Developer forum

Forum » Development » How to disable single-sign on?

How to disable single-sign on?

E-mail notifications
Evaldas Raisutis
Reply
Posted on 31/08/2017 09:14:00

I can see that users are automatically logged in url's  query strings "username" and "password" are set. How can I disable this?

We are working on a third-party OCI login, where we need to do some preproccessing and validation before we login a user. However, if they pass "username" and "password", then DW seems to login the user and my code never runs ( I have a .ashx endpoint, which then should return an authentication token valid for a number of minutes )


Replies

 
Nicolai Pedersen
Posted on 31/08/2017 09:49:31
Reply
This post has been marked as an answer

Hi Evaldas

You cannot disable that.

But you can make a notification subscriber that listens to Notifications.Standard.User.OnBeforeExtranetLogin that will execute just before the login procedure is executed.

The arguments passed contains the username and password coming in, and you can abort the login procedure by makeing a redirect or something like that.

BR Nicolai

Votes for this answer: 1
 
Evaldas Raisutis
Posted on 31/08/2017 11:22:14
Reply

Hi Nicolai,

Hmm, I can see that the same happens if I make an HTTP POST request with form data, containing "Username" and "Password". How should I go about preventing that? I can't redirect a POST request.

- Evaldas

 
Nicolai Pedersen
Posted on 31/08/2017 11:56:35
Reply

Of course you can :-)

 
Nicolai Pedersen
Posted on 31/08/2017 11:57:11
Reply

Except if you want to redirect to another post...

 
Evaldas Raisutis
Posted on 31/08/2017 12:05:49
Reply

Well, yes, that's what I meant. We'll try to make due. 

But it would be nice if it were possible to disable this functionality in future in order to support easier third-party sign-ins.

 
Nicolai Pedersen
Posted on 31/08/2017 12:34:07
Reply

You can just post with other parameters than username & password - i.e. externalusername=some&externalpassword=some

 
Evaldas Raisutis
Posted on 01/09/2017 08:59:03
Reply

The 3rd party is not able to change parameter names :) 

 

You must be logged in to post in the forum