Login versus User_Login

Login versus User_Login

  

Hi - after our upgrade to platform version 10, the System/Login action generates a warning to use the User/User_Login action instead.

We use Active Directory authentication and have a special need to programmatically log the user in.  The older System/Login action does not require any input parameters and simply authenticates the current user based on their AD credentials.  This is the behavior we want.

The User/User_Login action requires a user name and password.  I have tried using empty strings for the password, and also for the username and password, but the login fails with "Invalid username or password". 

How can I implement the User_Login action such that it uses the current users' AD credentials without having the user type them in?

Thanks for the help,

Bob

Solution

Hi Robert,

the warning for the User_Login should be ignored in you use case. 

Only when you login using a username and password via a login form or service, you should go through the User_Login. This newer action takes care of brute force logins and blocks accounts/ip's after a couple of unsuccessful login attempts. 

In your case you login using the AD account and you don't allow users to login manually, which means brute force is not possible in your app. 

Hopefully this clears up any doubts you have. 

Kind regards,

Remco Dekkinga

Solution

Thanks, Remco!