User_Login Action - Change Behavior

User_Login Action - Change Behavior

  
The User_Login action (Users eSpace) has the following behavior (from action description):

1 - if found local user with password:
1.1 - login with local user;
2 - if active directory is on:
2.1 - if Authentication.ValidateLogin(username, password) is ok
2.1.1 - create or update user


#1) Is it possible to disable the step 2.1.1? I can't find any property that could change this behavior. I don't want the login action to create users in my application.
The action could have a property to control this behavior, or instead an eSpace site property.
#2) If the step 1 is true does it also run step 2? Because, I have many cases of local users with passwords for whom the system created an account from the active directory, and now the same users has 2 accounts: one local and one from the domain.
1. No, that's pretty mandatory or else none of the other stuff around authentication works.
2. I do not know the answer to that, but a quick experiment can confirm it for you. I don't have access to a .NET + Active Directory environment.

J.Ja
Justin James wrote:
1. No, that's pretty mandatory or else none of the other stuff around authentication works.
2. I do not know the answer to that, but a quick experiment can confirm it for you. I don't have access to a .NET + Active Directory environment.

J.Ja
 #1. It doesn't make much sense to me. One thing is authentication and other is user management.
I know OutSystems always had this behavior, which I disagree, but that's just because it does not have a proper AD account import tool.
I don't want users and the authentication action to create users in my apps, I have a user management area for Admins to do that.
I don't mind that the User_Login action has this behavior, but it should at least have an option to disable it for anyone that doesn't want or need it.

#2 Something is not working well, but can be a problem with the latest builds.
- I have users with local accounts in OutSystems Platform that also have AD accounts which are not synced with the Platform. The local and AD account sometimes have the same password;
- AD authentication is ON;
- User tries to login with the local account and valid password and gets an auth error and the Platform creates the AD account. It shouldn't because the user already has a valid local account. I think it sometimes ignores the local account and tries to force the use of the AD account.

This is the problem this behavior is doing in the User_Login action. It would be simpler if the User_Login action could only do one thing... authentication!
Hi Carlos,

#1) You could try to use LoginPassword action (from System) instead of using User_Login. I suggest you to open Users espace to analyze the implementation of the User_Login action. You'll see that it uses this action in local login attempt.

#2) If you follow my suggestion you will notice that when step 1 is true it does not also run step 2, since if User_LoginInternal action returns true the action ends, as you can see below (part of User_Login action implementantion):



Hope it helps!