1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / asp.net Forms Authentication Issue

asp.net Forms Authentication Issue

4 posts, 0 answered
  1. Rushman
    Rushman avatar
    16 posts
    Registered:
    31 Dec 2008
    06 Dec 2011
    Link to this post
    Hello Everyone,
    I am having an issue with my forms authentication with Sitefinity 4.3.  What I am trying to do is create a public/private website.  The public section is one page and the private section is one page.  I have an ASP.Net Login Control on the public section and set up everything in Web.Config to secure the private section.

     Web.Config
    <authentication mode="Forms">
       <forms name=".ASPXAUTH" protection="All" loginUrl="/Default" defaultUrl="/LoggedIn" />
    </authentication>
    <location path="LoggedIn">
      <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
      </system.web>
    </location>


    I also set up the Authentication method to control how a user gets authenticated.
    protected void Page_Load(object sender, EventArgs e)
    {
        this.Login1.Authenticate += Login1_Authenticate;
        accountService = new AccountService();
    }
     
    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        e.Authenticated = true;
        Login1.FailureText = "There was an error";
        FormsAuthentication.SetAuthCookie(HttpContext.Current.User.Identity.Name, Login1.RememberMeSet);
        Response.Redirect(""); // Private URL Redirection
    }
    I am automatically authenticating a user in the above method, but that is only for testing.

    Currently, it does not appear that the Authenticate method above ever gets hit.  If I comment out the cookie generation it should not create a cookie, but it still does. I am baffled.  It creates a cookie, but doesn't authorize me to go to the private section.  I have been building ASP.Net websites for years and this is the first time that I am stumped on access control. =(

    If anyone could help me, I would greatly appreciate it.

    Thank you,
    Tim
  2. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    09 Dec 2011
    Link to this post
    Hi Rushman,

    Did you try adding this to your Global.asax.cs file:

    protected void Application_Error(object sender, EventArgs e)
    {
        var currentPage = HttpContext.Current.Request.Url.ToString();
        Exception ex = Server.GetLastError();
        if (ex is HttpException)
        {
            HttpException httpEx = ex as HttpException;
            if (httpEx.Message == "You are not authorized to access this page")
            {
                Response.Redirect("~/login-page?ReturnUrl=" + currentPage);
                Server.ClearError();
            }
        }
    }

    This should redirect you to the ~/login-page when you try to access the private section. You can authenticate the user using one of the overloads of

    SecurityManager.AuthenticateUser()

    Best wishes,
    Lubomir Velkov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Rushman
    Rushman avatar
    16 posts
    Registered:
    31 Dec 2008
    12 Dec 2011
    Link to this post
    Lubomir,

    Thank you for your reply, but I am not having an issue with stopping someone from getting to the private section, the issue that I am having is that when I log in I am not being redirected to the private section.

    When I enter my username and password (both good and I know that they work), I get an authentication cookie created, but the system redirects me back to the 'Login' page (the public section) and in the Url I get this: /Default?ReturnUrl=%2fLoggedIn.

    If I am authenticated, then why aren't I able to see the private section (LoggedIn)?  Is there a special way for me to use ASP.Net Forms Authentication with Sitefinity?  Do I have to use Sitefinity to authenticate? If so how do I authenticate 2000+ users?

    Any help would be greatly appreciated.

    Thanks,
    Tim
  4. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    15 Dec 2011
    Link to this post
    Hi Tim,

    You can allow only certain roles to access a certain page. If you are logged in but not a member of the allowed role, using the code I sent you you should get a hit on Application_Error, where you should be redirected to your login page. If you use our standard Login control, passing the following parameter to the page with the control - ReturnUrl=<yoururl> will trigger an automatic redirect to this page after a successful login.

    All the best,
    Lubomir Velkov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
4 posts, 0 answered