Developer forum

Hi,

So no brilliant ideas anyone?

Nuno

Hi Nuno,

What do you mean by "he need's the password to be dynamic"?

Whats your current working solution? Standard page password and extranet login or something else?

Hi Morten,

Basically, I have to check if the password is valid against a specific table per website. But the password should only get them so far, because later they should need to login (extranet) to shop and check previous orders.

So I need to catch the password arg, check if it's a valid password and let Dynamicweb take over.

The problem is that the password module/feature expect a string, and I need to check it against an array of values or partial value (password = e-mail ; if domain is valid, then user can see website)

Nuno

Aren't you basically talking about your OWN login (with no regards to Extranet login) that you use for "master" validation, and then followingly you perform an Extranet login (or reject if password is not valid)?

And if "master" password is valid, should the user then followingly login with ordinary username/password?

Regards /Snedker

This solution requires that you setup standard extranet permissions and then give access to extranet users that you can use for actually logging in (one user per site).

You can use a custom extranet login template that only contains a "sitepassword" field (don't include "username" or "password" fields as they will trigger the standard login).

I hope that the following snippet of code can give you an idea of how to implement your custom login, but I have NOT tested this code, so I can't guarantee that it actually works :)

public override void OnNotify(string notification, NotificationArgs args)
{
    var parameters = args as LoadedArgs;

    // Get the current pageview
    var pageView = parameters.pageview;

    // Get the password that was submitted in the custom login form
    var password = Base.Request("sitepassword");

    if (IsValidPassword(password, pageView))
    {
        // Get an existing extranet user with a username matching the current area id
        var user = User.GetUserByUserName("Area" + pageView.AreaID);

        // Log in
        var security = new Security();
        security.ExtranetLogin(user.UserName, user.Password);
    }
}

private bool IsValidPassword(string password, PageView pv)
{    
    if (string.IsNullOrEmpty(password))
    {
        return false;
    }

    // TODO: Verify that password exists in custom table - maybe also use pv.AreaID or something
}

And the login template to use with it...

<form action="" method="post">
    <label>Password: <input name="sitepassword" value="" type="password" /></label>
    <input type="submit" value="Login" />
</form>

Let me know if this works for you :)

Morten Snedker,

Yes, you are right. The best idea was to simulate the password procedur, but I can't find the correct notifications for it.

Morten Bengtson,

Your idea is great, but I cannot use it, because:

  - custom "password" validation should give access to some pages/contents

  - extranet password is needed to some special pages

Currently I achieve this by setting up password in all pages + extranet permissions in special pages.

If there was a notification to manage the password feature, instead of the extranet login. Maybe if I use the Dynamicweb.Notifications.Standard.Page.Loaded notification, check for the password and if valid, change the arg to the static value for the page, it might just work!

I'll give it a try, but thanks for the input.

Nuno

Hi Bergtson,

Dumb me... I will give it a go as well. Thanks a lot

Nuno

Couldent you just use Dynamicweb User Groups? And a Customfield on the user? So if user inputs myspecialfieldinput into your customfield then move user to group X instead of Y ?