7" 
          minRequiredNonalphanumericCharacters="0" 
          requiresUniqueEmail="false" 
          passwordFormat="Hashed" 
          applicationName="DotNetNuke" 
          description="Stores and retrieves membership data from the local Microsoft SQL Server database"/>

Any help here. I checked the link mentioned below, which has the same core issue but havent got any solution from the suggestion there.

Programmatically login in dotnetnuke

Any suggestions or help would be appreciated a lot.

Thanks, Sam

Original Q&A

There are 1 answers

**Fix It Scotty** · Accepted Answer · 2014-11-12 23:42:31

This is what I do in my authentication provider:

var loginStatus = UserLoginStatus.LOGIN_FAILURE;
UserInfo user = UserController.ValidateUser(portalId, userName, password, string.Empty, string.Empty, Request.UserHostAddress.ToString(), ref loginStatus);

bool authenticated = (loginStatus == UserLoginStatus.LOGIN_SUCCESS || loginStatus == UserLoginStatus.LOGIN_SUPERUSER);
var eventArgs = new UserAuthenticatedEventArgs(user, user.Username, loginStatus, "DNN");
eventArgs.Authenticated = authenticated;
OnUserAuthenticated(eventArgs);

TechQA.

able to login to dotnetnuke with incorrect password

There are 1 answers

Related Questions in DOTNETNUKE-MODULE

Related Questions in DOTNETNUKE-7

Related Questions in DOTNETNUKE-SETTINGS

Popular Questions

Popular Tags

Trending Questions