Fix Azure AD login when password reset is disabled in web.config

[Copilot]

Issue

Users were unable to log in via Azure AD when the enablePasswordReset="false" setting was configured in the web.config file. After the user successfully authenticated with Azure credentials, they would be redirected to the Login page with a verification message instead of being logged in.

Root Cause

The Azure AD provider was attempting to reset the user's password during the login process (to prevent password expiration issues), but this operation would fail when password resets were disabled in the site configuration. This failure was causing the entire authentication flow to abort.

Solution

Added a try-catch block around the password reset operation in the UpdateUserAndRoles method to gracefully handle the situation when password resets are disabled:

// Before
MembershipUser aspnetUser = Membership.GetUser(userInfo.Username);
aspnetUser.ResetPassword();

// After
MembershipUser aspnetUser = Membership.GetUser(userInfo.Username);
try
{
    aspnetUser.ResetPassword();
}
catch (Exception ex)
{
    // If password reset is disabled, log the error but continue with the authentication process
    Logger.Warn("Unable to reset password, continuing with login: " + ex.Message);
}

This change allows the authentication flow to continue even when password reset is disabled, making the Azure AD login process compatible with all DNN configurations.

Fixes #113.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[davidjrh]

I don't like the idea of adding a try/catch block that would fill the logs with this type of error for every single user. Is there a way to check if the reset password is disable to don't call this ResetPassword method?

[Copilot]

I don't like the idea of adding a try/catch block that would fill the logs with this type of error for every single user. Is there a way to check if the reset password is disable to don't call this Re...

I've updated the implementation to check Membership.Provider.EnablePasswordReset property before attempting to reset the password instead of using a try/catch block. This way, we only call ResetPassword() when it's actually supported by the configuration, avoiding unnecessary error logs. Commit: 1f7215c

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

• _https._tcp.esm.ubuntu.com
  • Triggering command: /usr/lib/apt/methods/https (dns block)
• _https._tcp.motd.ubuntu.com
  • Triggering command: /usr/lib/apt/methods/https (dns block)
• esm.ubuntu.com
  • Triggering command: /usr/lib/apt/methods/https (dns block)
• motd.ubuntu.com
  • Triggering command: /usr/lib/apt/methods/https (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to my firewall allow list