Bookmark and Share

Monday, September 19, 2011

Automatic login on DNN using URL parametrs… the dirty way

Imagine this scenario…. your user needs to access a secured web page on a DNN site using a single click on a link….

Ok , it’s unsecure but your customer needs it… here is the quick and dirty solution:

1) Call the page sending the user/password information using the query string
2) Read the parameters and execute the login using jQuery
3) Redirect to the correct page after the login using the UrlReferrer information

You need to follow 3 steps:

1) Add this script in your login page.. better approach is to add it to a common javascript library:

function getQueryString(name) { name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]"); var regexS = "[\\?&]"+name+"=([^&#]*)"; var regex = new RegExp( regexS ); var results = regex.exec( window.location.href ); if( results == null ) return ""; else return results[1]; } function autologin() { $('input[id*=DNN_cmdLogin]').click(); } //on the ready event we load the parameters from query string and send the info back to dnn $(document).ready(function(){ if (getQueryString("AUTOLOGIN") != "") { $('input[id*=DNN_txtUsername]').val(getQueryString("USER")); $('input[id*=DNN_txtPassword]').val(getQueryString("PWD")); var timerid = setTimeout(autologin, 1000); } });

I’ve added a timer to the login process because in some case the page is not ready yet.

2) Add this code to the page called after authentication:

If Request.UrlReferrer <> Nothing Then
Dim arParams As String() = Request.UrlReferrer.Query.split("&")

If (Request.UrlReferrer.Query.indexOf("AUTOLOGIN") <> -1) Then
For Each Item As String In arParams
If (Item.indexOf("returnurl") <> -1) Then
Dim sFinalRedir As String = Item.split("=")(1)
End If
End If
End If

3) Modify the default.aspx.vb file, and add this code to manage the already logged case:

If Request.IsAuthenticated = True Then
If Request.Querystring("AUTOLOGIN") <> "" Then
End If
End if

That’s all… hope this helps..