Generate Logins from Unencrypted Passwords using the MembershipWebService in iMIS15

Posted October 9th, 2007 by mriley

Frequently, customers have a previous website where they have logins and passwords they would like to preserve in a new iMIS based website.

The following is sample Coldfusion code on how to access the new i15 MembershipWebService and user the RegisterWebUser method to load logins and passwords into iMIS in bulk.

This can also be modifled to replace the Generate Logins functionality of e-SEries by pre assigning logins and passwords based on a formula.

The RegisterWebUser method may be used anonymously and has limitations. If the site is still using e-Series, or uses e-Series security groups for Content Manager security, this method appears to make all users in the same security group, Anonymous. So code would have to be applied after generating the logins to update the Security Groups.

Also, the method enforces unique logins. It will throw an error if it encounters any duplicate login names.

Of course similar code can be created in ASP.NET to call the service, if any of you figure that out, please post so we have both methods. This is just an example of a transitional process to ease into ASP.NET public views.

Also attached code as attachment. It is wrapped in comment tags.

To view code, click on attachment then click on Edit>>ViewSource

Otherwise the code is hidden.

<!---<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Bulk Assign Passwords</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<cfquery name="GetOldPasswords" datasource="CF_iMIS">
select n.ID contactID2, n.Member_Type, e.userLogin, e.userPassword, n.email 
from Name n, Name_UD_Demographics d, eResourceContacts e, Name_Security ns
 where n.ID = d.ID and e.oldContactID = d.PERSON_ER_ID 
and ns.ID = n.ID and ns.WEB_LOGIN = ''
and n.MEMBER_TYPE <> 'STAFF' and e.userLogin <> '' 
and n.Member_Type = 'INDIV' 


</cfquery>


<cfoutput>
<cfloop query="GetOldPasswords">

<cftry>

       <cfinvoke webservice="http://www.xyz.com/imis15/AsiCommon/Services/Membership/MembershipWebservice.asmx?wsdl" 

method="RegisterWebUser" returnvariable="results">
 <cfinvokeargument name="contactID" value=#contactID2#>
              <cfinvokeargument name="username" value=#userLogin#>
              <cfinvokeargument name="password" value=#userPassword#>
              <cfinvokeargument name="email" value=#email#>
			  <cfinvokeargument name="passwordQuestion" value="">
			  <cfinvokeargument name="passwordAnswer" value="">
			  <cfinvokeargument name="isApproved" value="True">
</cfinvoke>

       <cfcatch>

              <cfoutput>

       <cflog text="#cfcatch.message#" log="APPLICATION" type="Error" thread="yes" date="yes" time="yes" 

application="yes">

              <script>

              alert('MembershipWebservice Error \(ValidateUser\) #cfcatch.message# #contactID2#');

              history.go (-1);

              </script>

              <cfabort>

              </cfoutput>

       </cfcatch>

</cftry>
</cfloop>
</cfoutput>
</body>
</html>
--->

Attachment	Size
GenerateLoginsCode.txt	1.75 KB

mriley's blog | login or register to post comments | printer friendly version

This VB code works as well.

On February 10th, 2009 Andie Millet says:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load


        Dim ContactID As String

        Dim userName As String

        Dim Password As String

        Dim email As String

        Dim passwordQuestion As String

        Dim passwordAnswer As String

        Dim isApproved As Boolean

        Dim ws As New Asi.Web.Services.Membership.MembershipWebService

        Dim rtn As New Asi.Web.Services.Membership.WebServiceProxyableMembershipUser
        ContactID = "99999"

        userName = "login"

        Password = "password02"

        email = "email@email.com"

        passwordQuestion = "enter your question here?"

        passwordAnswer = "enter your answer here"

        isApproved = True
        ' call the web service here.

        rtn = ws.CreateImisUser(False, True, ContactID, userName, Password, email, passwordQuestion, passwordAnswer, True)

End Sub

Using the VB code

On March 5th, 2010 cnd says:

Sorry to sound a noob - but - how would I actually use the above VB code?

I presume I save it in a file, then open it with something (Visual studio? or can I use something already on a server? Maybe inside an HTML or .HTA file with <script language=vbscript? or something????)

this above example looks like a fragment that lives somewhere, and does something on demand?

Basically - I've got 2500 users who I need to set up a username/password/question/answer for... how would I stitch together my CSV file of that data, with the above script, to make the magic happen?

You need to write in in

On March 12th, 2010 Andie Millet says:

You need to write in in Visual Studio. I think I posted sample code with it in C# as well. You will need to add references to ASI's DLLs. Are you familiar with working with Visual Studio? What kind of site are you trying to generate logins for, iMIS Public View, WCM, eCM or eSeries or do you have another site that you are just using iMIS unified logins for?

Thanks,
Andie

Hi, Can you able to post

On March 12th, 2010 Balaji says:

Hi,

Can you able to post your CSV [SCHEMA] file with 2 or 3 sample records, so that we know how to parse your csv file and create user records in iMIS.

I didn't use a CSV file. I

On March 12th, 2010 Andie Millet says:

I didn't use a CSV file. I used iBO to query the database for unique fields to create the login, such as Name.Email or Name.ID. I also used fields from the name record to create the passwords. I looped thorough the cContacts object and used that info to create the login.

Thanks,

Andie

Just a little on strategy

On March 12th, 2010 mriley says:

The concept of the original post was that a system had existing logins and passwords that were both unencrypted and not in iMIS 15.

So as a strategy, if you have a list of existing logins and passwords it is best to get it into SQL, likely in an iMIS custom table.

Then select the records and use the code to create .NET users. This ends up populating aspnet_Membership and aspnet_Users among other things.

Hope that helps a bit.

Can't you query the non-iMIS

On March 13th, 2010 Andie Millet says:

Can't you query the non-iMIS database, match the records to the ones in the iMIS database and then set the credentials?

Thanks,

Andie

A TSQL way to generate logins & passwords

On May 29th, 2010 Cathy Johnson says:

I needed to create a method for generating logins & passwords in this scenario:

the client who's on 15.1 but is still using SQL 2000 (that is to say use of CLR procs is not available)
I want this process to run on a scheduled basis so adding it to other nightly iMIS jobs running via SQL Agent would be ideal for support purposes -- i.e., everything in one place
volume of records created in their db is low so not many login & passwords need to be generated on a daily basis but enough that they don't want a staff person to have to do this manually
I'm stupid when it comes to .NET programming

So I started googling to see what was available to me and here's a solution I have working:

Element #1: spHTTPRequest proc

I used the code I found here:

http://www.vishalseth.com/post/2009/12/22/Call-a-webservice-from-TSQL-%28Stored-Procedure%29-using-MSXML.aspx

This proc allows you to call a web service using TSQL.

Element #2: proc that calls spHTTPRequest

The hardest part for me was getting the right syntax of the SOAP request (see last item in initial bullet list), so here's the code for that:

set @URL = 'http://{your server name}/imis15/AsiCommon/Services/Membership/MembershipWebService.asmx'

        --now login and pwd are set so we can call the membership web service via the stored proc
        --spHTTPRequest to create the new user
        set @RequestText=
        '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
           <soap:Body>
              <CreateImisUser xmlns="http://imis.com/webservices/membership">
            <staffUser>false</staffUser>
            <webUser>true</webUser>
            <contactID>' + @ID + '</contactID>
            <username>' + @Login + '</username>
            <password>' + @Password + '</password>
            <email>' + @Email + '</email>
            <passwordQuestion></passwordQuestion>
            <passwordAnswer></passwordAnswer>
            <isApproved>true</isApproved>
            </CreateImisUser>
           </soap:Body>
        </soap:Envelope>'

        exec spHTTPRequest
            @URL,
            'POST',
            @RequestText,
            'http://imis.com/webservices/membership/CreateImisUser',
            'something', 'nothing', @xmlOut out

I also read the output and stick that into an Activity record to show that the weblogin was created:

        exec sp_xml_preparedocument @hdoc OUTPUT, @xmlOut,
            '<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:xsd="http://www.w3.org/2001/XMLSchema"
            xmlns:t="http://imis.com/webservices/membership"/>'

        INSERT into Activity
        (SEQN, ACTIVITY_TYPE, TRANSACTION_DATE, ID, UF_1, UF_2, UF_6 )
        SELECT @SEQN,
            'WEBLOGIN',
            convert(datetime, convert(varchar(10), getdate(), 101)),
            @ID,
            UF_1,
            UF_2,
            getdate()
        FROM OPENXML(@hdoc, 'soap:Envelope/soap:Body/t:CreateImisUserResponse/t:CreateImisUserResult', 2)
        WITH     (UF_1 varchar(255) 't:userName',
                UF_2 varchar(255)     't:providerUserKey' )

This is NOT a robust solution that should be used to create thousands of logins/passwords on a regular basis. The spHTTPRequest is using the spOA_ extended stored procs so I think that's where there's a memory usage issue. Even doing 2000 or so logins on the initial run of this proc on the live db required me to run it twice, but going forward it's going to need to create maybe a dozen logins/passwords per run, so I think it's "good enough." So absolutely no warranties, guarantees on this code. Use at your own risk and peril. Blah blah blah.

Cathy Johnson
Panopea Consulting

iMIS Community