RE: Email.User.PwToken ?

Peter Klünder

Posted on 29/09/2015 09:35:23

Hope someone can guide me, I have tried almost about everything to get this to work.
The username and pwtoken as its showen in the placeholders is setup and is sent out in the test mail.

I have then setup a page with permission only for the group containing the users, but the user is not logged in no matter what I do. If I type in the username and password it works but not with the pwtoken in the url, and cant seem to find any info on how to set it up

Best regards
Peter

Replies

Nicolai Høeg Pedersen

Posted on 29/09/2015 12:22:14

Hi Peter

In order to login using a password token, you need the following in the URL:
?Username={userName}&PwToken={userToken}

The token is calculated in one of 2 ways depending on your encryption settings in MC, Modules, Control Panel, User management - see dump.

If the solutions is configured to use MD5, the token is calculated like this:

Base.MD5HashToString(password & "DwSecret")

If the solutions is configured to use SHA512, the token is calculated like this:

Dim hash As New Hash(System.Security.Cryptography.SHA512Managed.Create())
Return hash.GetHash(password, "DwSecret")

The password you pass into the hashing, must be the value stored on the password field in the database (Table AccessUser, field AccessUserPassword). The value in the database will probably also be hashed, and you just pass the hashed value directly from the databas so you get a double hashing.

BR Nicolai

Peter Klünder

Posted on 29/09/2015 12:48:04

Hi Nicolai

The Url i already have like default.aspx?id=someid&Username=pk@email.dk&PwToken=6a93f05968c4f15917cde3502fe148a46d

its the page or paragraph rights I cant get it to login automatically. The placeholder page describes the link setup, but what ever I set in page or paragraph rights It will not login.

Search all over but cant seem to find any info on the subject other than the placeholder page and that works fine.

My understanding of the matter is that I can set login rights on a page and if the user visits that page with the above link they will be logged in. am I wrong ?

I'm not encrypting anything I use the tags delivered by DW

Best regards
Peter

Nicolai Høeg Pedersen

Posted on 29/09/2015 16:04:20

Hi Peter

No matter what page you visit with that URL will log the user in if the credentials are correct. That happens as one of the first things in the page cycle.

When logged in, the user will be shown the content he or she has access to.

You can add a tag to the layout template to see if a user has been logged in, i.e. Global:Extranet.UserName.

My guess is that your token is wrong.

BR Nicolai

Peter Klünder

Posted on 07/10/2015 09:40:51

HI Nicolai

I have now testet it with global extranet username and id to see if the page lists the info

I use the {{ pwtoken }} and so on from email marketing. If the token is wrong theres something from emailmarketing that messes with it, I only use the standard setup nothing selfcoded.

The extranet username and ID is empty

http://degngrafisk.dk/default.aspx?ID=3057&Username=pk@degngrafisk.dk&PwToken=6a93f05968c4f15917cde3502fe148a46ddcbc5e221d4205a81d3051bccc9d23

this is what the system generates for me

Best Regards
Peter

Oleg Rodionov

Posted on 08/10/2015 07:22:12

This post has been marked as an answer

Hi Peter,

Actually, it's issue of your solution. Please, have a look at the screen attached. There is a matter with the same username in your DB, so it's cause the bug, probably. I've tested the feature with another new user created (belongs the same user group) and have good results, please check http://degngrafisk.dk/Default.aspx?ID=3057&UserName=pktest1@degngrafisk.dk&PwToken=5e71eb2e92936c1ab0ff792f25b7cfb6

BR, Oleg QA

Votes for this answer: 1

Peter Klünder

Posted on 08/10/2015 08:29:41

Hi Oleg

Thanks for the swift reply, It works wohoo did not see that user and had to delete it through firehose :o)

Best Regards
Peter

You must be logged in to post in the forum

Developer forum

RE: Email.User.PwToken ?

Replies