YAFLogo

dummy
  • dummy
  • 51.8% (Neutral)
  • YAF Forumling Topic Starter
14 years ago
I’m attempting to validate a forum log in from the main page on my site.

In the web.config for both the Forum and my application I set up the with a validationKey, decryptionKey, validation=”SHA1”, and decryption=”AES”. validationKey and decryptionKey were randomly generated through a public site.

I’m using this code to log in:

string sPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(Login.Password, "sha1");
          Object YafUserID = YAF.Classes.Data.DB.user_login(1, Login.UserName, sPassword);
if (YafUserID != DBNull.Value) { } 

My YafUserID is consistently coming back as “null” and I’m struggling to debug the issue.

Is there a way to determine if I have all of the necessary password information set up correct?

I know the yaf_user_login stored procedure is getting called but the results are NULL.

The other oddity that I see, the password in the yaf_user table is stored as “-“ and if I create a query with a dash as the password parameter, the stored procedure is successful in returning the userID.

Any idea as to what I’m doing wrong or suggestions as to how I could locate the issue?

Thanks.

Sponsor
Elvan
  • Elvan
  • 51.2% (Neutral)
  • YAF Forumling
14 years ago
Hello,

http://wiki.yetanotherforum.net/AspNetMembershipIntegration.ashx  I see that in stored procedure "user_save":

insert into [{databaseOwner}].[{objectQualifier}User](BoardID,RankID,Name,Password,Email,Joined,LastVisit,NumPosts,TimeZone,Flags,PMNotification,ProviderUserKey)

values(@BoardID,@RankID,@UserName,'-',@Email,getdate(),getdate(),0,@TimeZone,@Flags,@PMNotification,@ProviderUserKey)

password hardcoded as '-' so in table User we have always '-' for password.

But in "user_login" stored procedure (that called by recommended function user_login) we check if there is a user with entered username and a password:

select UserID from [{databaseOwner}].[{objectQualifier}User] where Name=@Name and Password=@Password and BoardID=@BoardID and (Flags & 2)=2

and of course there is no such a user because password is always '-'.

So could you tell please is this a bug or method in recommended yaf integration procedure is not full?

Thank you.

FiniteIntellect
14 years ago
Anyone have an answer to this? I am having the same problem
ddavis
  • ddavis
  • 55.4% (Neutral)
  • YAF Forumling
14 years ago
I'm almost there, just working it out myself...

So far i've got the following (which does authenticate, but isn't storing the cookie)..

ForumPage currentPage = new ForumPage();

YafContext PageContext = currentPage.PageContext;

bool booResult = PageContext.CurrentMembership.ValidateUser(txtUserName.Text.Trim(), txtPassword.Text.Trim());

If booResult == true then you authenticated.

ddavis
  • ddavis
  • 55.4% (Neutral)
  • YAF Forumling
14 years ago
Ok, this works.



    protected void btnDoLogin_Click(object sender, EventArgs e)
    {
        ForumPage currentPage = new ForumPage();
        YafContext PageContext = currentPage.PageContext;
        bool booResult = PageContext.CurrentMembership.ValidateUser(txtUserName.Text.Trim(), txtPassword.Text.Trim());

        FormsAuthentication.SetAuthCookie("2;1;Administrator", true);

        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now, DateTime.Now.AddMinutes(30), false, "", "/");
        string strEncTicket = FormsAuthentication.Encrypt(ticket);
        HttpCookie authCookie = new HttpCookie(".YAFNET_Authentication", strEncTicket);
        authCookie.Path = "/";
        HttpContext.Current.Response.Cookies.Add(authCookie);
    }

Hope it helps.

kowint
  • kowint
  • 52.4% (Neutral)
  • YAF Forumling
14 years ago

Ok, this works.



    protected void btnDoLogin_Click(object sender, EventArgs e)
    {
        ForumPage currentPage = new ForumPage();
        YafContext PageContext = currentPage.PageContext;
        bool booResult = PageContext.CurrentMembership.ValidateUser(txtUserName.Text.Trim(), txtPassword.Text.Trim());

        FormsAuthentication.SetAuthCookie("2;1;Administrator", true);

        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now, DateTime.Now.AddMinutes(30), false, "", "/");
        string strEncTicket = FormsAuthentication.Encrypt(ticket);
        HttpCookie authCookie = new HttpCookie(".YAFNET_Authentication", strEncTicket);
        authCookie.Path = "/";
        HttpContext.Current.Response.Cookies.Add(authCookie);
    }

Hope it helps.

ddavis wrote:

It's really nice. Thanks for your code.

Palos
  • Palos
  • 56.6% (Neutral)
  • YAF Camper
14 years ago
Greetings everyone.. sorry to ask you this.. noob question.. cause the real thing is i'm just new in asp.net.. and i'm just wondering.. where do i put that log in code provided by ddavis?

The reason why i asked.. is that i made yaf forum as my subfolder in my project.. and i still have 3 other folders other than that.. named Students, Teacher and Administrator.. all i want to achieve is.. to validate my users using the yaf login having the

Student role = Student Folder Access and Yaf forum Registered role only

Admin role = Admin Folder Access and yaf forum Admin role only

Teacher role = Teacher Folder Access and yaf forum Moderator only

i hope someone could help me achieve this kind of thing.. Any advice and suggestion will be highly sought

Have a great day:-d