User registration using ItemBridge issue

Topics: Developer Forum
Jan 19, 2016 at 5:16 PM
Edited Jan 19, 2016 at 5:18 PM
Hi all,

I'm attempting to register users via ItemBridge as I also need to store a few other user related items in a profile. The registration works fine with the users appearing in the admin User page. I've followed the code from the page below.
https://n2cmsdocs.atlassian.net/wiki/display/N2CMS/Permissions+and+Roles%2C+Programmatically

My issue arises when I attempt to login as one of the newly registered users. The user isn't able to login at all, which I suspect is related to password encryption/hashing.

The ValidateUser method is the standard version. _provider.ValidateUser and FormsAuthentication.Authenticate both return false.
return (_provider.ValidateUser(userName, password) && _provider.GetUser(userName, false).IsApproved)
                || FormsAuthentication.Authenticate(userName, password);
However, if I change the user's password via the admin the login functionality works.

Creating users and logging in works perfectly by ditching ItemBridge and using the standard MembershipProvider CreateUser method, but then I lose the user profile functionality that I really need to keep. Creating usering directly in the admin also works perfectly.

So, is there either an ItemBridge version of ValidateUser or does the Itembridge CreateUser need to be amended to hash the password correctly?

Any help with this would be HUGELY appreciated. I've been smashing my head against this for days.

Thanks,
Stuart
Jan 25, 2016 at 7:25 PM
Edited Jan 26, 2016 at 1:26 PM
You are right: the problem is related to password management!

ItemBridge stores username and password without any processing, that is it stores password value as given,
assuming the caller already hashed or encrypted password value as configured in Web.config for membership provider.

The solution therefore is to create users using MembershipProvider, which will do password hashing/encryprion and call ItemBridge.CreateUser with username/password values to be stored in persistency.

Example:
System.Web.Security.Membership.Provider.CreateUser(username, plainPassword, ...)
... now you may find created user instance and manage its properties using ItemBridge ...

I hope it helps. Regards from Slovenia!
Jan 26, 2016 at 9:51 AM
Thanks Janpub.

I should have posted a reply as soon as I found a solution, but here's how I worked around it.

After discovering that the ItemBridge CreateUser was storing the password in the database in clear text, I grabbed the ComputeSHA1Hash function from the standalone N2 password hasing app and integrated it into the code. Registration and login then worked as expected.

My next problem is storing a user profile but I need to investigate this further. Unfortunately there are no error messages and everything from a coding point-of-view seems to be working correctly but I just get empty strings when I attempt to retrieve the data.