I have an ASP.NET web application "K" that has its own authentication and authorization built on SimpleMembershipProvider.
Now I want to set up a web site that has application "K" and DNN, in a way that the user will log in to DNN app and I have a button within DNN app that will jump to app "K".
Within "K", I would like to implement these behaviors.
- If the user is not logged in, go back to DNN's home page.
- If the user is logged in but does not have a "K-user" role in DNN, show "contact administrator" message.
- If the user is logged in and have "K-user" role in DNN, allow the user to use the app as usual.
This is brand new site so I do not have any constraint. I can put "K" under DNN (or vice versa, but not sure why I would do it that way), I can put "K" next to DNN and give the same machineKey to share cookies, I don't even have to use DNN, it can be any CMS as long as it has nice and easy way to fill in information.
I must be using wrong keyword on my googling. It seems very basic need but can't find exact article that can show me how to do it.
Any helps would be much appreciated.
It sounds like you need to modify the authentication method of your "K" application. Then, you could build a module that takes care of the behaviors based on whether the user is logged in and is in a certain role.
Once you log into DNN and check the roles, your user needs to be authenticated to the "K" website.
We do something similar, but it required that our "internal" site would accept a token as proof of who the user was and they were authenticated.
Here is an example of what we do:
- Both sites must check for cookie/Token
- If token exists, refresh it. If not, create cookie/token
- "Internal" site checks for cookie and uses value to authenticate to Token database
- Subsequent requests read the token from the cookie and validate against Token database
- When user logs out, cookie and database entry are deleted
- If user does not log out properly, you must clean up tokens on a set interval
Here is how I solved it.
- Put DNN and "K" as direct child siblings of web root.
- Make DNN and "K" have the same MachineKey.
- Write User Migration sql script, from DNN to "K".
- Make a link from DNN to "K".
- Modify "K" web.config authentication section like below. Key point is loginUrl and name.
>
<authentication mode="Forms">
<forms loginUrl="/dnn/Login.aspx" defaultUrl="~/" name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>
- Disable any code in "K" that allows the user to log in directly to "K".
- When the user visits "K" for the first time, execute user migration sql script. (you could initiate migration script in any moment that fits you the most.)
Now, the user will log in onto DNN, and click a link to access "K". When this happens, "K" can behave as if the user actually logged in using "K" application, like reading roles from Web.Security, etc. That comes for free since you made its forms authentication cookie name and MachineKey synced between two applications.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 祖国的老花朵 的文章《Using DNN authentication and authorization info fr》','https://www.manongdao.com/article-515960.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}