1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Supposed to go live tomorrow, found an intermittent login issue

Supposed to go live tomorrow, found an intermittent login issue

5 posts, 1 answered
  1. Jeff
    Jeff avatar
    118 posts
    Registered:
    08 Jul 2011
    19 Dec 2012
    Link to this post
    Need some serious help. We're supposed to go live tomorrow and I can't figure this out. Intermittently when you login then navigate to another page within the site, when the page loads you are no longer logged in. It doesn't happen all the time. Below is my code for a custom login control. It resides on a master page. Also, this behavior has been seen regardless of what page you login from.

    Can someone please help?

    web.config
    <authentication mode="Forms"/>

    login.ascx.cs
    protected void LoginButton_Click(object sender, System.Web.UI.ImageClickEventArgs e)
        {
            if (Page.IsValid)
            {
                var authenticationMode = Config.Get<SecurityConfig>().AuthenticationMode;
                var userEmail = (TextBox)LoginView1.FindControl("txtUserEmail");
                var password = (TextBox)LoginView1.FindControl("txtPassword");
     
                if (AuthenticationMode.Forms == authenticationMode)
                {
                    var userManager = UserManager.GetManager("Default");
                    userManager.Provider.SuppressSecurityChecks = true;
                    var user = userManager.GetUserByEmail(userEmail.Text.Trim());
                    }
     
                    if (user != null)
                    {
                        var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), user.UserName, password.Text.Trim(), false);
                        userManager.SaveChanges();
                        userManager.Provider.SuppressSecurityChecks = false;
     
                        if (validate == UserLoggingReason.UserAlreadyLoggedIn)
                        {
                            SecurityManager.Logout(UserManager.GetDefaultProviderName(), user.Id);
                            validate = SecurityManager.AuthenticateUser(null, user.UserName, user.Password, true);
                        }
     
                        if (validate == UserLoggingReason.Success)
                        {
                            FormsAuthentication.SetAuthCookie(user.UserName, true);
                            Response.Redirect(HttpContext.Current.Request.Url.AbsoluteUri, true);
                        }
                        else
                        {
                            var failureText = (Label)LoginView1.FindControl("FailureText1");
                            failureText.Text = "<center>The username/email or password is incorrect</center>";
                            failureText.Visible = true;
                        }
                    }
                    else
                    {
                        var failureText = (Label)LoginView1.FindControl("FailureText1");
                        failureText.Text = "<center>The username/email or password is incorrect</center>";
                        failureText.Visible = true;
                    }
                }
            }
        }
  2. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    19 Dec 2012
    Link to this post
    I've found something like this where if you load multiple tabs at the same time, especially on a build (iis reset)

    It'll throw me back to login on one of the tabs
  3. Jeff
    Jeff avatar
    118 posts
    Registered:
    08 Jul 2011
    19 Dec 2012 in reply to Steve
    Link to this post
    I'm not doing anything like that. Just logging in then going to another page within the site. I was hoping adding the following in the web.config would fix it but it did not.

    <forms timeout="129600" name=".Sitefinity" protection="All" slidingExpiration="true" loginUrl="~/" cookieless="UseCookies"/>

  4. Boyko Karadzhov
    Boyko Karadzhov avatar
    56 posts
    Registered:
    05 Dec 2016
    21 Dec 2012
    Link to this post
    Hi,

     I can see that you call FormsAuthentication.SetAuthCookie. SecurityManager.AuthenticateUser sets cookie internally for UserLoggingReason.Success. Try without it, it might be causing the problems.

    As a side note: Please, use ElevatedModeRegion instead of SuppressSecurityChecks. This will guarantee that SuppressSecurityChecks is restored to its original value. Otherwise Sitefinity might skip some permissions checking.

    Regards,
    Boyko Karadzhov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
    Answered
  5. Jeff
    Jeff avatar
    118 posts
    Registered:
    08 Jul 2011
    21 Dec 2012 in reply to Boyko Karadzhov
    Link to this post

    Thanks Boyko. Removing FormsAuthentication.SetAuthCookie fixed it.

5 posts, 1 answered