WordPress w/ Forms Authentication on IIS6

I know I said yesterday that I’d start a series about creating DotNetNuke modules, but I solved a problem yesterday after I wrote that post that I think a lot of you will be interested in. Especially if you are using WordPress in combination with an ASP.NET site.

The problem we had was this. We have an ASP.NET web site that requires a login before anyone can see any pages. We wanted to add a WordPress blog to it that could only be viewed when people log in and wanted to be able to have the same user names in WordPress that they had in ASP.NET.

I did see one plug in that would let us log in to WordPress using forms authentication. But, it only works under IIS7. We are still using IIS6, as most of the world is, so that solution wasn’t going to work.

So, here’s what we did. Most of the work was on the WordPress side, which required a bit of PHP knowledge. I’ll be the first to admit that I know very little PHP. But, I do know enough to hack it when I have to. So, on the ASP.NET side, all I did was set a cookie to the username after the user logged in. That gets the username some place where WordPress can see it without too much effort.

To force WordPress to require a login, we used the Authenticate plugin. So, the only real work we needed to do was to create a system that forces the user to use the Login.aspx page on the main site, create a new user if they user doesn’t exist, and log the user into WordPress. Since only one or two users need special privileges, we left assigning roles to the user as a manual process.

Here is our PHP code, commented so you can see how we got this working. This code should replace wp-login.php. There is probably some elegant way of making this work as a plug-in, but I’m not really a php programmer, I just play one on TV. If you know how to make it into a plug-in, let me know.

<?php
require( dirname(__FILE__) . ‘/wp-config.php’ );
require_once( ABSPATH . WPINC . ‘/registration.php’);

function smartLogin() {

echo “start smartLogin”;

    $errors = new WP_Error();

  // If no cookie was set, they have not
  // logged into the main site.
    if(isset($_COOKIE[’wpuser_zzz’]))
    {
        $user_login = $_COOKIE[’wpuser_zzz’];
    }
    else
    {
    // If they aren’t logged in, see what
    // WordPress page they were trying to access
        if( isset($_REQUEST[’redirect_to’]) )
            $returnUrl = ‘?returnUrl=’ .
          urlencode($_REQUEST[’redirect_to’]);
        else
            $returnUrl = ‘?returnUrl=’ .
          urlencode(get_option(’siteurl’));

    // and send them to the login.aspx page with
    // the page they were trying to get to as the
    // returnUrl parameter.
        header(’Location: ‘ . get_option(’siteurl’) .
        ‘/../login.aspx’ . $returnUrl);
        exit();

    }

    $user_login = sanitize_user( $user_login );

  // If the user doesn’t exist in WordPress yet, create them
  // use the md5 hash of the username as the password
  // (so they can’t guess it… you may want to salt the md5)
    if ( !username_exists( $user_login ) )
        $user_id = wp_create_user( $user_login, md5($user_login), “” );

  // Once the user is created, log them in.
    wp_login($user_login,md5($user_login));
    wp_setcookie($user_login,md5($user_login),true);
    wp_set_current_user($user_id,$user_login);

  // Now, redirect them back to the page
  // they were trying to get to
  // or the main blog page if you can’t find
  // the original page
    $redirect_to = get_option(’siteurl’);
    if ( isset( $_REQUEST[’redirect_to’] ) )
        $redirect_to = $_REQUEST[’redirect_to’];

        header(’Location: ‘ . $redirect_to);
        exit();

    return $user_id;
}

// call the function above
smartLogin();

?>

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Bookmark to: