+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Programmatic login not acknowledging all roles user is in.

Programmatic login not acknowledging all roles user is in.

3 posts, 0 answered
  1. Gavin
    Gavin avatar
    6 posts
    Registered:
    08 Oct 2012
    13 Mar 2014
    Link to this post

    As part of a paid membership system we have set up, I'm trying to programmatically log a user in once they've purchased a membership product through the standard sitefinity ecommerce checkout process.

    Firstly, when somebody purchases a membership, they are (programmatically) added to a role called "PaidUser" which has been created via the backend. I am then able to programmatically log them in using a call to the SecurityManager.AuthenticateUser method.

    The problem is that the programmatic login doesn't seem to acknowledge that fact that the user is in the "PaidUser" role.

    Below is a simplified snippet of what I'm trying to achieve:

    01.protected void btnUserLogin_Click(object sender, EventArgs e)
    02.{
    03. 
    04.    //Try to log "PaidUser" in.
    05.    UserLoggingReason validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), txtUserName.Text, txtPassword.Text, true);
    06.    if (validate == UserLoggingReason.Success)
    07.    {
    08. 
    09.        UserManager userManager = UserManager.GetManager();
    10. 
    11.        ClaimsIdentityProxy identity = ClaimsManager.GetCurrentIdentity();
    12.        User user = userManager.GetUser(identity.UserId);
    13. 
    14.        RoleManager roleManager = RoleManager.GetManager();
    15.        if (roleManager.IsUserInRole(user.Id, Globals.Roles.PaidUser))
    16.        {
    17. 
    18.            //Permissions have been set on the redirect page below to only allow access to users in the "PaidUser" role.
    19.            //When this User is redirected however, they're greeted with a "This type of page is not served" error.
    20.            Response.Redirect("/member-admin/my-profile");
    21. 
    22.        }
    23. 
    24.    }
    25. 
    26.}
     

     Even though the user is in the PaidUser role, they are denied access to a page that is only visible to users in the PaidUser role.

    If I use the built-in Login widget, everything works fine. But using the code above doesn't work.

    I am using version 6.1 and testing in Visual Studio 2010. I have read this post and thus have the project configuered to use "Use Local IIS Web server" and "Use IIS Express" settings.

    Any help would be appreciated. Thanks.

  2. Gavin
    Gavin avatar
    6 posts
    Registered:
    08 Oct 2012
    15 Mar 2014
    Link to this post
    Anyone?
  3. Svetoslav Manchev
    Svetoslav Manchev avatar
    735 posts
    Registered:
    29 Nov 2016
    18 Mar 2014
    Link to this post
    Hello Gavin,

    I have tested this custom login and it works fine:
    <%@ Control Language="C#" AutoEventWireup="true" CodeBehind="CustomLogin.ascx.cs" Inherits="SitefinityWebApp.Examples.CustomLogin" %>
     
    <asp:Panel ID="loginWidgetPanel" runat="server" DefaultButton="LoginButton">
        User:
        <asp:TextBox runat="server" ID="User" />
        Pass:
        <input type="password" name="Password" value="" runat="server" ID="Pass" /><br />
        <asp:CheckBox Text="Remember me" runat="server" ID="Remember" />
        <br />
        <asp:Button Text="Login" runat="server" ID="LoginButton" OnClick="OnLoginClick_Click" />
    </asp:Panel>

    protected void OnLoginClick_Click(object sender, EventArgs e)
            {
                var userName = this.User.Text;
                var pass = this.Pass.Value;
                var remember = this.Remember.Checked;
     
                UserLoggingReason validate = SecurityManager.AuthenticateUser(null, userName, pass, remember);
     
                if (validate == UserLoggingReason.Success)
                {
     
                    UserManager userManager = UserManager.GetManager();
     
                    ClaimsIdentityProxy identity = ClaimsManager.GetCurrentIdentity();
                    User user = userManager.GetUser(identity.UserId);
     
     
                    var userIdentity = ClaimsManager.GetCurrentIdentity();
                    bool isAuthenticated = userIdentity.IsAuthenticated;
     
     
                    RoleManager roleManager = RoleManager.GetManager();
                    if (roleManager.IsUserInRole(user.Id, "PaidUser"))
                    {
     
                        //Permissions have been set on the redirect page below to only allow access to users in the "PaidUser" role.
                        //When this User is redirected however, they're greeted with a "This type of page is not served" error.
     
     
                        Response.Redirect("/paiduser");
                    }
                    else
                    {
                        // Add the profile just for the test
                        AddUserToRoles(userName, "PaidUser", roleManager, userManager);
                        Response.Redirect("/paiduser");
                    }
     
                }
                 
            }
     
            public static void AddUserToRoles(string userName, string roleToAdd, RoleManager roleManager, UserManager userManager)
            {
                roleManager.Provider.SuppressSecurityChecks = true;
     
                if (userManager.UserExists(userName))
                {
                    User user = userManager.GetUser(userName);
     
                    Role role = roleManager.GetRole(roleToAdd);
                    roleManager.AddUserToRole(user, role);
                }
     
                roleManager.SaveChanges();
                roleManager.Provider.SuppressSecurityChecks = false;
            }

    I have created the role in the backend in advanced and gave a View permission to that page of that role only.

    Regards,
    Svetoslav Manchev
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
3 posts, 0 answered