DotNetNuke URL Authentication
If you have a web application from which you want a user to be transparently authenticated to a DNN 4.x portal, you can do it quite easily using a URL. Assuming a scenario where the usernames/passwords are synchronized, an easy way to accomplish this is as follows:
1) Have a link or button on the web application which contains the username and password. Now, it goes without saying that you do not want this in plain-text and should encrypt both and share the key between the web app and the DotNetNuke portal. A good solution for this is Secure Query Strings. Since the referenced article does a great job of explaining how these work, I will not dwell on the topic.
2) At the receiving end (i.e. the DotNetNuke portal), you need an entry-point. A dedicated ASPX page is a logical choice. The code for the page needs to grab the querystring parameters and decrypt them. Once this is done, you have the credentials necessary to authenticate the user. The below code should do the trick:
using System;
using System.Web;
using DotNetNuke;
using DotNetNuke.Entities.Portals;
using DotNetNuke.Security;
using DotNetNuke.Common;
namespace DotNetNuke.RemoteAuthentication
{
public class DnnAuthentication
{
public static bool Authenticate(
string username, string password)
{
PortalSettings portalSettings = (PortalSettings)
HttpContext.Current.Items[“PortalSettings”];
PortalSecurity portalSecurity = new PortalSecurity();
string ipAddress =
HttpContext.Current.Request.UserHostAddress;
if (portalSecurity.UserLogin(
username,
password,
portalSettings.PortalId,
portalSettings.PortalName,
ipAddress,
false
) == -1
)
return (false);
else
return (true);
}
}
}
The above solution is trivial and is going to be practical in a limited number of situations. However, it can be a good starting point for a more robust solution which may also include creating the user account automatically on the DotNetNuke portal.
