Introduction

This lab will give you a step-by-step walk through on the new features in DotNetNuke x.3.4. I will discuss using the new Roles grouping, show you how to secure content and files using roles while also covering topics new to the x.3.4 release of the DotNetNuke framework.

PLEASE NOTE:

This lab assumes that you have followed the instructions in the blog entry entitled Creating a "Test Browser" for a True Preview without the Logout/Log-back-in Pain If you haven't, please follow this link to prepare this: More Info

Membership, Profile and User Settings

General Membership Settings

• Log in as the Admin user
• Navigate to Admin > User Accounts (Or click the “Users” shortcut in the common tasks area of the Control Panel.
• At the bottom of the user accounts module on the page, click the User Settings button to view the general membership settings.
• Notice that, as an admin, you do not have access to the settings at the top of the page. Let’s scroll down a bit and talk about what we do have access to as an admin.
• Here, you have access to some portal-specific settings for security as it relates to users and some more that have to do with the way the users account module on the page we were just on works.
• The first section that you will see is a series of checkboxes that determine whether to show these profile items in the general list that you look at when you view the user accounts module.
• The next one of note is that default display mode. I like that by default it does not retrieve a list of all users because I’ve worked with a portal that has 8K users. It takes a little bit of time to load the information for all of those users. At the same time, though, I’ve worked with a portal that has 250 users and I could see wanting to list the first couple of those on the first time I load the page. So, it’s nice to have the option – you should choose the model that works best for your portal.
• The last setting that has to do with the way the list of users is displayed is the users per page where you can update how large the pages of users is displayed at a time.
• The next section is a cool feature that I saw in a third party module a year or so ago for overriding registration and I really like it – the system allows you to override the redirect settings and send the user to a predetermined page after a number of login session events like login, logout and registration.
• Next is a popular feature to foil dictionary attacks (and it’s just plain cool) and that is the CAPTCHA support for login and registration. What this does is require you to read a generated image and input the text before you can register or even before you log in.
• Require a valid Profile for Registration is a useful feature if you want more than the standard first name, last name username and email to allow a user to register. By activating this, a user also has to fill out the required fields of the profile page to register an account at your portal.
• The last piece here is the Users Display Mode in Manage Roles dropdown. If you switch this from the default to text box and go back to your security roles tab that we were using in the last lab, you will see another new feature in that it allows you to type in a username instead of choosing it from a dropdown list and even use a validate button to make sure you are trying to add a real username to be authorized for a role. You can see how this would be useful in the 8,000 user case I mentioned before.

Host General Membership Settings

• Log out and log back in as host.
• Go back to Users and then User Settings
• You can see that the top portion of settings are controlled in the web.config, so we are not going to edit those here.
• Now that we are a Host user, we have the ability to edit the number of days that will pass before a set password will expire and even the ability to set how long the user has as a grace period.
• Let’s enable CAPTCHA for login and update to save settings.
• Log out in your test browser and log back in.
• Note the additional requirements to be authenticated by the system.

Web.CONFIG Membership Settings

• Open the file at c:\inetpub\dnn334.dev\web.config with Visual Web Developer
• Look for the section that looks like the following 

<membership userIsOnlineTimeWindow="15">
      <providers>
        <add name="AspNetSqlMembershipProvider"

• Notice that, as you scroll over to the right, you can see the additional membership options that were hard coded when we tried to edit the membership settings in the User Settings control of the User Accounts module.
• Let’s edit some settings here to match our business rules.
• Change the requiresUniqueEmail parameter to true – this will disallow users from registering using an email address that already has a registration associated with it.
• In a high security model, we could change the passwordFormat attribute from Encrypted to Hashed and this would provide a one-way encryption. The reason why we don’t do this is in most situations is because we would also need to disable the ability to have the password reminder, since the system is not able to un-encrypt a hashed password.
• Let’s update the minRequiredPasswordLength to be 5 characters, but make it a strong password by updating minRequiredNonalphanumericCharacters to be 1. Now a user can make a password that has 5 characters but it has to have at least 1 non-letter-or-number character.
• Save your changes.
• Open your test browser and click the logo to navigate to the home page of your portal.
• Because we edited the web.config, when we try to go to a page in the portal, it is going to take a little bit longer as the site re-loads.
• Try and register a user – notice the messages you will get when you try to break the rules you just set.
• Log out from the user that you just registered.
• Log in as the test user that you created – notice that the password rules that we set didn’t apply to that user.
• Let’s go force that user to change their password.
• Go to Admin>User Accounts
• Click on “All” to display all users.
• Click the pencil next to your test user.
• Click Force Password Change
• Now switch back to your test browser and logout, then log back in.
• What happened?
• Change the password to meet the new rules we have established.
• Now, let’s force a site-wide password reset.
• Log out of Admin and log in as Host
• Go to Admin>User Accounts
• Click on User Settings
• Update the password expiry to be 1 and leave the reminder to be 7.
• Switch back to your test browser.
• Try to log in as one of the users beside test that we created earlier.
• Notice the message that comes up.
• In production, you would give users more time and allow them to work through the cycle to update their passwords.

Editing User Profiles

• Navigate to the users page
• Click Manage Profile Properties
• Set the first and last name as well as the country and telephone to required.
• Change the order around using the up and down arrows.
• Add a new profile property
• Type in a category name – you can either make your own to add a new category that will be grouped on the registration page, or you can type in a new one like “Preferences.”
• Choose TrueFalse
• Have the property say – US Citizen
• Set the Default Value to True
• Notice that you are able to add a regex validation expression. This is a great time to recommend the program called regexbuddy.
• You can also set the required and visible properties here.

I hope you enjoyed this lab. This lab is a free excerpt from the newly expanded DotNetNuke class. If you are interested in getting an entire development staff up-to-speed in five days with on-site instructor-led training, click here to learn more.