Back To: DotNetNuke : A Single Sign on Solution (C#)

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
 
public partial class SingleSignOn : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        string username = Request.QueryString["username"].ToString();
        string password = Request.QueryString["password"].ToString();
 
 
        if (ISAuthendicated(username, password))
        {
            lblStatus.Text = "Authendication Success";
            FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddYears(1), true, "");
            HttpCookie cookie = new HttpCookie(".SingleSignOn");
            cookie.Value = FormsAuthentication.Encrypt(fat);
            cookie.Expires = fat.Expiration;
            HttpContext.Current.Response.Cookies.Add(cookie);
        }
        else
        {
            hlLoggedin.Visible = false;
            lblStatus.Text = "Authendication Failed";
        }
 
        //Reset the password
        //Even a failed attempt will cause a new password to be created
        //A hacker would be chasing a moving target
        DeletePassword(username);
 
    }
 
    private bool ISAuthendicated(string username, string password)
    {
        string tmpPassword = "";
        string strSQL = "Select password from SingleSignOnUsers where [username] = @username";
 
        SqlCommand cmd = new SqlCommand(strSQL, new SqlConnection(GetConnectionString()));
        cmd.CommandType = CommandType.Text;
        cmd.Parameters.Add(new SqlParameter("username", username));
        cmd.Connection.Open();
 
        SqlDataReader dr = cmd.ExecuteReader(CommandBehavior.CloseConnection);
        while (dr.Read())
        {
            tmpPassword = Convert.ToString(dr["password"]);
        }
 
        dr.Close();
 
        return (tmpPassword == password & password != "");
    }
 
    private void DeletePassword(String username)
    {
        Random rnd = new Random();
        string tmpPassword = username + rnd.Next(1000, 99999).ToString();
 
        string strSQL = "Update SingleSignOnUsers set password = @password where username = @username";
        SqlCommand cmd = new SqlCommand(strSQL, new SqlConnection(GetConnectionString()));
        cmd.CommandType = CommandType.Text;
 
        cmd.Parameters.Add(new SqlParameter("@password", tmpPassword));
        cmd.Parameters.Add(new SqlParameter("@username", username));
 
        cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        cmd.Connection.Close();
    }
 
    private static string GetConnectionString()
    {
        return ConfigurationManager.ConnectionStrings["SingleSignOnDB"].ConnectionString;
    }
}