Old Forums
Search:
ASPX templates
Version 7.x > ASPX templates > Add SecurityCode to Logon form webpart View modes: 
User avatar
Member
Member
kimiiic - 10/11/2013 12:17:01 AM
   
Add SecurityCode to Logon form webpart
Hi there,

I am trying to add a captcha control into Logon mini form webpart, i know how to use
<uc1:SecurityCode ID="captchaElem" runat="server" />

and use captchaElem.IsValid() in the .ascx.cs code.

But where is the authentication logic in the LogonMiniForm.ascx.cs webpart?

For example i want to add a third authentication to this webpart to valid the captcha field value, is this possible?

Thanks
Kimi

User avatar
Kentico Consulting
Kentico Consulting
Kentico_RichardS - 10/11/2013 1:54:54 AM
   
RE:Add SecurityCode to Logon form webpart
Hi,

Thank you for your message.

This is surely possible and you dont even need to know where the authentication is happening (you wouldnt even have access to it without source code).

What you can do is check your captcha in method loginElem_LoggedIn and stop proceeding entire script if the captcha doesnt match so it wouldnt even come to checking user name and password which is not even needed when captcha is wrong.

Kind regards,
Richard Sustek

User avatar
Member
Member
kimiiic - 10/11/2013 2:22:06 AM
   
RE:Add SecurityCode to Logon form webpart
Hi Richard,


Thanks for your reply.

I have tried to add the method in loginElem_LoggedIn, but it seems like it still let me logged in.

Even if i removed the whole bunch code in the loginElem_LoggedIn method, the form still authenticate me in.

Do you know what's the problem?

User avatar
Kentico Consulting
Kentico Consulting
Kentico_RichardS - 10/11/2013 4:01:05 AM
   
RE:Add SecurityCode to Logon form webpart
Hi,

It seems that the logging event is happening somewhere on the background. I have found out a simple workaround.

Find thish piece of code: 

        else
        {
            if (DefaultTargetUrl != "")
            {
                URLHelper.Redirect(ResolveUrl(DefaultTargetUrl));
            }
            else
            {
                URLHelper.Redirect(URLRewriter.CurrentURL);
            }
        }


Next you can insert your validation before url redirect. If the validation fails you can simply logout the user. It can look like this:

        else
        {
            if (DefaultTargetUrl != "")
            {
                URLHelper.Redirect(ResolveUrl(DefaultTargetUrl));
            }
            else
            {
                // validation logic here
                if (ValidationFails == true)
                {
                   CMSContext.LogoutUser();
                }
                URLHelper.Redirect(URLRewriter.CurrentURL);
            }

Its a workaround, but it should do the trick.

Please let me know how it works.

Kind regards,
Richard Sustek
User avatar
Member
Member
kimiiic - 10/11/2013 7:08:55 AM
   
RE:Add SecurityCode to Logon form webpart
Thanks Richard, this workaround works.

In addition, i want to add an error message like javascript alert to that, but didn't work.

Any possible work around to this?
 if (DefaultTargetUrl != "")
                {
                    if (!captchaElem.IsValid())
                    {
                        
                        CMSContext.LogoutUser();
                        Response.Write("<script>alert('Captcha Error');</script>");
                        URLHelper.Redirect(URLRewriter.CurrentURL);
                        
                        

                    }
                    else
                    {
                        URLHelper.Redirect(ResolveUrl("~/Doctor-Home.aspx?username=" + userName));
                    }
                }
                else
                {
                    
                    URLHelper.Redirect(URLRewriter.CurrentURL);
                }
            }

Thanks

User avatar
Kentico Consulting
Kentico Consulting
Kentico_RichardS - 10/12/2013 3:30:13 AM
   
RE:Add SecurityCode to Logon form webpart
Hi Kimi,

Im glad it works.

In order to give use some javascript error Im thinking that you can use redirect query string. So basically you would redirect user to something like:
URLHelper.Redirect(URLRewriter.CurrentURL+"?captcha=0);

Then on your site you would use javascript to query string ( see http://stackoverflow.com/questions/901115/how-can-i-get-query-string-values ) and based on that value show javascript error ot not.

Let me know how it works.

Kind regards,
Richard Sustek

Top