Sitecore bypass login without password

This blog explains how to bypass login for any Sitecore user or how to implement Single Sign-On on Sitecore to automate user login without knowing password.

Practical Use

Suppose, you have a non-Sitecore application, which has different users and all its users also access Sitecore by login into it. Now, switching between these two sites is really repetitive and time-consuming task, need to remember passwords for two websites, etc. If we provide SSO (Single Sign-On) here so that the user logs in only once and access both Sitecore and non-Sitecore websites with single login.

How to achieve

Create a web page in Sitecore website suppose sso.aspx, that will do login in Sitecore with passed userame via querystring. After login, we have to redirect user to welcome.aspx.

So, from the non-sitecore application, we will call url: http://mysitecore.com/sso.aspx?username=user_sitecore. On load of the page, we will login using user_sitecore and redirect user to welcome.aspx.

But make sure you encrypt username before passing in querystring. You can also pass a unique token number (A random generated number/string) along with username and encrypt it to make it more secured.

Login without password is possible using Sitecore.Security.Authentication.AuthenticationManager.Login(username) function. See below source code:

public partial class SSO : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
         string strUserName = Request.QueryString["username"];
         if (Sitecore.Security.Authentication.AuthenticationManager.Login(strUserName))
         {
               Response.Redirect("welcome.aspx", true);
         }
    }
}

Hurrey.... we did login without giving user password.

Comments