We are setting up a single sign on system to handle authentication and authorization among our different systems (almost all of which are not DNN systems).
The idea is that the user will be given a link by the central authentication system that redirects them to the DotNetNuke system with an authentication token. I then need to take that authentication token, verify that it's legit, and if so log that user into DNN. The problem with this workflow is that I have no idea of the user's password.
Previously, when I have created custom login interfaces I logged the user in by calling:
var portalSettings = PortalSettings.Current;
UserController.UserLogin(portalSettings.PortalId, username, password, string.Empty, portalSettings.PortalName, ip, ref loginStatus, true);
This obviously won't work if I do not know what their password is in the DNN/Asp.net forms authentication system.
Since this is not a new system but is a system currently being used in production without SSO, I cannot just set everyone's password to "pass1234" and require them login via SSO method only.
How can I tell DotNetNuke to log in as a user without knowing their exact password?
