When trying to write an authentication module for a custom data store or custom authentication system (i.e. LDAP, CAS, Active Directory, etc.), I’ve found that a lot of the examples people have done are lacking in some way. The DNN system that I use needs to be able to authenticate users against an LDAP. Since my system is also a collection of multiple portals, I also need our authentication system to allow people who have accounts in other portals to automatically be added as a valid user to another one they sign-in to without having to enter a password. The last part is difficult because the default design of DNN makes it difficult to have one user span multiple portals. I discovered that in order to get it to work properly, you have to bypass some of the DNN API’s and go straight to the data providers. First, I created a class to represent the custom configuration of the module:
The next thing I did was create some classes to represent a user and also handle authentication with the LDAP.
The next thing I have to do is setup the custom Login.ascx and Settings.ascx.
I’d like to point out two area of code that caused me some consternation. One, is line 143 of the RouteYLogin class. Normally you are supposed to go through the DNN API to add an already existing user in another portal to a different portal. However, you need to know the user’s password in order to do that. To get around this issue, I just call down into the data provider method that adds users to the system. This particular call either adds a user if they don’t exist anywhere in the DNN database or it will just associate an already existing user to the portal so that they can now log in. Second, line 166—this took some time to find. Apparently, if you are going to use alternative means of authentication, enable that form of authentication for every user. What that means is that when a user logins in, however they login must eventually map back to DNN’s store of users. There were no examples I could find on this so it took a while to find the API call. That’s generally it. The rest of the code syncs a user’s profile from the LDAP to DNN so that it is available for html replacement and other modules that make good use for profile data. I hope this helps.