1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Authenticate user in Sitefinity 4.0

Authenticate user in Sitefinity 4.0

14 posts, 0 answered
  1. Developer
    Developer avatar
    12 posts
    Registered:
    23 Oct 2008
    08 Mar 2011
    Link to this post
    Hello,

    Working for a long time with Sitefinity 3.x it was enough to set programmatically FormsAuthentication cookie and Sitefinity treated the user properly, allowing access to the CMS pages according to permissions set.

    Now I started working with SF 4.0 and I found out that user authentication is different and FormsAuthentication cookie is no longer enough.
    My attempt was to replicate in my login module what SF does. I need custom login module since I authenticate user against client Association Management System (AMS) database and then check if user exists in Sitefinity (CMS). If no, I add user to CMS and set authentication cookies, if yes, update user info, if necessary, and set cookies.

    So, for the user existing in SF if I login using SF login page (~/Sitefinity/login) it sets the following cookies:
    ASPXAUTH
    SFAUTH
    SFROLES
    and I can access restricted page in CMS.

    From my login module, I use the following code to set the same cookeis:

    SecurityManager.AuthenticateUser("Default", tbUsername.Text.Trim, tbPassword.Text, False)

     

     

    FormsAuthentication.SetAuthCookie(tbUsername.Text.Trim,

    False)

     

     

    Response.Redirect(

    "/testpageWithRestrictedPermissions")

    But I cannot access restricted page, it's "explicitly forbidden".
    OK. I am missing something.
    I tried to go to my login page, logout and then login again. After this the restricted page is available. It's available as many times as I logout and login again, but only until I close the browser (I set non-persistent cookies).

    Reopening browser window requires me to login TWICE again in order to access restricted page.

    Did anybody encounter the same issue and find any solution?

    Any suggestion is greatly appreciated.

    Thanks a lot.

     

     

     

  2. mattc
    mattc avatar
    105 posts
    Registered:
    11 Aug 2007
    09 Mar 2011
    Link to this post
    Hi

    Have a look at this thread:
    http://www.sitefinity.com/devnet/forums/sitefinity-4-x/general-discussions/programmatic-login.aspx

    It worked for me. When I have a chance I'll have a look at the code and see what is different in yours.

    Matt
  3. Developer
    Developer avatar
    12 posts
    Registered:
    23 Oct 2008
    09 Mar 2011
    Link to this post
    Hi Matt,

    Thanks for the reply.

    I saw this post. It's related to beta 2 version, and I am using final release. Do not know if anything was changed in Telerik assemblies since then, but SecurityManager.SetAuthenticationCookie is not accessible for me. I can call SecurityManager.AuthenticateUser instead.

    Am I missing anything in references?

    Imports

     

    Telerik.Sitefinity.Security

     

    Imports

     

    Telerik.Sitefinity.Model

     

    Imports

     

    Telerik.Sitefinity.Security.Model

     

  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    09 Mar 2011
    Link to this post
    Hi ,

    You have to use AuthenticateUser , because the other method was made internal. You cannot use SetAuthenticationCookie.


    Best wishes,
    Ivan Dimitrov
    the Telerik team
  5. Sham
    Sham avatar
    27 posts
    Registered:
    08 Dec 2010
    28 Apr 2011
    Link to this post
    Hi,

    I am facing the same issue logged here. i tried AuthenticateUser and then SetAuthCookie(username, False) but no luck.

    whether the problem was resolved for Developer and i am interested to know what was the resolution.

    Your help appreciated. Thanks in advance.

    Regards

    Sham.
  6. Developer
    Developer avatar
    12 posts
    Registered:
    23 Oct 2008
    28 Apr 2011
    Link to this post
    Hi Sham,

    Use the following code.

     

     

     

    Imports Telerik.Sitefinity.Security
    Imports Telerik.Sitefinity.Model
    Imports Telerik.Sitefinity.Security.Model

     

    Private Function UserLogin(ByVal strFirstName As String, ByVal strLastName As String, ByVal strUserName As String, ByVal strPassword As String, ByVal strEmail As String) As String
            Dim strRetVal As String = ""
      
            Dim usrMngr As UserManager = UserManager.GetManager()
            Dim roleMngr As RoleManager = RoleManager.GetManager("AppRoles")
      
            usrMngr.Provider.SuppressSecurityChecks = True
            roleMngr.Provider.SuppressSecurityChecks = True
      
            Dim dtNow As DateTime = DateTime.UtcNow
            Dim ip As String = HttpContext.Current.Request.UserHostAddress
      
            Dim objUser As User
               
            objUser = usrMngr.GetUser(strUserName)
      
                If Not objUser Is Nothing Then
                    objUser.IsLoggedIn = False
                    usrMngr.SaveChanges()
                End If
              
            objUser.FirstName = strFirstName
            objUser.LastName = strLastName
            objUser.Email = strEmail
            objUser.Password = strPassword
              
            objUser.IsApproved = True
            objUser.LastLoginIp = ip
            objUser.LastLoginDate = dtNow
            objUser.LastActivityDate = dtNow
      
            usrMngr.SaveChanges()
      
            Dim validate As UserLoggingReason
      
            validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), strUserName, strPassword, False, objUser)
      
            strRetVal = validate.ToString
      
           Return strRetVal
        End Function

    This function will return "SUCCESS" for authenticated user.

  7. Sham
    Sham avatar
    27 posts
    Registered:
    08 Dec 2010
    28 Apr 2011
    Link to this post
    Hi,

    Thank you for the code snippet. I am already using AuthenticateUser Method and everything seems fine. "Success" is returned and i see that user Online but somehow the cookie is not getting generated by FormAuthentication.SetAuthCookie(User, False). Since Cookie is not generated when  visit /Sitefinity/Login i have been asked to provide user name password but i am expecting i will be logged in automatically.

    but when manually i login to Sitefinity the cookie is generated properly. I am not sure what step i am missing but same logic works well with 3.7. my sitefinity version is 4.0 SP1 and i am not using 4.1 right now.
  8. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    03 May 2011
    Link to this post
    Hi ,

    When the user is authenticated and if you get success then you should have the cookies in the CookieCollection.  The problem might appear if you do not add these cookies to the cookie container of the current request

    request.CookieContainer = new CookieContainer();

    It depends on whether you are using the same application or there is some routing, because the cookies are valid only in the scope of one domain name. If you are working in the context of the same domain, after you authenticate a user you should make another request that contains the cookies  you get from the first request.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    17 May 2011
    Link to this post
    Hello,

    Might be the wrong thread for this question, but I need to find out how I can
    check if a user is already logged on somewhere else? Currently I am only
    checking if the credentials are ok, but even if they are ok, the user still
    gets bounced off if s/he is logged on somewhere else, it seems. If that
    is the case then I want to give a meaningful message to the user, or
    log the user off from the other location and log him on locally.

    Many thanks,
    Andrei
  10. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    18 May 2011
    Link to this post
    Hello Andrei,

    The Telerik.Sitefinity.Security.Model.User has a property IsLoggedIn that shows whether the user is online or not.

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  11. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    18 May 2011
    Link to this post
    Ivan,

    This is what I have:
    // get the current user
    var user = Telerik.Sitefinity.Security.SecurityManager.GetCurrentUser();
    if (!user.Identity.IsAuthenticated)
    {
        Response.Redirect("~/Briefing?info=User was not authenticated.");
    }

    What I want is:
    Pseodo Code
    -----
          If (user.IsOnline)
          {
                 Log him off from whereever,
                 Log him on locally,
          }
          Else if (!user.IsAuthenticated)
          {
                  Bounce him!
          }

    I was getting issues where I enter the correct details in my own Custom Login Control and it would still bounce
    me off. I expect it was because I was logged somewhere else. 

    The user type you indicated in the last post is different and I am having some trouble getting it to work.

    Many thanks,
    Andrei
  12. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    18 May 2011
    Link to this post
    Ignore my earlier request, I am taking a different approach.

    Thanks
    Andrei
  13. David
    David avatar
    2 posts
    Registered:
    15 Aug 2011
    15 Mar 2012
    Link to this post
    I encountered this problem where I could authenticate correctly using the login page, but during membership creation, and redirection, it did not authenticate correctly, even though the cookies were present.

    The problem is all about roles. After creating a user, we redirect to a page that only allows a specific role. Even though the user is in the role, the cookie was created before the role was assigned/saved.

    By moving the authentication to a point after the role is assigned/saved, the cookies now contained the correctly information about which role they are in. The redirect then worked correctly. 

         
    if (roleMgr.RoleExists(Rolename))
    {
      // use Role Manager's ADD method and GetRole method
      roleMgr.AddUserToRole(user, roleMgr.GetRole(Rolename));
      roleMgr.SaveChanges();
    }
     
     
    var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), CreateUserWizard1.UserName, CreateUserWizard1.Password, true);
    bool authenticated = (validate == UserLoggingReason.Success);

  14. David
    David avatar
    2 posts
    Registered:
    15 Aug 2011
    15 Mar 2012
    Link to this post
    I encountered this problem where I could authenticate correctly using the login page, but during membership creation, and redirection, it did not authenticate correctly, even though the cookies were present.

    The problem is all about roles. After creating a user, we redirect to a page that only allows a specific role. Even though the user is in the role, the cookie was created before the role was assigned/saved.

    By moving the authentication to a point after the role is assigned/saved, the cookies now contained the correctly information about which role they are in. The redirect then worked correctly. 

         
    if (roleMgr.RoleExists(Rolename))
    {
      // use Role Manager's ADD method and GetRole method
      roleMgr.AddUserToRole(user, roleMgr.GetRole(Rolename));
      roleMgr.SaveChanges();
    }
     
     
    var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), CreateUserWizard1.UserName, CreateUserWizard1.Password, true);
    bool authenticated = (validate == UserLoggingReason.Success);

14 posts, 0 answered