Home » blog » BWALKER's blog

Cold Fusion Unified Login

Posted January 6th, 2010 by BWALKER

Form Fields:CONTACTID=3731840FIELDNAMES=CONTACTID, PASSWORD, REMEMBERLOGINPASSWORD=REMEMBERLOGIN=True

16 ms 16 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\Security\LoginFromAspnet.cfm
15 ms 15 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\Application.cfm
0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\ApplicationCustom.cfm
0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\ApplicationUDFs.cfm
0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\OnRequestEnd.cfm
--------------------------------------------------------------------------------
This SQL Query does not return any results because it is sent iMISID not the Login.a.ContactID.

 

BWALKER's blog | login or register to post comments | printer friendly version

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

There is a session and

On January 6th, 2010 BWALKER says:

There is a session and cookie value in the ASP.net login that returns the value contactid - 159988.

This seems to be generated by the stock iMIS login and the custom login.

This works with the CM SQL for CF authentication.

What is not obvious is how the custom unified login.ascx control passes URL.ContactID and URL.Password to the CF page C:\Program Files\ASI\iMIS15\iMIS_public\AM\Security\LoginFromAspnet.cfm

Code snip below from LoginFromAspnet.cfm

<!---

This form logs in the user using given ContactID and Password.

--->

<cfparam name="application.webservicetimeout" default="60"><

<cfif IsDefined("URL.ContactID")>

<cfset FORM.ContactID = URL.ContactID>

<cfif IsDefined("URL.Password")>

<cfset FORM.Password = URL.Password>

I thought the call to the function was all that was needed.

 

tmp = Asi.ContentManagerNet.Utilities.LoginToColdFusion(((Asi.ContentManagerNet.DisplayPageBase)this.Page).Website, decimal.Parse(GetCurrentiMISID()), PasswordBox.Text, true);

tmp returns a value something like this.......

CFID=476864; CFTOKEN=9293962; DATASOURCE=iMISUpgrd; JSESSIONID=40309e138d1d101c7e; ASP.NET_SessionId=k4ohrv55whmuuki4v10w555; Login=401C6F01E4D587BB76EDEA66E94EC21F20E1E76A6476E2BB3FAC2463EFCFB4204350A56D142ECDA7C5AB56B770B464F2E9708E5016DE1F4F846502479A5D7; UserID=j4e0Tc+CLY=; FirstName=R; LastName=Gl; FullName=R Gl; Company_ID=; Email=ri@os.or; Organization=; SecurityGroup=tROkKet0pa0uPfFyiVS5jw==

When CF debugging is enabled then the tmp variable returns the CF variables as well that indicate that the cfset FORM.Password = URL.Password is set but not maintained

(could this be a CF state/persistance issue?).

There is a CF page \AM\AMeseries\eSeriesKeepLogin.cfm that is not called from the unified login. Should it be included?

The CF variables look correct when derived from the CF debug of the tmp variable.

CF page flow for the custom unified login.ascx control that authenticates and returns a coldfusion ID and cookie values were derrrived from the CF debug output of the tmp variable..

C:\Program Files\ASI\iMIS15\iMIS_public\AM\Application.cfm
C:\Program Files\ASI\iMIS15\iMIS_public\AM\ApplicationCustom.cfm

C:\Program Files\ASI\iMIS15\iMIS_public\AM\ApplicationUDFs.cfm
C:\Program Files\ASI\iMIS15\iMIS_public\AM\OnRequestEnd.cfm
C:\Program Files\ASI\iMIS15\iMIS_public\AM\Security\LoginFromAspnet.cfm

After a member authenticates with the custom unified login.ascx control and tries to view content on the communities module from the page C:\Program Files\ASI\iMIS15\iMIS_public\Source\Communities\userHomePage.cfm .

This condition seems to evaluate to false.

<cfif parameterexists(client.pword) is "YES" and parameterexists(client.id) is "YES" and parameterexists(application.organization_name.orgname) is "YES"> and forces the users to re-authentcate to the CF communites module.

I believe that if we can propogate the ASP.net login.ascx control password and the ContactID to the CF page C:\Program Files\ASI\iMIS15\iMIS_public\AM\Security\LoginFromAspnet.cfm this may remedy the unified login issue.

Here are the files and order of operation once the custom login.ascx control has been activated and the OSU FPP member tries to read content.

172 ms 172 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\Source\Communities\userHomePage.cfm

125 ms 125 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\Templates\TemplateHeader\DefaultHeader.cfm

125 ms 125 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\ScriptContent\header.cfm

15 ms 15 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\Source\Communities\cmtySecurityCheck.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\AMeseries\eSeriesKeepLogin.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\DetermineHeader.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\TemplateSection.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\Templates\FooterInclude.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\Templates\HeaderInclude.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\AM\Templates\TemplateFooter\DefaultFooter.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\ScriptContent\StyleSheet.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\ScriptContent\eSeriesHeader.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\ScriptContent\footer.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\ScriptContent\head.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\Source\Body.txt

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\Source\Communities\Application.cfm

0 ms 0 ms 1 C:\Program Files\ASI\iMIS15\iMIS_public\Source\Communities\module.cfm

0 ms 0 ms 1 C:\Progr

 

 

Bruce M Walker BSCI Chicago IL

login or register to post comments

Login to CF from ASP.net w/encapsulation and redirect control.

On January 15th, 2010 BWALKER says:

Add key to the Public View web config

<add key="unifiedlogin" value="http://abc.org/iMISPublic/am/security/" />

Add this to any class or page.

 public string LoginFromASPtoCF(string email, string variable)
        {

            string page = (configurationAppSettings.GetValue("unifiedlogin", typeof(string))) + "customlogin.cfm?l_EmailAddress=" + email + "&l_Variable=" + variable + "";
            return page;         
        }

 

Add to decrypted login file and rename customlogin.cfm.

<input type="hidden" name="EmailAddress" id="EmailAddress" size="25"  maxlength="50">
  <input type="hidden" name="Password" size="25"  maxlength="50" id="Password">
 <cfif IsDefined("URL.l_Password")>
    <cfset FORM.Password = URL.l_Password>
   </cfif>
   <cfif IsDefined("URL.l_EmailAddress")>
     <cfset FORM.EmailAddress = URL.l_EmailAddress>
   </cfif>

 

Add    this "<cflocation url = "http://abc.org/iMISpublic/Home/AM/ContentManagerNet/HomePages/abc_1501_20080104T093011HomePage.aspx?Section=home">"

Below the "</cfif>  <!--- FORM.LoginButton pressed --->" in the decrypted renamed customlogin.cfm file.

 

<cfif ListLen(Session.AdminSectionList) AND application.CMAdminDefaultWebsiteURL NEQ "">
      <cfset l_AdminURL = Left(application.CMAdminWebsiteRootURL,Len(application.CMAdminWebsiteRootURL)-1) & application.GECodePath & "Template.cfm?Section=Web_Site">
      <cfoutput><p><a href="#l_AdminURL#">Click here to enter the site administration area.</a></p></cfoutput>
    </cfif>
  </cfif>
</cfif>  <!--- FORM.LoginButton pressed --->
<cflocation url = "http://abc.org/iMISpublic/Home/AM/ContentManagerNet/HomePages/abc_1501_20080104T093011HomePage.aspx?Section=home">

Do some CF page site messaging cleanup and the unified login can be called from the custom login.ascx form.

 

     strError = unifiedLogin.LoginFromASPtoCF(LoginBox.Text, PasswordBox.Text);         
                  
                    Response.Redirect(strError);

 

 

Bruce M Walker BSCI Chicago IL

login or register to post comments