0

I am creating a simple web service, for DotNetNuke 7, that will allow an iOS or Android app to authenticate a user with our website to make sure they are a member and so allowed to view restricted content on the app.

I have a test webservice running that responds to annonymous connections. How do I actually get it to login into the website and retrieve data back (like roles and contact information)?

public class SiteLoginController : DnnApiController  
{
    [DnnAuthorize]
    [HttpGet]
    public HttpResponseMessage LoginToSite(string username, string password)
    {
        // go log into website
        // if they have an account
        // retrieve role and contact info
        // else
        // return invalid credentials message
    }
}

I have looked online for a while now and most answers seem to relate to allowing annonymous access and not actually authenticating the user.

Agamemnon
  • 587
  • 2
  • 15
  • 44

2 Answers2

1

You don't need to log in to get the user info. Although I'm not sure the logging in part works from a web service.

UserInfo user = UserController.GetUserByName(username);

if (user != null)
{
    string email = user.Email;
}
else
{
    //user not found
}

Or if you do want to log in for added security, you can do this:

string resultText = string.Empty;

UserLoginStatus loginStatus = new UserLoginStatus();
UserController.UserLogin(PortalId, username, password, null, PortalSettings.PortalName, DotNetNuke.Services.Authentication.AuthenticationLoginBase.GetIPAddress(), ref loginStatus, false);

switch (loginStatus)
{
    case UserLoginStatus.LOGIN_SUCCESS:
        resultText = "OK";
        break;
    case UserLoginStatus.LOGIN_FAILURE:
        resultText = "Failure";
        break;
    case UserLoginStatus.LOGIN_USERLOCKEDOUT:
        resultText = "Locked out";
        break;
    case UserLoginStatus.LOGIN_USERNOTAPPROVED:
        resultText = "Not approved";
        break;
    default:
        resultText = "Unknown error";
        break;
}
VDWWD
  • 35,079
  • 22
  • 62
  • 79
  • The logging-in part is to make sure the user is in the role group 'member'. The idea being that they enter their website login credentials on the app, the app passes this onto the webservice, the webservice attempts to log into the website and then verifies that the user is indeed a 'member' and so allowed to access further content. – Agamemnon Nov 04 '16 at 10:54
  • Updated my answer. You can now handle the results of a login attempt – VDWWD Nov 04 '16 at 10:56
  • Ah, cool. I guess I could handle a login attempt and if successful do an 'annonymous' request for the role related to that userID/portalID combo? – Agamemnon Nov 04 '16 at 10:58
  • If the login status is OK, you can get the `UserInfo` as seen in the first part of the snippet, you now know that the user is autenticated. – VDWWD Nov 04 '16 at 11:03
  • OK perfect, this is just what I was looking for. Thanks for your help! – Agamemnon Nov 04 '16 at 11:15
1

Honestly, the easier solution would be to simply pass the username & password as basic authentication, using the [DnnAuthorize] attribute you can validate that the user is the one you want and you can then use UserController.GetCurrentUser() to get the logged in user.

Mitchel Sellers
  • 62,228
  • 14
  • 110
  • 173
  • So, in my app, I have a small form where the user enters their DNN username and password, this then gets sent in JSON to the webservice... what happens next? – Agamemnon Nov 04 '16 at 16:26