i need to import all users from a dnn 4 site to dnn 5 site.i have already imported all tables.but in membership table the password encryption is different for dnn4 and dnn5.
i have register the same user in both sites.and the password and passwordsalt are different in version 4 and 5.so while import users from dnn 4 to 5,i cannot login to the new site.
How to decrypt the old password and encrypt the same for new one?
checking for machine key value in web.config and matching them may solve the problem
Between 4 and 6 (really between any installs) one of the best things is to have one of the user manager tools that allows you to export users with password and import them into another portal or install.
As an alternative -
make a copy of the dnn 4 site
upgrade the dnn 4 site to dnn 6 (or whatever version you like)
now copy the machine key etc over to other site and copy in users
Something like the alternative is not really clean and prone to problems (especially if the portal already has users - like the host)
Related
I have a website named satellite.com built by AngularJS+NodeJS+MongoDB, it has an authentication system by ID & password, or third-parties like Google, GitHub. It already has many user accounts.
Now, I want to build a new website named umbrella.com, its authentication system and its database by ReactJS+NodeJS+MongoDB. Umbrella.com will include the functionalities of satellite.com (which will ideally share code with satellite.com) and some other functionalities. In the future, I want both satellite.com and umbrella.com to exist and work (though satellite.com may systematically redirect to umbrella.com/satellite/).
I wonder how umbrella.com can use the existing user accounts of satellite.com. Ideally, I hope
existing users of satellite.com could sign in umbrella.com with their old credentials, and have access to their data of satellite.com
new users could sign up on satellite.com, which will be valid to umbrella.com too
new users could sign up on umbrella.com, which will be valid to satellite.com too
I have total control of the two websites. Does anyone have a clear suggestion on how to structure and share the authentication system and the database of these 2 websites?
Edit 1: one issue is that when I set up Google Authentication for satellite.com, I remember that the domain name (i.e., satellite.com) was required. So now, can we use these authentications for another domain name (i.e., umbrella.com)?
If you are not using third party authentication like Google Auth or something where you have to specifically register your domain you can achieve that by following steps:
You can keep one database structure for both website with different
front-end. For that you user can login to both websites using same
credentials.
You can also go with one backend (Node server) for both the websites
as its seems like both are same and having same functionality.
Front-end can be different.
I've been tasked with maintaining a DNN site that has been running for a while, so I copied it to my local development environment to get up to speed on the setup. I have the site up and running locally, and I can browse all (I think) of the pages. It seems to display correctly and yesterday, the DNN login worked correctly. However, today, when I try to login to manage changes, I enter my username and password on the login page, but it does not actually log in. On screen, all that seems to happen is that the password field clears. No error message displays. In my Firebug console, the only error message that appears is "Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen." Again, yesterday, I was able to log in and get to all of the DNN management features -- I changed skins, modified CSS, changed code, etc. I've tried multiple logins (host, superuser, and regular user) -- all have the same result.
I don't see anything in the database EventLog, except for a startup record.
I saw a couple of other SO posts tangentially related to failed DNN logins on development environment, and checked that Form Authentication is Enabled in IIS and the security for the site folders are set correctly and the folder is not read-only.
I generally use Firefox for development, but I also tried IE. I'm certain I'm missing sometime obvious, but it has me stumped. Ideas? I'm new to DNN, so I'm not up to speed yet on the best practices for debugging. Any other suggestions would be welcome.
Some details: Live site is SQL Server 2008; Dev is SQL Server 2012. Both sites use IIS 7. Dev is DNN 7.2.2. Locally, I'm using VS 2010 for development.
Couple of things to check.
1) Check to make sure your database connection strings (2 of them) in the web.config are both pointing to your local database.
2) Check to make sure the MachineKey values in the web.config still match the values in the production web.config
3) You might turn off SSL on the site, though you'll have to do that in the database as you can't get logged in. I believe you can likely just set Secure to 0 on all of the Tabs table records, but you might need to track down a HOST setting as well to make this work (hostsettings table)
An update. I was able to get this to work by using a different user account. I'm still not sure what the root of the problem was, but I believe it was related to specific settings on my particular user account. I used a generic 'admin' account, and was able to make it work.
Im experiencing the same issue, I think its something to do with the the .dotnetnuke cookie
I have two applications in my workspace, APP 1 and APP 2.
In my case, user will log in to APP 1. from there, i put a menu(or a link) to APP 2. however APP 2 requires authentication. So it will take me to a login page. i would like to eliminate that and get the current user's credentials on APP 1 and login to APP 2.
i'm looking for a simple straightforward method (but need to consider security) to login to APP 2.
what i could think of is apex_collection..i could store credentials n use it to create a login process for APP 2. however apex_collection is session based. eventhough i've set session for APP 2, it still wont read values from my apex_collection.
Does anyone have a suggestion or a solution?
All you need to do is use the same authentication scheme in both applications and set the cookie name attribute to the same value in both authentication schemes like this:
APEX will then use the same session across the two applications and the user will not have to log in again when they navigate from one to the other, provided of course that you pass the SESSION_ID in the URL.
A Few Comments on Default APEX Workspace Authentication Security
It may also be helpful to expand on an explanation of why the solution posted by #TonyAndrews works.
For any Apex Apps within the same workspace, if they use the default "APEX Application Authentication" method, they will consult the same authentication user list... so USER1 and its password is a valid login for any of the "neighboring" applications...
This may be a concern if you are hosting different clients or users that should not be intermingling with the other applications. You can also define user GROUPS in the same place as you set up each workspace user. Each application can have its own security filter that permits access by membership of BOTH user/password authentication AND membership in the appropriate access group.
Sharing workspaces may also be a problem because of the unique user name restriction of a single workspace. You can get around that by:
Defining different name-spaces for each application:
Email addresses are good: "someuser#sampledomain.com"
An app id prefix such as: SHOP_EDNA, SHOP_GARRETT, TC_KAREN, TC_MARLOWE, MY_BORIS etc.
Different name styles: first name only, first name + last initial, etc.
To keep things simple, you can always just spin up a brand new workspace: a warning however is that common user names like `ADMIN` are NOT the same between separate workspaces. There shouldn't be much concern however because apps or workspace users may have the same or different schema access privileges to the database back end.
A Word of Caution to Administrators and Developers:
When you go live with an application or multiple applications on a user-facing system, keep in mind the deployment destination (i.e., the workspace) and what else is sharing that workspace. There are some real situations where apps are not intended to be shared or accessed by other "inside" users. Be sure to read up and understand the security constraints and methods of using Default Apex Authentication security so that it's more than luck that protects your own production/live deployed applications.
I do have the similar requirement, linking from one application page to another.
Tried the above mentioned solution, but still asking to login to second application. My Apex ver is 5.0.3 and trying in same workspace.
Created new authentication schemes for each app with same cookie name and set them as current authentication. Scheme type are Application express accounts.
Setting the link as below from first app page to second.
href="http://servername:port/apex/f?p=224:2:&APP_SESSION"
Could anyone provide a solution, please?
Just an update on this.
I am currently using v21.2 and this is how I do it:
In both applications, go to Shared Components > Authentication Schemes > (Select your Auth Scheme);
Scroll down to Session Sharing and select 'Workspace Sharing';
In one of the applications (source), create a link (as a Navigation Bar List entry, for example) like f?p=173:1:&SESSION., where 173 is the target application ID and 1 is the target page.
After some research, I've found out that this feature (Session Sharing Type) is available since v18 of APEX.
I've created some new fields for users who register in admin/config/people/profile
since we are still building the site I want to port these out to a features module
but am completely unable to figure out how to do this? I thought it would be some
thing like Features >> [Create Feature] [Edit components] >> Variables but cannot
find my custom fields?
I named my new form Registration, and tried view sourcing and flipping through the
source with the find command but am unable to find it there either. Anyone know what
it might be called or under?
In order to unlock the profiles, I used this Administer user profiles in Drupal 7 method.
In case you hadn't figured it out yet, you can export fields by selecting the "Fields: field" component when creating your view.
By the looks of your URL you're not using the latest 7.12 core version? Currently the page to manage the fields for user profiles is located at "Administer > Configuration > People > Account Settings > Manage fields" (admin/config/people/accounts/fields) page, so you may need to update...
Did you create a profile or add the fields directly to the user entity?
With the drupal 7 fields API you don't need the profile module anymore in fact it's deprecated. Because of that I don't think their is features support for profiles
I'm building four websites. They all should have the same login-datas (user can registrate on website 1 and also can use website 2 and 3 by using the same Login-Name).
My idea was to use the MS SQL Membershipprovider (good idea?).
Now I don't know where to place the SQL-Mebershipprovider (in an extra databse? or together with the websites? -> sound like getting chaos^^)
A other idea I've read was to create a webservice to the authentification?
But I think I'm getting problems with the data consitency, because I think there is no way to point from one database to an other (linking for example the usertable in database one to the texttable in databse 2).
I want to use MVC3 and a MS SQL-database.
Any experiences or ideas?
Thanks a lot!
You can use a separate membership database to do this and just point the providers of each site at this database.
If you wanted to use the role provider you would have to have the same roles in all four websites which may not be what you want. You could use a central database to just handle authentication and then create a local user record in each website that links back to your central user database (you will have to do this linking manually i.e. no relationship). This will then let you role your own role provider for each site.