Developer forum

Hi Per

Are you using the AD external login provider with user syncronisation?

BR Nicolai

Yes we are.

Hi Per

When you use external login providers, the login action is handled by the external system and that is the same that handles the saving of usernames and password. It will no longer be Dynamicweb that takes care of the security of that.

So that is why it does not work. With FB, Google+ etc. the login is handled by those systems. With the AD it is handled by a provider we have made, and it does not save the username and password.

I've added an item for saving the username and password for the AD login as well. TFS#29245

BR Nicolai

Hi Nicolai
Does this mean this is coming in a later release and when?
Is there any fix/workaround we can use?

"I've added an item for saving the username and password for the AD login as well. TFS#29245"

Currently it will be in 8.9.2 which does not have a release date yet. Probably during February.

Possible workarounds

• Most browsers remember username and password for users
• Implement a javascript cookie based version - be aware about security.

BR Nicolai

Hi Nicolai

Do you have a date for the abowe function - the customer is eager to have it.

BR Per

Hi Nicolai

I can not se that 8.9.2 has been released - when will that be?
Is the above function in the 8.9.2 release or when can we expect it?

Our customer is asking about it...

Hi Per

It has been made for 8.9.2, but the release is not yet out and is has no release date planned.

BR Nicolai

So what can i tell our customer about a release date?

So what can i tell our customer about a release date?

Hi Per

We do not have a firm date yet. It might be March 21st

BR Nicolai

Hi Nicolai

The 8.9.2 is out.

Do we need to do anything to use the "Save password for AD login" function in templates or otherwise?

Just the same fields as you would normally use for save username, password and autologin.

BR Nicolai

Hi Nicolai

We have upgraded the site to 8.9.2.1 and login info is filled out in the login form but it does not login automatically. Are we missing something?

Template is attached.

Hi Per,
the autologin doesn't work because it saves the cookie with user name and password but they are user name and password from Active Directory but not from Dynamicweb, so at the next time when the autologin functionality starts the user is tried to be authenticated by Dynamicweb and it will fail since the user credentials are for AD.
To fix that problem you could use the normal login failed notification, which would indicate, that the user is not authorized by Dynamicweb, to launch an api call to the AD integration,
see the code for that attached.
Hope that will help.
Regards, Dmitrij

The links gives an 404 error.

Hi Per,
here is a source code:

using Dynamicweb.Notifications;
using Dynamicweb.Extensibility;
using Dynamicweb.Modules.UserManagement.ExternalAuthentication;
using Dynamicweb.Data.Integration.ERPIntegration;
using System.Web;

namespace Dynamicweb.Ecommerce.LiveIntegration.NotificationSubscribers
{
    [Subscribe(Standard.User.OnExtranetLoginFailed)]
    public class OnExtranetLogOnFailedObserver : NotificationSubscriber
    {
        public override void OnNotify(string notification, NotificationArgs args)
        {
            if (args == null)
                return;

            if (!(args is Standard.User.OnExtranetLoginFailedArgs))
                return;

            Standard.User.OnExtranetLoginFailedArgs item = (Standard.User.OnExtranetLoginFailedArgs)args;

            // ================
            // Trigger AD Login
            // ================

            var loginResult = new ExternalLoginResult();
            var webServiceURI = "http://myad.local.dynamicweb.dk/ADIntegrationService.asmx";
            var securityKey = "";
            loginResult.Success = ADServiceCaller.AuthenticateUser(webServiceURI, securityKey, HttpContext.Current.Request["Username"], HttpContext.Current.Request["Password"]);

            var login = new Security();
            login.LogInUsingExternalAuthentication(loginResult, true);
        }
    }
}

Thanks.
The code is for the login template? (we are only frontenders...)

Have you read the  thread above?
Nicolai wrote that we should use: Just the same fields as you would normally use for save username, password and autologin.

Hi Per,
that is not frontend template code, that is a code that needs to be compiled into dll and uploaded to the site bin folder (for direct autologin using AD).
This code is handling the case when the user failed to be authenticated by Dynamicweb, so it tries to login using the AD authentication.
That seems to be correct scenario as the AD users need to be authenticated using the AD but not Dynamicweb
(external users should be authenticated via external system)
And that logic seems to be correct, for example consider the case: you have stored Dynamicweb credentials(instead of the AD) and saved
them to the cookies, then during some time this user is removed/changed/deactivaed in AD, but due to the saved Dynamicweb credentials in the cookies he still can login even if his
AD permissions doesn't allow that.
So if you have problems compiling the code let me know your:
webServiceURI
and
securityKey
and I'll compile it for you.
Regards, Dmitrij

Hi Dmitri

We would like the solution to not be a custom solution.

The 8.9.2.1 upgrade should, as i understand it, provide the autologin function without custom backend code according to Nicolai P. and his comments in this thread.

The login info is put in the form from the cookie so all we need is the form to login automatically (validate and log in) when the page is loaded.

Hi Per,
on the frontend side it is possible to use the javascript to read the cookie values and then make a request to the external provider login page:
http://head.local.dynamicweb.dk/Admin/Public/Social/ExternalLogin.aspx?action=login&providerID=[Your AD Provider ID]
That page will look for Request(Username) and Request(Password) and try to authenticate the user from AD provider.
I've written some code to read the cookie values and make the request, but the open question which remains is the password Decryption, as it is stored in the cookies in the Encrypted way.
Maybe it is possible to use the Dynamicweb API "Dynamicweb.SystemTools.Crypto.Decrypt" to decrypt that, but I don't know how to call the server method from frontend html template.

 <!--@If(Global:Extranet.UserID==0)-->
<script type="text/javascript">

    function getCookie(name) {
        var value = "; " + document.cookie;
        var parts = value.split("; " + name + "=");
        if (parts.length == 2) return parts.pop().split(";").shift();
    }

    function getCookieValue(cookieName, keyName) {
        var cookie = getCookie(cookieName);
        if (cookie != null) {
            var c = cookie.split("&");
            for (i = 0; i < c.length; i++) {
                var part = c[i].split('=');
                if (part[0] == keyName) {
                    return part[1];
                }
            }
        }
        return null;
    }
    var xmlhttp = new XMLHttpRequest();

    xmlhttp.onreadystatechange = function () {
        if (xmlhttp.readyState == XMLHttpRequest.DONE) {
            if (xmlhttp.status == 200) {
                //handle the page response check if login was OK/Failed
            }            
        }
    };

    xmlhttp.open("GET", "http://head.local.dynamicweb.dk/Admin/Public/Social/ExternalLogin.aspx?action=login&providerID=7&Username=" + getCookieValue("DW_Extranet", "DWExtranetUsername") + "&Password=" + getCookieValue("DW_Extranet", "DWExtranetPassword"), true);
    xmlhttp.send();
</script>
<!--@EndIf-->
Regards, Dmitrij

I think maybe you are missing the point here

The function introduced in 8.9.2 takes care of the AD part (see above).
When the user loads the login in page the second time the username and password is filled out in the form and if the user clicks on login they are logged in.
So that part works fine.

Only thing we need is that they are logged in automatically without having to click the login button.

Please - we urgently need a solution to this.