r_honey
Regular User
Posts:73
 | | 05/22/2008 6:01 AM |
| I have observed that DNN does not allow changing Role Names for Roles once created through the User Interface. When I studied the underlying Stored Procedure, I observed that neither does the procedure supports so. Is there any specific reason to disallow changing Role Names (Role Group Names are allowed to be changed however!!!) For some reason, my modules require chaging Role Names after they have been created. Although I have coded the Sql & VB part of it (which was not very difficult), is there any kind of security or integration issue with the rest of DNN framework, if I am doing so through a custom module??? | | | |
|
Mitchel Sellers
Site Admin/Owner
Guru
Posts:5607
| | 05/22/2008 10:47 AM |
| | I am not exactly sure, but I believe that the roles might be cached in encrypted text format in a user cookie and that might be the issue...but I am NOT sure! | |
-Mitchel Sellers
MCITP, MCPD, MCTS
Director of Development
IowaComputerGurus Inc.
3Essentials is my recommended Shared Hosting Provider
This site is hosted on a VPS from HostMySIte.com
Mosso is my recommended cloud computing provider. Use reference code REF-ICG to get $100 off your second month!
To get Guaranteed DNN Support check out our affordable DNN Technical Support Programs | |
|
r_honey
Regular User
Posts:73
| | 05/22/2008 1:13 PM |
| After each such Role Update, I am clearing the Role Cache like DNN does after it creates or deletes a Role!!! So, would that resolve this issue??? | | | |
|
r_honey
Regular User
Posts:73
| | 05/23/2008 9:56 AM |
| There are 3 points I would like to know here: 1) What mechanism is used when someone selets "Remember Login"? 2) How can I configure DNN not to use cookies to persist security/permissions? 3) Even if DNN uses cookies to persist security information, how can I make DNN to reject all cookies & set them anew by asking the user to re-login after I have updated role names??? This should not be much of a problem, as obviously role names are not updated that often. However, if & when they do, it is important to expire all cookies, or else an unauthorized user may gain access to a restricted portion of the site, if the Role Names clash in some way after updation!!! | | | |
|
Mitchel Sellers
Site Admin/Owner
Guru
Posts:5607
| | 05/23/2008 11:05 AM |
| 1.) A persistent cookie is set on the client side that stores the login information for future use. This is the same process used by the standard ASP.NET Forms Authentication
2.) You can try changing values inside the web.config for the authentication, however, I am not sure if it works...
3.) This one I have no clue on..... | |
-Mitchel Sellers
MCITP, MCPD, MCTS
Director of Development
IowaComputerGurus Inc.
3Essentials is my recommended Shared Hosting Provider
This site is hosted on a VPS from HostMySIte.com
Mosso is my recommended cloud computing provider. Use reference code REF-ICG to get $100 off your second month!
To get Guaranteed DNN Support check out our affordable DNN Technical Support Programs | |
|
r_honey
Regular User
Posts:73
| | 05/23/2008 11:31 AM |
| I saw a table UsersOnline that is used by DNN. If I clear that table after Role Updation, would that Logout all users??? How does DNN decide which users are logged in when it shows the appropriate icon on Admin User Management Page. If there is a IsOnline value somewhere in the DB, I can clear that. Or Else, I can clear out the UsersOnline table. Would that resolve the issue??? | | | |
|
r_honey
Regular User
Posts:73
| | 05/23/2008 11:35 AM |
| Can I hook into the DNN Login procedure. That way, after I update a Role, I can set some Flag myself, & clear the cookies if that flag is set, thus requiring users to relogin after Role Updation??? | | | |
|
Mitchel Sellers
Site Admin/Owner
Guru
Posts:5607
| | 05/24/2008 2:59 AM |
| You might be able to do that pretty easily.
Especially in 4.6.0 and later with the authentication providers... | |
-Mitchel Sellers
MCITP, MCPD, MCTS
Director of Development
IowaComputerGurus Inc.
3Essentials is my recommended Shared Hosting Provider
This site is hosted on a VPS from HostMySIte.com
Mosso is my recommended cloud computing provider. Use reference code REF-ICG to get $100 off your second month!
To get Guaranteed DNN Support check out our affordable DNN Technical Support Programs | |
|
r_honey
Regular User
Posts:73
| | 05/24/2008 12:33 PM |
| I could not find an AuthenticationProvider folder with other folders like Membership Provider. Where do I need to look for Authentication Providers??? | | | |
|
Mitchel Sellers
Site Admin/Owner
Guru
Posts:5607
| | 05/25/2008 1:34 AM |
| I'm sorry I should have given you a bit more detail. You can find the default providers in the
/DesktopModules/AuthenticationServices
folder. | |
-Mitchel Sellers
MCITP, MCPD, MCTS
Director of Development
IowaComputerGurus Inc.
3Essentials is my recommended Shared Hosting Provider
This site is hosted on a VPS from HostMySIte.com
Mosso is my recommended cloud computing provider. Use reference code REF-ICG to get $100 off your second month!
To get Guaranteed DNN Support check out our affordable DNN Technical Support Programs | |
|
r_honey
Regular User
Posts:73
| | 05/25/2008 2:11 AM |
| I am busy with other modules. Would get back to this issue (& to you if this issue poses problems then also) again!!! | | | |
|