1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / cacheRolesInCookie and custom Role provider

cacheRolesInCookie and custom Role provider

5 posts, 0 answered
  1. Lucas
    Lucas avatar
    65 posts
    Registered:
    22 Mar 2010
    29 Jun 2010
    Link to this post
    Hi,

    I'm using a custom provider to manage roles for my users:
    <roleManager enabled="true"
        cacheRolesInCookie="true"
        cookieTimeout="15"
        cookieSlidingExpiration="false"
        cookieProtection="All"
        createPersistentCookie="false"
        defaultProvider="prov">
        <providers>
            <clear/>
            <!--<add name="Sitefinity" connectionStringName="DefaultConnection" applicationName="/" type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess"/>-->
            <add name="prov"  connectionStringName="DefaultConnection"
            applicationName="site" UnrestrictedRole="administrator"
            type="Tools.Security.MyRoleProvider, Tools"
            />
        </providers>
    </roleManager>

    However, each time a page is refreshed (I'm testing this in the administration), the GetRolesForUser function below gets called. I expected the website to reuse the informations set in the cookie.

    Am I doing something wrong?

        public class MyRoleProvider : TelerikRoleProvider, IMyRoleProvider
        {
             
            public override string[] GetRolesForUser(string username)
            {
            // not calling base.GetRolesForUser
            }
    (...)
  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    29 Jun 2010
    Link to this post
    Hello Lucas,

    Thank you for using our services.

    Can you check if a cookie is stored in the browser cookies? Also check if the browser is set to accept cookies and try explicitly setting the cookie name:
    cacheRolesInCookie="true" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" 
    cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All


    Kind regards,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Lucas
    Lucas avatar
    65 posts
    Registered:
    22 Mar 2010
    29 Jun 2010
    Link to this post
    Hello Radoslav,

    I have set the value explicitely as below:
    <roleManager enabled="true"
        cacheRolesInCookie="true"
        cookieTimeout="15"
        cookieSlidingExpiration="false"
        cookieProtection="None"
        createPersistentCookie="true"
        cookieName="sitefinityRoles"
        defaultProvider="prov">
        <providers>
    ...

    and I see the cookie in my requests (see the screenshot below). As you can see, RolePrincipal.GetRoles still calls my provider.

    I have checked and System.Web.Security.Roles seems to have the correct values for CookieName and CacheRolesInCookie at runtime
  4. Lucas
    Lucas avatar
    65 posts
    Registered:
    22 Mar 2010
    29 Jun 2010
    Link to this post
    If I deserialize the cookie by hand (in the GetRolesForUser function), I get the correct values:

    new  System.Runtime.Serialization.Formatters.Binary.BinaryFormatter().Deserialize( new  System.IO.MemoryStream(System.Web.HttpServerUtility.UrlTokenDecode(System.Web.HttpContext.Current.Request.Cookies[System.Web.Security.Roles.CookieName].Value)))

    --> System.Web.Security.RolePrincipal
    CachedListChanged   false   bool
    CookiePath  "/" string
    Expired false   bool
       ExpireDate  {29/06/10 6:06:53 PM}   System.DateTime
    Identity    null    System.Security.Principal.IIdentity
    IsRoleListCached    true    bool
       IssueDate   {29/06/10 5:51:53 PM}   System.DateTime
    ProviderName    "prov"  string
    Version 1   int
  5. Lucas
    Lucas avatar
    65 posts
    Registered:
    22 Mar 2010
    30 Jun 2010
    Link to this post
    Ok I'm starting to believe the problem is deeper (the principal in the cookie is incorectly formatted).

    The problem is probably somewhere in my modules, authentication procedures and not in Sitefinity. I'll drop the matter for now and use a custom cookie :/
Register for webinar
5 posts, 0 answered