Developer forum

Forum » CMS - Standard features » Password protected feed?

Password protected feed?

Anders Ebdrup
Anders Ebdrup
Reply

Hello,

 

Does anyone know a standard way to some sort of password protect a product feed? We need this to expose a feed which includes cost prices for the products.

 

Best regards, Anders


Replies

 
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Reply

Hi Anders,

I have had a similar problem before and I have posted my question here: https://doc.dynamicweb.com/forum/cms-standard-features/cms-standard-features/authenticate-user-from-url

The approach of using the PwdToken works well as long as it does not interfere with the PasswordReset.

I have instead used a suggestion from Dmitrij

One approach I was using was to create a token based on the username, use that token in the url and based on the token, retrieve the UserObject and authenticate it.

It was something like this:

var encryptedUserid = HttpContext.Current.Request.Params["UserId"];
    if(encryptedUserid != "")
    {
    var userid = Dynamicweb.Security.SystemTools.Crypto.Decrypt(encryptedUserid);
    var userid_int = userid != "" ? Convert.ToInt32(userid) : 9999999;
    var user = User.GetUserByID(userid_int);
    var currentUser = Dynamicweb.Security.UserManagement.User.GetCurrentExtranetUser();
    var products = Model.Products;
        if(currentUser == null)
        {
            if(user != null)
            {
            var originalPasswordStringFromDatabase = user.Password;
            user.Password = "YourPasswordHere";
            user.Save();
            //var security = new Dynamicweb.Frontend();
            //security.ExtranetLogin(user.UserName, "YourPasswordHere");
            var security = new Dynamicweb.Frontend.LogOnHandler();
            security.LogOn(user.UserName, "DmitrijsSecretTempPassword");
            user.Password = originalPasswordStringFromDatabase;
            user.Save();
                @Renderproducts(products)
            } else {
                <p>Invalid User</p>
            }
        } else {
            @Renderproducts(products)
        }
    } else {
        <p>Invalid URL</p>
    }

I hope it helps.

Adrian 

 
Anders Ebdrup
Anders Ebdrup
Reply

Dear Adrian,

 

Thank you very much.

I am looking for a standard way to handle this as password protecting and setting permissions on the page does not help. As we cannot be the only partner looking for this feature, then I am hoping for a way to handle this without having to code :-)

 

Best regards, Anders

 
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Reply

Hi Anders,

I understand. I was hoping the same when I posted it the first 3 times :)

I am definitely supporting this initiative 

+1

Adrian

 
Nicolai Pedersen
Nicolai Pedersen
Reply

If you use the "Password" on a page - not permissions, but simply a password, you can query the page like this: ?ID=123&Password=notVerySecret

Setup password: https://doc.dynamicweb.com/documentation-9/content/content/pages#3242

If you use permissions, and want to login a user, you can use token login like this: ?ID=123&Username=np&PwToken={token}

{token} = Dynamicweb.Frontend.LogOnHandler.GetLoginToken(userName, password);

Simply get a user object and pass it the value of user.username and user.password

 
Anders Ebdrup
Anders Ebdrup
Reply

Dear Nicolai,

 

I cannot get the Password function to work when we set a "Content type" to e.g. "text/xml" on the Page properties.

Am I missing something here?

 

Best regards, Anders

 
Nicolai Pedersen
Nicolai Pedersen
Reply

Just tested this with text/xml:

http://r4.master.public2.dynamicweb.dk/somepage?password=np

Works fine...?

 
Anders Ebdrup
Anders Ebdrup
Reply

Are the link supposed to work for me? I am getting a 404

 
Nicolai Pedersen
Nicolai Pedersen
Reply

No - that link does not work. It was a local test.

 
Anders Ebdrup
Anders Ebdrup
Reply

Dear Nicolai,

 

I think that I am a bit closer now! The issue arise when we are using "Use in url" (https://www.screencast.com/t/s2geIvxJ), then the password functionality does not seem to work.

 

Best regards, Anders

 
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Reply

Hi Nicolai,

Will there be any plan to support restrictions on a feed? I can see a lot of situations where a feed should be available only to specific customers or customer groups.

The way it is now, anybody can change the ID of the feed and will get access without any issues.

If it's necessary, I can add this as a Feature Request.

Thank you,
Adrian

 
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Reply

Hi Anders,

I have managed to create a template for a feed and secure it using the Advanced Permissions functionality.

It will require having a user folder (because the permissions are per User group) but it does the job.

Let me know if you (or anybody else) have any use for it and I will post it here.

Adrian

 

You must be logged in to post in the forum