+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / Serialization error in UserIdentity upgrading from 5.1.3270 to 5.1.3450

Serialization error in UserIdentity upgrading from 5.1.3270 to 5.1.3450

4 posts, 0 answered
  1. Jeffrey
    Jeffrey avatar
    4 posts
    Registered:
    02 Oct 2012
    03 Oct 2012
    Link to this post

    Getting the following error when upgrading:

    Type 'Telerik.Sitefinity.Security.UserIdentity' in assembly 'Telerik.Sitefinity, Version=5.1.3450.0, Culture=neutral, PublicKeyToken=b28c218413bdf563' is not marked as serializable.

     

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Runtime.Serialization.SerializationException: Type 'Telerik.Sitefinity.Security.UserIdentity' in assembly 'Telerik.Sitefinity, Version=5.1.3450.0, Culture=neutral, PublicKeyToken=b28c218413bdf563' is not marked as serializable.

    Source Error:

     

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [SerializationException: Type 'Telerik.Sitefinity.Security.UserIdentity' in assembly 'Telerik.Sitefinity, Version=5.1.3450.0, Culture=neutral, PublicKeyToken=b28c218413bdf563' is not marked as serializable.] 
    Microsoft.VisualStudio.WebHost.Connection.get_RemoteIP() +0
    Microsoft.VisualStudio.WebHost.Request.GetRemoteAddress() +65
    System.Web.HttpRequest.get_UserHostAddress() +21
    Telerik.Sitefinity.Security.Claims.SFClaimsAuthenticationManager.ValidateLimitations(ClaimsPrincipalProxy principal, HttpContext context) +109
    Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule.OnPostAuthenticateRequest(Object sender, EventArgs e) +1247
    System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

     

    I get this after we login and redirect to a login page.  We are doing our own login page with a redirect so it acts like forms authentication used to.  I can't seem to find anywhere I am serializing anything from this class but it also doesn't mean I am wrong.  Any reason why this error would pop up after this upgrade?

  2. Pavel Benov
    Pavel Benov avatar
    341 posts
    Registered:
    14 Mar 2016
    05 Oct 2012
    Link to this post
    Hi Jeffrey, 

    From the stack trace I see the Claims authentication module which provides the default authentication provider in Sitefinity encounters the exception.
    I suppose the project is running in claims authentication (you can check in Administration->Settings->UserAuthentication) and in this case I suggest using one of the login approaches described below.

    As SecurityManager.AuthenticateUser() solely will not keep you logged in, but will authenticate a user for the current request only after this the user will not be authenticated, you have to create authentication cookie that will persist the user as logged in.

    protected void Page_Load(object sender, EventArgs e)
    {
        var manager = UserManager.GetManager();
        string userName = "UserB";
        string password = "password";
     
        if (manager.ValidateUser(userName, password))
        {
            DateTime now = DateTime.UtcNow;
            var user = manager.GetUser(userName);
            user.IsLoggedIn = true;
            user.LastLoginIp = SystemManager.CurrentHttpContext.Request.UserHostAddress;
            user.LastLoginDate = now;
            user.LastActivityDate = now;
            var loginReason = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), userName, password, true);
     
            if (loginReason == UserLoggingReason.UserAlreadyLoggedIn)
            {
                SecurityManager.Logout(UserManager.GetDefaultProviderName(), user.Id);
                loginReason = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), userName, password, true);
            }
     
            if (loginReason == UserLoggingReason.Success)
            {
                manager.Provider.SuppressSecurityChecks = true;
                manager.SaveChanges();
     
                FormsAuthentication.SetAuthCookie(userName, true);
     
                if (Request["returnUrl"] == null)
                    Response.Redirect(String.Format("{0}://{1}/login-test", Request.Url.Scheme, Request.Url.Authority));
                else
                    Response.Redirect(Request["returnUrl"]);
            }
        }
    }

    This code will authenticate and create authentication cookie if you are using Forms authentication. In case you use claims authentication the code must be modified to:

    var authMode = Config.Get<SecurityConfig>().AuthenticationMode;
            
    if (Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Forms == authMode)
    {
         //old code should work here.
    }
    else if (Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Claims == authMode)
    {
        HttpWebRequest tokenRequest = (HttpWebRequest)HttpWebRequest.Create(SitefinityClaimsAuthenticationModule.Current.GetIssuer());
        tokenRequest.Headers.Add("deflate", "true");
        tokenRequest.Headers.Add("realm", SitefinityClaimsAuthenticationModule.Current.GetRealm());
        tokenRequest.Headers.Add("wrap_name", username);
        tokenRequest.Headers.Add("wrap_password", password);
            
        HttpWebResponse issuerResponse = (HttpWebResponse)tokenRequest.GetResponse();
        if (HttpStatusCode.Unauthorized != issuerResponse.StatusCode) //else authentication is failed
        {
            using (StreamReader responseStream = new StreamReader(issuerResponse.GetResponseStream()))
            {
                string token = responseStream.ReadToEnd();
                Response.Redirect("~/MyAccount?" + token);
            }
        }
    }

    Regards,
    Pavel Benov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Barry
    Barry avatar
    2 posts
    Registered:
    09 Oct 2012
    29 Oct 2012 in reply to Pavel Benov
    Link to this post
    Hello Pavel, 

    I receive 'Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule.Current' is obsolete: '"There is no need to use this property, it will be removed in one of the next releases"' when using SitefinityClaimsAuthenticationModule.Current

    can you point me to the replacement code?

    Thanks!
  4. Pavel Benov
    Pavel Benov avatar
    341 posts
    Registered:
    14 Mar 2016
    01 Nov 2012
    Link to this post
    Hello Barry,

    Yes, the Current property sends this warning, but you can still use the code as it is with no problems. 

    Kind regards,
    Pavel Benov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
4 posts, 0 answered