Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • James C 17 posts 138 karma points
    Feb 23, 2018 @ 10:37
    James C
    0

    Can't Login With Programmatically Created User

    I have programmatically created a user in version 7.7.9 with the following code:

    // Obtain current user service
            var userService = ApplicationContext.Current.Services.UserService;
            // Try to obtain a user with the given email in case one already exists
            var user = userService.GetByEmail(email);
    
            if (user == null)
            {
                // Create a new user
                var newUser = userService.CreateUserWithIdentity(username, email);
                // Get user group as IReadOnlyUserGroup
                var userGroup = userService.GetUserGroupByAlias("admin") as IReadOnlyUserGroup;
                // Add the userGroup to the newUser
                newUser.AddGroup(userGroup);
                // Set the user's password
                newUser.RawPasswordValue = password;
                // Save the new user
                userService.Save(newUser);
            }
    

    This works and the user is created, however I am then unable to login with the user even after logging in to the dashboard with a different admin account and resetting the new account password.

    I also created a new user from the backoffice and tried to login which worked no problem at all.

    Could someone please help me with where I'm going wrong here?

    Thank you in advance.

  • Steve Morgan 1290 posts 4306 karma points c-trib
    Feb 23, 2018 @ 11:00
    Steve Morgan
    2

    Hi,

    The RawPasswordValue needs to be hashed and salted.

    I'm not sure this is the recommended way but it works!

    if (user == null)
    {
        // Create a new user
        var newUser = userService.CreateUserWithIdentity(email, email);
        // Get user group as IReadOnlyUserGroup
        var userGroup = userService.GetUserGroupByAlias("admin") as IReadOnlyUserGroup;
        // Add the userGroup to the newUser
        newUser.AddGroup(userGroup);
        // Set the user's password
        newUser.RawPasswordValue = (Membership.Providers["UsersMembershipProvider"] as UsersMembershipProvider).HashPasswordForStorage(password); ;
        // Save the new user
        userService.Save(newUser);
    }
    

    HTH

    Steve

  • Dan Diplo 1543 posts 6098 karma points MVP 4x c-trib
    Feb 23, 2018 @ 12:50
    Dan Diplo
    1

    Can't you just use the SavePassword method on UserService?

    ApplicationContext.Current.Services.UserService.SavePassword(IUser user, string password)
    

    This should hash it like the MemberShip provider would.

  • Steve Morgan 1290 posts 4306 karma points c-trib
    Feb 23, 2018 @ 13:04
    Steve Morgan
    2

    You're right except you need to enable the changing of passwords in the web.config then.

    allowManuallyChangingPassword attribute on the UsersMembershipProvider setting

  • James C 17 posts 138 karma points
    Feb 23, 2018 @ 15:03
    James C
    0

    Thanks for your reply Steve.

    I was confused at the fact that when creating a user programmatically you assign them a username because this isn't the case when you create a user in the backoffice. I was creating a new user with my code and then trying to login using their email address which was failing. Turned out that I should have been using their username to login and the code worked all along.

    Not sure if this is correct then based on what you said Steve, but I was able to assign the 'RawPasswordAnswer' without hashing the password and still successfully create a new user. No doubt the code for hashing a password will come in useful in the future if not needed here though so thank you for that.

  • Anders Bjerner 455 posts 2680 karma points MVP 5x admin c-trib
    Feb 23, 2018 @ 15:21
    Anders Bjerner
    1

    A little side node regarding the username.

    Umbraco now has a setting in umbracoSettings.config called usernameIsEmail. If set to true (which is default), you will only see an email field in the backoffice, as the email address also will be used for the username. If disabled, you'll get both the username and email fields.

    I think this setting was introduced along with the new users section in 7.7.

    <security>
      <!-- by default this is true and if not specified in config will be true. set to false to always show a separate username field in the back office user editor -->
      <usernameIsEmail>true</usernameIsEmail>
    

    As this setting can be disabled/enabled, the code still let's you specify a username.

Please Sign in or register to post replies

Write your reply to:

Draft