Portal Engine Questions on portal engine and web parts.
Version 4.x > Portal Engine > email as username View modes: 
User avatar
Member
Member
gooera-gmail - 12/8/2009 1:56:34 AM
   
email as username
hi all,
I need to make the logon form is able to receive email addreess as username (just like this devnet.kentico.com do). Can anybody advise what to setup?

Thanks,
~ Goo

User avatar
Kentico Consulting
Kentico Consulting
kentico_mirekr - 12/8/2009 2:46:38 AM
   
RE:email as username
Hi,

You can create users which UserName property will contain e-mail address for this purpose. I hope this will help you.

Best regards,
Miroslav Remias.

User avatar
Member
Member
gooera-gmail - 12/8/2009 7:25:05 PM
   
RE:email as username
Hi Miroslav,

Thanks for the response. But I need to allow my users to choose whether she wants to use her username or her email address as the username. So the authentication must check the username OR email, and the password. Could you advice how to implement this logic on the authentication process?

Thanks n regards,
~ Goo

User avatar
Kentico Consulting
Kentico Consulting
kentico_mirekr - 12/9/2009 9:53:36 AM
   
RE:email as username
Hi,

You can use custom security handler for this purpose:

http://devnet.kentico.com/docs/devguide/security_handler.htm

You can let your users to log in using the UserNames and Passowrd. If the user is not authenticated, then you need to check if there is any user in CMS_User table with such e-mail address. If so, you need also to compare the passwords and then return UserInfo object.

Best regards,
Miroslav Remias.

User avatar
Member
Member
gooera-gmail - 2/4/2010 3:30:04 AM
   
RE:email as username
Hi again :)

I am in the middle of applying this thing when finally stuck on the password comparison. I almost frustrated after finally realized that the password is not saved as plain text in the database. So how can we actually compare the entered password and the one in database?

Thanks and regards,
~ Goo

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 2/4/2010 7:37:22 AM
   
RE:email as username
Hello,

The passwords are saved in the SHA1 hash format. You can use the method CMS.SiteProvider.UserInfoProvide.AuthenticateUser(...) for veryfing the password.

Best regards,
Boris Pocatko

User avatar
Member
Member
gooera-gmail - 2/4/2010 11:53:51 PM
   
RE:email as username
Hi Boris,

Thanks for the response. But I think you didn't really read my original needs :). I need to do password comparison in the CustomSecurityHandler (OnAuthentication method). So, by following your suggestion by using UserInfoProvide.AuthenticateUser, there will be infinite loop on my code lol.

So, how do I compare the entered plain text password with the one in database that has SHA1 format?

Thanks and regards,
~ Goo

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 2/9/2010 10:11:33 AM
   
RE:email as username
Hello,

I am sorry for the misunderstanding.

In that case just create a hash SHA1 from the entered password and compare it with the one saved in the database. One approach can be found under the following link.

Best regards,
Boris Pocatko

User avatar
Member
Member
gooera-gmail - 2/9/2010 8:46:45 PM
   
RE:email as username
Awesome, thanks Boris. The logic is working now.

But after the OnAuthentication method returns the UserInfo, why isn't the user authenticated as login user? It redirects back to the login form with no error, no messages, as nothing ever happen. (It usually redirects to the dashboard page if I use the default authentication).

Did I do it wrong? I copy paste the code below for your review.

Thanks,
~ Goo


public override object OnAuthentication(object userInfo, string username, string password)
{
if (userInfo != null)
{
return userInfo;
}

UserInfo user = null;

string encPass = CalculateSHA1(password, Encoding.ASCII);
CMSMembershipProvider memberProvider = new CMSMembershipProvider();

if (ValidationHelper.IsEmail(username))
{
string uName = memberProvider.GetUserNameByEmail(username);
if (encPass == memberProvider.GetPassword(uName, null))
{
user = UserInfoProvider.GetUserInfo(uName);
}
}

return user;
}

private string CalculateSHA1(string text, Encoding enc)
{
byte[] buffer = enc.GetBytes(text);
SHA1CryptoServiceProvider cryptoTransformSHA1 = new SHA1CryptoServiceProvider();
string hash = BitConverter.ToString(cryptoTransformSHA1.ComputeHash(buffer)).Replace("-", "");

return hash;
}

User avatar
Kentico Developer
Kentico Developer
kentico_martind - 2/13/2010 1:55:42 PM
   
RE:email as username
Hello,

User is actually authenticated after redirection. Default web part makes redirection automatically only when there is return url in query string of url that requested logon page. Could you please optionally ensure redirection by custom code in LogonForm web part?

Best Regards,

Martin Dobsicek