DotnetNuke Changes to Promote User to SuperUser

I implemented mixed Authentication for DotNetNuke ( Use Windows Integrated Authentication for seamless logon intranet logon and use Forms authentication for users unable to use Windows Integrated authentication), similar to as I did it before for my ASP.NET application . See my previous post about some problems that I had.

It is also required to promote imported from Active Directory Administrator user to SuperUser. The current DNN core doesn’t support this.It only allows to create a new SuperUser.

I had to add a new link button “Make SuperUser” to ManagedUsers.ascx.
Some code was added to hide the button according to user permissions(set Visible=false for a new button in the same places where cmdManageRoles.visible=false)

In Click event I’ve added call to add user to Asp.NET membersip (“dnn-1“ application for SuperUser) and update dnn_user table to set SuperUser=1. The current UserController.UpdateUser method doesn’t allow to change SuperUser flag, so new Stored Procedure and method has to be created.

        Protected Sub cmdSuperUser_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdSuperUser.Click

            ‘ update the user record in the database

            If Not UserInfo.IsSuperUser Then Exit Sub ‘Only SuperUser can make another SuperUser

            Dim objUsers As New UserController

            Dim ObjUser As UserInfo

            ObjUser = objUsers.GetUser(PortalId, UserId)

 

            If Not ObjUser Is Nothing AndAlso ObjUser.IsSuperUser = False Then

‘Required to force load from AspNetSecurity.Membership.GetUser ‘see http://geekswithblogs.net/mnf/archive/2006/03/15/72324.aspx
Dim userMembership As Entities.Users.UserMembership = ObjUser.Membership

                ObjUser.PortalID = -1

                ObjUser.IsSuperUser = True

                Dim objStatus As AspNetSecurity.MembershipCreateStatus = UserController.CreateInMembershipProvider(ObjUser)

                Select Case objStatus

                    Case MembershipCreateStatus.Success, MembershipCreateStatus.DuplicateUserName

                        ‘Update User doesn’t update IsSuperUser flag

                        SetSuperUser(ObjUser)

                    Case Else

                        UI.Skins.Skin.AddModuleMessage(Me, objUsers.GetRegistrationStatus(objStatus), UI.Skins.Controls.ModuleMessage.ModuleMessageType.YellowWarning)

                End Select

 

            End If

        End Sub

        ‘Should be a part of UserController

        Public Sub SetSuperUser(ByVal objUser As UserInfo)

            Dim objSecurity As New PortalSecurity

            Dim objUserController As New UserController

            ‘HACK, should be methods in DataProvider and SQlDataProvider,

            ‘SP with DatabaseOwner & ObjectQualifier

            ‘DataProvider.Instance.SetSuperUser(objUser.UserID,ObjUser.IsSuperUser )

            Dim sSQL As String = “exec dbo.dnn_User_SetSuperUser ” & objUser.UserID & ” , ” & Convert.ToInt16(objUser.IsSuperUser)

            Microsoft.ApplicationBlocks.Data.SqlHelper.ExecuteNonQuery(DotNetNuke.Common.Utilities.Config.GetConnectionString(), CommandType.Text, sSQL)

 

        End Sub

 

I’ve also re-factor UserController class to separate function CreateInMembershipProvider that was a part of AddUser Function.

        ‘mnf 16/3/2006 added to call from SetAsSuperUser

        Public Shared Function CreateInMembershipProvider(ByVal objUser As UserInfo) As AspNetSecurity.MembershipCreateStatus

            ‘Dim UserId As Integer = -1

            ‘Dim Status As UserRegistrationStatus

 

            Dim objSecurity As New PortalSecurity

            Dim objStatus As AspNetSecurity.MembershipCreateStatus = AspNetSecurity.MembershipCreateStatus.Success

            If objUser.IsSuperUser Then

                Common.Globals.SetApplicationName(Common.Globals.glbSuperUserAppName)

            Else

                Common.Globals.SetApplicationName(objUser.PortalID)

            End If

 

            Dim objMembershipUser As AspNetSecurity.MembershipUser

            objMembershipUser = AspNetSecurity.Membership.CreateUser(objSecurity.InputFilter(objUser.Membership.Username, PortalSecurity.FilterFlag.NoScripting Or PortalSecurity.FilterFlag.NoMarkup), objUser.Membership.Password, objSecurity.InputFilter(objUser.Membership.Email, PortalSecurity.FilterFlag.NoScripting Or PortalSecurity.FilterFlag.NoMarkup), Nothing, Nothing, objUser.Membership.Approved, objStatus)

            Return objStatus

        End Function

The Stored Procedure is created in the following script:

SET QUOTED_IDENTIFIER ON
GO
SET ANSI_NULLS ON
GO

create  procedure {databaseOwner}{objectQualifier}User_SetSuperUser
@UserId         int,
@IsSuperUser    bit

as

update {databaseOwner}{objectQualifier}Users
set    IsSuperUser=@IsSuperUser
where  UserId = @UserId

GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO

Advertisements