I'm try to use drupal open id module. When i used to login using any provider id(yahoo,google,facebook..) it goes to registration page of my site. My question is how to populate details of the user to my form without additional burden to the user ?. For ex name,email-id etc. Is there any module associated with it ?
I haven't tried this, but this module sounds like it does what you want:
http://drupalmodules.com/module/openid-autoregistration
"Module allows automatic registration of (successfully logged in) OpenID users, even in case OpenID provider didn't supply data necessary for Drupal user registration (valid username and email)".
Related
I want my website to be seen by anonymous users. and i don't want it to have a login /register user part.
i just need one user as administrator and its username and password is chosen manually.
what is the best practice to implement this login part (website has only one user for ever).
my question is how to implement this one user login part, where store username and password and does it need a table in database?
For me - if you're having such a simple system, then merely storing the username / pwd in the web.config is fine.
I'd create a helper class to wrap up talking to the config file (ConfigurationManager.AppSettings on MSDN) and use and evaluate a simple "logon" action.
No table needed.
Finally - make sure you add the AuthoriseAttribute to your controller that will be doing the admin actions...
HTH
Simplest way - just delete the controller and the view responsible for registering new users, change the routing to the login page and you're set.
I was wondering if it is possible to make it so the editors within sitecore can set it so you require a username/login to only one specific page.
www.yourwebsite.com - No password required
www.yourwebsite.com/internalstuff - password required and set within CMS by the editors.
This is explained extensively in the Security Administrator's Cookbook that is supplied by Sitecore.
This is what you need to do, in a few short steps:
Create a user group with the User Manager (on the Extranet domain, that's how it's called by default, could be different in your installation)
Add users to the group
Go to the Security Editor, select the item(s) you want to protect, and disallow Read rights for the Anonymous user (this makes it impossible for not-loggedin users to view it)
Enable Read rights on your item(s) for your new user group
Make sure to read the cookbook so you know how to use security inheritance properly. That will save you a lot of time in the future.
Actually it's possible with no coding if you have Web forms for Marketers installed. It's not an enterprise ready login with e-mail activation etc. but it works. First, you should of course set up access rights and roles as mentioned in this answer by Ruud plus you need WFFM ready with forms styled and a placeholder configured to accept forms.
Go to WFFM and create a registration form (username as single-line text field, password as password-confirmation field)
as save action add "Create User" (configure correct domain/role there) (you could also add a "User Login with Password action and log the user in directly after registration)
add the registration form to a public page
create a login form (username as single-line text field, password as password field); again map the data to the username, password and domain set up for your extranet)
add the login form to a public page
enjoy :)
Note: this requires you to have write access to the asp.net user tables (by default set up in the core database). Make sure your security requirements are compliant with that. And as already mentioned this will not give you a basic e-mail validation up on registration.
I have a registration-login system on my own website yet I want to add Facebook Connect too. I have some required parts of my user table as:
Username
Password
Email
The first thing that came to my mind is, setting userId as username, userId#facebook.com as email and setting the password to null and check if a record exists with these details in my user table. If not insert a new user with these details, if exists return that user details.
Is this a good design? How should I connect facebook connect to my website?
Thank you
I would suggest you to take this into a more deep ASP.NET, and start an MVC project
then use the Microsoft Facebook API SDK to play around with the API, it's very easy and because they are using the new dynamic type, now that Facebook changed the Open Graph, it will continue to work great as well.
in your login page, add a facebook login button and ask for permissions, for example:
<fb:login-button perms="email" size="medium">
redirect-uri="http://yourdomain.com/FBLogin/"
Subscribe using Facebook</fb:login-button>
in your FBLogin controller, login the user using the FB credentials, if the user uses your normal form, use the normal login
If you create a custom MemberShip Provider, you can easily use that for both accesses... I write a simple start to a custom Membership provider here
I'm working on a Drupal 6 module to provide OAuth-based user authentication and registration. I'm already using the OAuth module to authenticate as described on http://oauth.net/core/1.0a/#anchor9. The next step is to create the user account using information provided after authentication using an custom API of the Service Provider.
According to http://drupal.org/node/497612#comment-3047302, I should not use user_external_login_register() but see the OpenID module for how to properly login an external user.
After studying the OpenID module, here is what I plan to do:
Try to load an existing user for a authname build from the custom API result using user_external_load().
If a user exists, use user_external_login() to log the user in.
If not, pretend the registration form has been submitted (like openid_authentication() does) to create a new user account. And redirect to a pre-filled form if any additional information is needed in order for the user to register.
Is this the right way to do it ? Is there another module worth looking at for how to this properly in addition to OpenID ?
You could have a look at the former Drupal module. That module did two entirely different things (hooray for the architecture :)).
* It puplished information to a central "who runs Drupal" directory. (and offered a page to show such a directory yourself!)
* It allowed login with credentials from other Drupal-sites.
The latter is what you are looking for. Note that the module was discontinued, not because the method for logging in was done wrong, but because the DrupalID mechanism itself is flawed. It has been replaced with openID and oauth.
http://drupalcode.org/viewvc/drupal/drupal/modules/drupal/drupal.module?hideattic=0&view=markup
The hooks and methods you would be looking for (in that order) are:
drupal_form_alter -- Adds validate-callback to the login forms.
drupal_form_user_login_alter -- Adds information about alternative login on login form.
drupal_distributed_validate -- Validation callback: calls drupal_auth to see if the user is valid. If so, calls user_external_login_register
drupal_auth -- Helper for validation callback: determines if the credentials are valid.
All other functions are either helper functions for these, or provide that directory-feature, or allow remote sites to authenticate against our database. Neither of which you will be using.
I have managed to get all the authentication parts working, however i am confused about setting up registration.
By registration i mean that if the OpenID is not attached to an existing account, then a new account must be created.
Should i simply have it return to a registration page (with from fields for registration) and redirect to a different page if the user is registered?
Is there a way to set up a clean and simple registration flow without signing the user in first (formsauthentication.redirectfromloginpage) then checking if they are new on every page?
Sorry if this is worded badly, like most other things i ask it is difficult to explain!
Thanks
Ideally, no registration is required at all beyond simply an OpenID. Does your site require to know more than a user identifier to provide any functionality at all?
If your site can offer any services to users (even just informational) without asking for more than their identifier, which OpenID supplies, then don't have a registration page at all. This is by far the best for the users and will lower the barrier of entry to new users to your site. Then, when the user accesses a page that offers something that requires the user to give up more information about themselves, stick them with a registration page at that time.
If you must stick up a registration page for all new users, I suggest you do a check every time someone logs in with their OpenID. If you recognize the OpenID Claimed Identifier upon successful login, you just let them through... otherwise you create a database entry for them and redirect them to the registration form.
You can optimize the experience by using OpenID extensions such as Simple Registration or Attribute Exchange so that the user might get a pre-filled out registration form courtesy of the OpenID Provider, further streamlining the registration process.