| |
|
|
|
|
|
|
|
|
|
 |  | |
| | |
| | |
| | |
 | | |
|
|
|
| Can LiveID be customized for my needs? |
|
|
While using Windows LiveID, I need to (i) disable the Standard Login on the DNN login page in order for it to display only the LiveID login option (I guess this can easily be done by disabling the standard DNN login in host settings), (ii) to force Windows LiveID to go through the secure login by default (not the standard LiveID login) and (iii) to force an auto logout from DNN as well as Windows Live whenever the DNN Logout link is clicked (Currently, we have to logout from DNN as well as LiveID, necessitating 2 logouts with LiveID. I'd like to know whether (ii) and (iii) are possible and if yes, how? |
|
|
|
| |
|
|
| Re: Can LiveID be customized for my needs? |
|
|
I'm not as well versed in the LiveID code as I should be and I think Charles is away so I don't know how soon I can get an answer for your questions for you.
For 1. you can disable the Standard DNN login on the Admin->Authentication page.
2. Do you mean on a secure page? If so, then if you create a secure page and place the login on there that should do the trick.
3. I'm not sure if this would require a core change or if you could override the Logout click to include LiveID. |
|
|
|
| |
|
|
| Re: Can LiveID be customized for my needs? |
|
|
Thanks, Mike. Yes I suppose Charles is away, but I hope he'll respond when he's back.
First off, I forgot to say that my DNN portal needs only admin and host accounts. No other users will be required now or in the future. So what I wanted was to secure the transmission of these 2 accounts' passwords using the LiveID option.
I consider problem 1 as solved.
About problem 2- Let me clarify -- When I login using the LiveID option, I first get a warning that I'm about to get redirected to a connection that's not secure. Don't know whether this has any security implications, but I hope not! I click OK on the warning dialog. I'm then taken to the Microsoft LiveID site (http://login.live.com) and there I see a message like "Windows Live is not affiliated with www.dotnetnuke.com and will share with it only an anonymous ID" above the Signin section (although what this means, I've yet to find out). Now, below the Standard Signin there's a link, viz., Use enhanced security <https://login.live.com)
What I desired is this : (a) When I login to DNN using LiveID, I want to be redirected to the enhanced security (https://login.live.com) instead of to the standard Signin page (http://login.live.com) AND (b) I also want the things below to get disabled (at least make them invisible) on the secure Signin page :
Forgot your password,
Remember me on this computer,
Remember my password and
Use Standard Security.
I suppose there are ways of doing (a) from within DNN. I'd be glad if someone out there can tell me how.
As regards to (b), should I have to contact Microsoft?
About my problem No.3 - Well, I'm having the same questions as you! |
|
|
|
| |
|
|
| Re: Can LiveID be customized for my needs? |
|
|
Hi Iadalang,
The LiveId site POSTs the login information to a SSL-enabled page (at https://login.live.com/ppsecure/post.srf). Thus, credentials are never passed across an unsecured connection, despite the fact that the initial login page is served via unsecured HTTP. This is a standard, secure setup and you should have no concerns about it. I am unsure if the provider supports initial redirection to the LiveId site via HTTPS -- if it does not, I would suggest logging it as an enhancement in Gemini at http://support.dotnetnuke.com. Again, however, you really do not need to be initially GET-HTTPS to be secure. It's only the POST that matters.
I am not aware of a way to synchronize logouts between DNN's forms authentication and the LiveId site. DNN does not support a Logout function at the provider level (I've requested this at http://support.dotnetnuke.com/issue/ViewIssue.aspx?id=4532&PROJID=2). However, such a call would never be guaranteed to be executed, so it would only cover "some" cases at best.
You might be able to implement SOME synchronization via a modification to the Logout skinobject, but this would only cover explicit logouts. You're probably just going to have to live with some DNN-LiveId decoupling.
Hope this helps!
Brandon
Brandon Haynes
BrandonHaynes.org |
|
|
|
| |
|
|
| Re: Can LiveID be customized for my needs? |
|
|
This question might be more appropriately directed at Microsoft but I'm sure you can also explain - what's the difference between Standard login and Enhanced login if both were to go through an SSL-enabled channel anyway.
Actually what I wanted was to force admin/host accounts of DNN to login to LiveID only through the Enhanced Security option. This could be possible if the DNN provider supports redirection to this option as you said, but that's not enough. I also need to disable the option to click on Standard Security link as well as the other options I mentioned when the DNN user lands on Windows Live. But I guess that's beyond DNN's control?
|
|
|
|
| |
| | |
| | |
| | |
|  |
| |
|
|
|
These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.
For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:
1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
|
| |
|
|
|
|
|
Get Smarter Mail, SmarterStats, SmarterTickets
Windows mail server, web log analytics, and customer service management software - Free Editions Available!
www.smartertools.com
|
DotNetNuke Modules, Skins, Training and Consulting
If you want DotNetNuke done right then look no further. Developed Solutions provides module development, skin design, user and developer training and consulting. Based in Adelaide, Australia, we offer our services worldwide.
www.developedsolutions.com.au
|
Venexus, Inc.
Need custom a custom DotNetNuke module? From module planning to deployment, including training and support, Venexus developers deliver end-to-end web solutions on time and on budget.
www.venexus.com
|
|
|
|