MSPSS: is there life after the helpdesk?

sharing solutions to uncommon IT problems

Archive for the ‘DotNetNuke’ Category

SSO for a website with mixed forms and basic authentication

leave a comment »


Hello,

We have tried to achieve Single Sign-On for a while consolidating 3 of our websites into one. The challenge was that 1 website was using Forms based authentication (fed by Active Directory through Dotnetnuke), 1 with basic authentication and classic ASP and 1 is a document repository with basic authentication.

=====================================
My first challenge was to enable cross-application authentication for all applications (ASP and .NET) hosted outside the DotNetNuke pool (but still in the same website).
Frankly I had never had to do this before and I was surprised by simplicity of it all:
All we need in this case is to have the same <machinekey> in the web.config of every web application.
The machinekey is the key that is used to encrypt the authentication cookie, having the same machinekey allows other applications to decrypt the same cookie and find out who the user is.
IIS by default generates the machinekey on the go, if you want to achieve SSO you will have to specify it explicitly in the web.config (you can generate the keys from many websites like http://aspnetresources.com/tools/machineKey)

<system.web>
<machineKey validationKey=”yourvalidationkey” decryptionKey=”youdecryptkey” decryption=”3DES” validation=”SHA1″ />
<authentication mode=”Forms”>
<forms name=”whatever” protection=”All” timeout=”60″ cookieless=”UseCookies” />
</authentication>
</system.web>

Once I did this I could easily retrieve the username from an ASP.NET page (using User.Identity.Name).
On classic ASP (using Request.ServerVariables(“AUTH_USER”)) is also easy but I had to configure IIS to process requests coming for .asp through .NET Framework. In IIS7.5 this is easy if you use its integrated pipeline (application pool mode=integrated) but it is also possible to achieve with the classic mode.
I followed this article: Wildcard mapping
Obviously once you did all this, you will have to update your apps to retrieve the username from the variables above.
=====================================

So, at this stage I was already quite happy as I had achieved SSO throughout all our web applications but still I couldn’t find a way to do the same for our document repository as it uses built in (i.e.: not adaptable) functionalities of IIS such as basic authentication coupled with NTFS security.
Then I started thinking that this could be achieved by developing my own isapi filter that would do the checking on NTFS on the user behalf.
On IIS7.5 isapi have been replaced by http handlers and http modules. What I needed was an HTTP module that would:

  • Decrypt the cookie and retrieve the user
  • Redirect to the login page if the user is not logged in
  • Check the NTFS effective permissions of the user against the file he’s trying to download
  • If he doesn’t have read rights, redirect the user to the “not authorised page”
  • If he does have read rights, let the request go (the download is actually operated under the application pool identity)

This would not only achieve SSO for the document repository but would also give the user a better experience as if he is missing rights, he is not presented with the never ending login prompts typical of basic authentication but he’s given a clear “not authorised” message.

Here is the code I’ve put together (wordpress doesn’t allow me to upload actual code files or text so I had to PDF it): ntfs_checker
You can either compile it into dll and put in the bin folder or rename it to .vb and put it in the app_code folder and add the following tags in the web.config:

<modules>
<add name=”ntfs_checker” type=”ntfs_checker” />
</modules>
<appSettings>
<add key=”Domain” value=”AD_Domain_Netbios”/>
<add key=”LoginPage” value=”/login.aspx”/>
<add key=”NotAuthPage” value=”/NotAuthorized.aspx”/>
</appSettings>

If anyone tries it out and finds new ways to improve it, please post it back.

P.S.: one little update: the application pool of the NTFS checker must run with 32-bit apps enabled or it won’t work.

HTH,
Roberto.

Advertisements

Written by zantoro

March 22, 2014 at 10:10 pm

DotNetNuke – Error during upgrade “A newer version of this package is already installed”

leave a comment »


Hello,

When I tried to upgrade our DNN portal from 7.1.2 to 7.2.0 I got a blocking, very cryptic error: “Upgrade A newer version of this package is already installed”.

The error log showed the following lines:

01/12/2014 17:55:09 [INFO] DotNetNuke.Services.Upgrade.Upgrade Start InstallPackage:D:\MyWebsite\Install\Module\DNNCE_CoreMessaging_07.00.04_Install.zip
01/12/2014 17:55:10 [ERROR] DotNetNuke.Services.Upgrade.Upgrade A newer version of this package is already installed – 7.1.2

The problem was that I had copied over the upgrade files without first deleting the old Install folder. In the install folder we had old modules alongside with the new modules.

Apparently the DNN Install/Upgrade routine tries to install all modules in the module folder without any particular order or rule. When it tried to install a very old version of the coremessanging module it prompted the error above.

Deleting the Install folder (best practice anyhow) fixes the problem.

HTH,
Roberto.

Written by zantoro

January 13, 2014 at 9:19 am

Posted in DotNetNuke

Tagged with ,

DotNetNuke – Upgrade to 7.1.1 – DDRMenu doesn’t work anymore

with 5 comments


Hello,

After upgrading DNN PE to 7.1.1, the DDRMenu suddenly stopped working due to a JS error: “Uncaught TypeError: Object function (e,t){return new b.fn.init(e,t,r)} has no method ‘curCSS'”.

the JQuery CurCSS method has been deprecated in JQuery 1.8.

DNN 7.0.x used JQuery 1.7 while DNN 7.1.x uses JQuery 1.9.1

The DDRMenu has not been updated to work with new versions of JQuery and they don’t seem to have a new version in the pipe on their website http://dnnddrmenu.codeplex.com/

The fix is quite easy but it might get overridden next time we upgrade the DDRMenu:

Edit \DesktopModules\DDRMenu\DNNMenu\DNNMenu.min.js and replace all “curCSS” method calls (2) with “css”

Update: DNN support replied that everything worked fine with a “out of the box” skin and therefore the problem was caused by my custom skin which was out of support (they don’t give support on Skin development).
By comparing my skin with one of the OotB, we found out that we were using <DNN:NAV instead of the more common <DNN:MENU. The DNN:NAV should still work but I get a feeling that is slowly dying (I can only find documents related of this menu in connection with DNN4 and 5, nobody seems to have used it since…)

We will investigate further but in the meantime, we are considering switching our menu to <DNN:MENU

Update2: Replacing the DNN:NAV with a DNN:MENU was easier than I thought and I get the feeling this incompatibility is the tip of the iceberg. Your safest bet is to download a free, prebuilt menu (superfish works pretty well out of the box), copy it in the skin folder and link it from the template (menustyle) and tweak the look and feel.
FYI: here is what they write on the DNN website about DNN:NAV:
Note that while it is also possible to use a dnn:NAV control with the DDRMenuNavigationProvider and CustomAttributes to render a non-DNNMenu template, it adds complexity and brings no particular benefits, so is not recommended.

HTH,

Roberto.

Written by zantoro

September 18, 2013 at 12:01 pm

Posted in DotNetNuke

Tagged with , , ,

Dotnetnuke 7 + ActiveDirectory module: login prompt

with 3 comments


Hello,

we are setting up an evolutionary prototype of Dotnetnuke which will eventually replace our current extranet portal.

I’ve setup the new, out-of-the-box DNNPro_ActiveDirectoryAuthentication module.

Everything works as expected (ie: AD users can login successfully) but often, the first time you open the website you are presented with a login prompt.

Untitled

If you hit cancel, the system shows that /DesktopModules/AuthenticationServices/DNNPro_ActiveDirectory/WindowsSignin.aspx is asking for credentials.

In other words, DNN is trying to get you to automatically sign-in using your system credentials, then, when the login fails, it prompts you with a login box.

you may say: but I never asked to be logged in automatically! Neither did I and I struggled to find a reason and a solution.

In the module there’s no way to enable/disable this feature, but you can limit the automatic sign in to a range of IPs:

I simply limited the range of “allowed” IP to an unused internal ip (e.g.: 192.168.200.10) and that did the trick

Untitled

UPDATE: The solution I provided above was also causing a runtime error: “Index and length must refer to a location within the string. Parameter name: length”. In the end, in order to fix the problem, I had to disable auto-login altogether by commenting out the following line in the <modules> section of the web.config:

<add name=”Authentication” type=”DotNetNuke.Professional.Authentication.ActiveDirectory.HttpModules.AuthenticationModule, DotNetNuke.Professional.Authentication.ActiveDirectory” />

Written by zantoro

June 12, 2013 at 12:51 pm

Posted in DotNetNuke, IIS

Tagged with , ,

DotNetNuke: use DNN libraries in a common aspx page – Get the username

leave a comment »


Hello,

We are trying to migrate our portal to DotNetNuke. We have several applications developed in ASP.NET which we don’t want to convert into DNN modules all at once.

What we plan to do is convert only the entry point page from aspx to ascx and keep using all sub web forms modifying as little as we can (for the moment).

Initially we thought we could not retrieve the authenticated user info in non-module pages but actually, as long as the web page (aspx) is a member of the module you can reference to all DNN classes and retrieve whatever info you need.

Here, for example, is how I retrieve the logged in user:

——–

Imports DotNetNuke.Entities.Modules.PortalModuleBase

——–

Dim uinfo As DotNetNuke.Entities.Users.UserInfo = DotNetNuke.Entities.Users.UserController.GetCurrentUserInfo()
Label1.Text = uinfo.Username

——–

 

HTH,

Roberto.

Written by zantoro

April 11, 2013 at 7:49 am

Posted in DotNetNuke

Tagged with ,