kurtwilbies
commented
5 years ago @donker Can you share your (customized) solution. I actually hope this problem will be solved in 9.3. Login is the hart of each (secure) app.
Open donker opened 5 years ago
kurtwilbies
commented
5 years ago @donker Can you share your (customized) solution. I actually hope this problem will be solved in 9.3. Login is the hart of each (secure) app.
jeremy-farrance
commented
5 years ago Please also -
we need to have the option to unhook this 'login thing' from targeting the current page's Skin and ContentPane. Maybe there should be some settings at the Site (Portal) level that provide some choices about how the Event (user suddenly needs to authenticate) is handled and routed. What I am trying to say is it needs to uncouple from the current skin/pane logic and become its own thing with an OPTION (host and site level) to still happen the old way (which could/should be the natural default for the next few versions). The new, default end result needs to be simple and generic and work with the existing providers.
please do not forget being able to login without a mouse. The tab order moving between fields needs to be logical and pressing enter needs to submit.
valadas
commented
5 years ago I remember on older dnn versions, you had an option of enabling or disabling popups. With popups enable it would center the dialog on the screen. Was that intentionally remove or was it just a forgotten option in the Persona Bar site settings?
thabaum
commented
5 years ago It would be nice to have a two part authentication option that sends a message to email with pin to log in if enabled in host and in user account for added security option. Possibility for SMS messaging as well. The email sending a pin I think would be a more basic and simple way to add one more level of security.
Option for Google reCaptcha that uses the checkbox style checker for registration or login if set.
Common popular authentication providers working with latest logos and login buttons that work with theme.
moorecreative
commented
5 years ago ++ on the comment for having 2-part authentication as an option, that would be a great feature!
kurtwilbies
commented
5 years ago 2-part auth is nowadays a must. My vote.
mitchelsellers
commented
5 years ago Any two factor implementation should be provider, or interface driven so that new methods can be implemented. For example SMS which isn’t practical without other config etc.
sleupold
commented
5 years ago IMO, points 1 to 5 are nobrainers and should be fixed
MaiklT
commented
5 years ago Please please please add 2-factor authentication (e.g. using Google Authenticator)
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
thabaum
commented
4 years ago Hello stale bot, I would like to bring this back to life. 2 Factor Authentication would be a nice touch to have soon for security reasons.
thabaum
commented
4 years ago IMO, points 1 to 5 are nobrainers and should be fixed
I agree.
thabaum
commented
4 years ago Another security feature is to send a new simple text verification code to a user via email when they log in using a browser for the first time that is unrecognized being used to log in previously. Register browsers in DNN that have been verified so it only happens first time a browser gets setup for being accepted for authentication.
thabaum
commented
4 years ago https://github.com/dnnsoftware/Dnn.Platform/issues/3252
I created another issue for Two-Factor Authentication which if I can come up with a solution before someone else jumps on it I will work with email two-factor to start.
1-5 here I might be able to knock out along the way. But I might get stuck hoping to fight through these as this is part of my own goals to improve CE or ask for them to get improved. Seems like some things can get done faster if you do them yourself. It looks like 5 separate issues that need to each be handled independently but relate to the login UI. I will be looking at these files so I will try to attempt some PR's for them.
Issues # 1 + 2 looks like maybe HTTP/2 might help it out in the future? A spinner would help entertain.
I see an order like this:
Issues # 3 and # 5 seem like they could relate as well. It would be nice to see it layout as a bootstrap designed theme which is something I could also look into, that use font awesome icons get a boost in look here if the theme used supports it.
valadas
commented
4 years ago I would like it to be responsive by itself without relying on a css framework. Themers can restyle that per their requirements but we need some default that works responsively no mater what theme if not otherwise styled. I have some ideas for this but no time to put this in before Dnn10 for sure.
valadas
commented
4 years ago This RFC as now been here for a year, it looks like it would be multiple smaller actionable items to implement right? Can people who want to pickup some individual items create an issue for that specific part and we close this RFC let's say in a couple weeks so we don't spread too much in discussions in a too broad scoped issue?
I for one am working on some new reusable components while building the new file manager and as part of that will have a lightweight modal component that I would like to reuse for the login/register and other modals in Dnn. This will be about a 2Kb component with no dependencies as opposed to now that we need jQuery, jQueryUI, dnn.jquery and so on that weights about 1MB uncompressed but still about 400Kb compressed, which is huge when all you need is a modal to login. This should help a lot for the mentioned delay... I did not create an issue specifically for this but will do after the file manager and apply that where we can.
kurtwilbies
commented
4 years ago @valadas I can help you with the file manager and this issue. Let me know how. Maybe you can share your solution/dev.
valadas
commented
4 years ago I have some components almost ready to submit but need to get some other things into 9.5.0 before I do that. Only then will I start working on the file manager, when I do I will probably create a feature branch to collaborate on it or some such...
thabaum
commented
4 years ago https://github.com/dnnsoftware/Dnn.Platform/issues/3379
Back to the login discussion here there has been another issue brought up that has been part of the login improvement desired by community members.
I believe we need a recap on this discussion to get the talking points together and push in a development direction we all can agree on here.
We already moved the remember me and adjusted fields for login and registration forms.
I believe both are hard to style with all the help icons, help popups and things it is a lot of work.
I believe razor pages should be used potentially here? A more modern approach possibly a new "login module" so you can use the old or the new in version 10.
I would just like to see if this is a pretty fair recap.
It would be nice to get things broken down for goals to reach with a solution that would work. It will mute a lot of issues being presented I believe in the long run to allow more focus on other things in DNN platform once a remedy is made for this issue.
Can we get a clear picture going for anyone that wishes to try to tackle this task? A set of features and goals to be accepted. I think what I have put in the list covers what we want.
Personally I can't see why we can produce something second to none here. It is almost the first place anyone sees when using a site other than the homepage.
thabaum
commented
4 years ago The 2FA and Captcha Options could be login features as @mitchelsellers is discussing? I would love to hear some clarification on how we could implement things in the most up-to-date way possible to give DNN platform something to use for at least next 5 years that is totally what is expected today.
I think for version 11 or 12 another version could be made as Blazor is the way to go... we need to get to .NET core I would create in Blazor if we where there. So maybe we wait and only address small things and focus on a Blazor solution later now available in .NET Core 3.1. Or could a templatable version be upgraded to a Blazor template later?
I am highly motivated to producing something myself however not sure if it will be worth it as of right now. So timing of this and the approach that will last the test of time is what I am after.
stale[bot]
commented
4 years ago We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically. If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!
jac69
commented
3 years ago Because of all security reasons i cannot understand why recaptacha in login and register is not high priority on the project.
valadas
commented
3 years ago Well, it's not that it's not high priority, it's just an open source project and we go by what contributions come in. Also, since login (authentication providers) is an extension point and this also involves a 3rd party service, it's not as easy as it may appear to implement. Whatever contribution comes in for this:
It looks like a small thing but well, it's not as easy as it may appear.
Also, there is more interest these days in 2FA than in captcha and there are 2FA modules available now for this.
jac69
commented
3 years ago Hi The problem is that this way portals are exposed to register spamming and 2FA is not an option for websites that need fast register like ecommerce. A Recaptcha V3 will be the minimum.
best Jose
mitchelsellers
commented
3 years ago Recaptcha support, from a core perspective is going to be really hard. Especially giving the complexity/cost in setup of recaptcha.
I will discuss with the rest of the approval team next week to discuss if it is a consideration.
jeremy-farrance
commented
3 years ago I have seen a lot of advancements in login ideas in recent years. Maybe this gets easier with steps; a pipeline or workflow. I really, really like sites that have recently separated things; you start on a pre-login page with CAPTCHA and your username/email only, Then if that lets you through you end up on the authentication page where you enter just your password. This "seems" to reduce complexity somewhat, but I also realize it may not fit with what exists now and may even be more work. But I felt it was worth mentioning. "With the right semantics and partitioning, anything can be simplified." - nobody
stale[bot]
commented
3 years ago We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically. If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!
MaiklT
commented
3 years ago Still an issue.
MaiklT
commented
3 years ago Still an issue
MaiklT
commented
3 years ago Still an issue
moorecreative
commented
2 years ago may be old, but not stale. refresh please dependabot
stale[bot]
commented
1 year ago We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically. If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!
rodrigoratan
commented
1 year ago still important!
valadas
commented
1 year ago Yeah, but apparently not enough for anybody to tackle this, this issue is 4 years old, does anybody intend to tackle this ?
stale[bot]
commented
1 year ago We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically. If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!
Description of problem
The login experience has remained untouched for years and shows its age:
Description of solution
To attack problems nr 1 and nr 2 we could look at preloading a login screen. The complexity is that your page may be http and you want the login to be https. But we could consider having an improved experience only for sites that implement https and then go through a web api call to log in. This would allow us to do all the user feedback at the front end which makes things simpler.
To attack 3-5 we need to look at making this templateable. The complexity is that this control is extensible and auth providers can hook in. But IMHO this shouldn't trump us moving forward to improve this. One solution I've had some luck with is the use of a razor template inside the skin folder which describes how the login panel looks including the optional components.