I am able to login to dnn website with incorrect password. When i click on login button after typing incorrect password, it gives me the proper validation message. However, I am logged in because if I refresh or browse the site pages, I get access and I can see my screen name.
I am using dnn version 7.1.2
On login button click, I am using the below C# code:
var user = UserController.UserLogin(
portalId, userName, password, string.Empty,
portalName, ipAddress, ref loginStatus, checked);
Values for each :
portId = 0
ipAddress = ::1
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
var checked = false;
Below is the configuation for the membership.
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SiteSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="0"
requiresUniqueEmail="false"
passwordFormat="Hashed"
applicationName="DotNetNuke"
description="Stores and retrieves membership data from the local Microsoft SQL Server database"/>
Any help here. I checked the link mentioned below, which has the same core issue but havent got any solution from the suggestion there.
Programmatically login in dotnetnuke
Any suggestions or help would be appreciated a lot.
Thanks, Sam
This is what I do in my authentication provider:
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
UserInfo user = UserController.ValidateUser(portalId, userName, password, string.Empty, string.Empty, Request.UserHostAddress.ToString(), ref loginStatus);
bool authenticated = (loginStatus == UserLoginStatus.LOGIN_SUCCESS || loginStatus == UserLoginStatus.LOGIN_SUPERUSER);
var eventArgs = new UserAuthenticatedEventArgs(user, user.Username, loginStatus, "DNN");
eventArgs.Authenticated = authenticated;
OnUserAuthenticated(eventArgs);