Search code examples
c#forms-authenticationdotnetnuke

How can I log a user into DotNetNuke via an ashx?

We have a page that heavily uses the hash in the url to denote what popup the user is currently viewing. We are trying to set it up so if the user clicks a button, they are presented with a login form that will log them in and reload the exact page they are on (including the #!).

I decided to do this via ajax, by having a standard form in the login popup, and tie the click button to an ajax call to an ashx with the following code:

    public void ProcessRequest(HttpContext context)
    {
        context.Response.ContentType = "application/json";

        var username = context.Request["username"];
        var password = context.Request["password"];
        var portalSettings = PortalSettings.Current;
        var ip = GetIpAddress(context.Request);
        var loginStatus = UserLoginStatus.LOGIN_FAILURE;

        var result = UserController.ValidateUser(portalSettings.PortalId, username, password, string.Empty,
                                    portalSettings.PortalName, ip, ref loginStatus);

        if (loginStatus == UserLoginStatus.LOGIN_SUCCESS || loginStatus == UserLoginStatus.LOGIN_SUPERUSER)
        {
            FormsAuthentication.SetAuthCookie(result.UserID.ToString(), true);
            context.Response.Write(JsonConvert.SerializeObject(new { Result = true}));
        }
        else
        {
            context.Response.Write(JsonConvert.SerializeObject(new { Result = false }));
        }
    }

This seems to work, in the fact that when I pass in the portalId, username and password (called via the browser url), it brings back a result of LoginStatus.LOGIN_SUPERUSER. According to fiddler, the JSON is returned with the following cookie header:

Set-Cookie: .DOTNETNUKE=5E48DC014F447BA2ED6ADFA09138D3E089B52E3A6ECFAD0AE45B7EB94842B48EE84529F92F34B1ABE7D1BBF580F3AF91446ED70177EF967588D0518802C397AD5831CA941CDF15F9C625075E9F2403A743B20AFC380E01DBE6383587E06D85D61A6485FA; expires=Tue

However, once I navigate to my homepage the webserver is logging me out it seems and sending the following cookie headers back: Set-Cookie: .DOTNETNUKE=; expires=Tue, 12-Oct-1999 04:00:00 GMT; path=/; HttpOnly

I have verified that PortalSettings.Current is pointing to the correct portal.

How do I persist the login?

Solution

  • Turns out I was incorrectly using UserController.ValidateUser() instead of UserControll.UserLogin().