+1-888-365-2779
Try Now
More in this section

Forums / Sitefinity SDK / Custom Membership and Role Providers

Custom Membership and Role Providers

29 posts, 0 answered
  1. Nicolas
    Nicolas avatar
    156 posts
    Registered:
    19 Jan 2011
    15 Feb 2011
    Link to this post
    Hi,

    we began to work on a site. We need a custom system for user's rights.

    I developed a custom RoleProvider, MyRoleProvider inherit SitefinityRoleProvider, and a custom MembershipProvider, MyMembershipProvider inherit SitefinityMembershipProvider.

    I register this two on Administration >> Settings >> Advanced >> Security.

    I edit the web.config like this :
        <roleManager defaultProvider="MyRoleProvider" enabled="true">
          <providers>
            <clear/>
            <add name="MyRoleProvider" type="Sitefinity.Tools.Security.MyRoleProvider"/>
          </providers>
        </roleManager>
        <membership defaultProvider="MyMembershipProvider">
          <providers>
            <clear/>
            <add name="MyMembershipProvider" type="Sitefinity.Tools.Security.MyMembershipProvider"/>
          </providers>
        </membership>

    But during the first access of site backend (Sitefinity/Login?ReturnUrl=/Sitefinity/default.aspx), i obtains this message :

    Invalid provider name "MyMembershipProvider" for SitefinityMembershipProvider specified in web.config file. The name should match one of the providers configured in Sitefinity's Security.config configuration.


    If i made a refresh, i obtains the classic login page without skin...
    I verify auto-generated file SecurityConfig.config, my MembershipProvider and RoleProvider are defined.

    It seems not correctly recognized by Sitefinity, I probably omit a configuration or i have to developed a personalized login form ?
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    15 Feb 2011
    Link to this post
    Hello Nicolas,

    Have you enabled the Membership provider? I do not see enabled=True attribute

    <membershipProviders>
            <add description="some description" resourceClassId="" type="Sitefinity.Tools.Security.MyMembershipProvider" type:type="System.RuntimeType, mscorlib" enabled="True" name="MyMembershipProvider" />
        </membershipProviders>

    Regards,
    Ivan Dimitrov
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>
  3. Nicolas
    Nicolas avatar
    156 posts
    Registered:
    19 Jan 2011
    15 Feb 2011
    Link to this post
    Hi Ivan,

    it's enabled i see it but only in SecurityConfig.config, i can't edit this attribute in web.config.

    SecurityConfig.config :
    <membershipProviders>
            <add description="MyMembershipProviderDescription" resourceClassId="SecurityResources" type="Sitefinity.Tools.Security.MyMembershipProvider" type:type="System.RuntimeType, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" applicationName="Backend/" enablePasswordRetrieval="false" unrestrictedRole="administrator" createUsersIfUnknown="true" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="(?=.{6,})" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" enabled="True" name="MyMembershipProvider" />
    </membershipProviders>

    Maybe i have to disable the Default membership ?

    Regards,
    Nicolas
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    15 Feb 2011
    Link to this post
    Hi Nicolas,

    You should use only the securityConfig.config. Please remove the settings from the root web.config file.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>
  5. Nicolas
    Nicolas avatar
    156 posts
    Registered:
    19 Jan 2011
    16 Feb 2011
    Link to this post
    Hi Ivan,

    The behavior evolved, i remove settings in root web.config now i obtains a "NotImplementedException" :
    [NotImplementedException: La méthode ou l'opération n'est pas implémentée.]
     
       Telerik.Sitefinity.Security.MembershipProviderWrapper.GetUsers() +28
       Telerik.Sitefinity.Security.Web.UI.LoginForm.InitializeProvidersList() +366
       Telerik.Sitefinity.Security.Web.UI.LoginForm.CreateChildControls() +116
       System.Web.UI.Control.EnsureChildControls() +102
       System.Web.UI.Control.FindControl(String id, Int32 pathOffset) +20
       System.Web.UI.Control.FindControl(String id) +12
       Telerik.Sitefinity.Security.Web.UI.LoginForm.get_ChangePasswordLink() +30
       Telerik.Sitefinity.Security.Web.UI.LoginForm.UpdateVisibilityOfLinks() +121
       Telerik.Sitefinity.Security.Web.UI.LoginForm.set_ShowChangePasswordLink(Boolean value) +60
       Telerik.Sitefinity.Web.LoginRouteHandler.SetLoginLogoutFroms(Page handler, RequestContext requestContext, String view) +230
       Telerik.Sitefinity.Web.LoginRouteHandler.InitializeHttpHandler(Page handler, RequestContext requestContext) +202
       Telerik.Sitefinity.Web.RouteHandlerBase.Handler_PreInit(Object sender, EventArgs e) +199
       System.Web.UI.Page.OnPreInit(EventArgs e) +8871966
       System.Web.UI.Page.PerformPreInit() +31
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +328


    I see in trace MembershipProviderWrapper, normally is to wrap standard ASP.NET. It seems not found GetUsers() method but my MembershipProvider inherit SitefinityMembershipProvider and i can't override GetUsers method.
    May I have to create my own GetUsers method ?
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    22 Feb 2011
    Link to this post
    Hello Nicolas,

    You should inherit from MembershipDataProvider or OpenAccessMembershipProvider - represents OpenAccess implementation of data provider for Sitefinity membership services

    Regards,
    Ivan Dimitrov
    the Telerik team
    Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!
  7. Rick Kooke
    Rick Kooke avatar
    2 posts
    Registered:
    26 Nov 2009
    10 Aug 2011
    Link to this post
    Hi,

    I have almost the same problem. For our sitefinity website we had to build or own membership provider, to authenticate customers.
    The CustomMemberShiprovider is inherited from MembershipProvider we overrided the validateUser en the Initialize.


    In the SecurityConfig.config added the additional CustomMembershipProvider:
    <membershipProviders>
      <add description="ABP Membership provider" type:type="System.RuntimeType, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" resourceClassId="" type="ABPDynamics.Webshop.MbrProvider" applicationName="/" RequiresQuestionAndAnswer="False" EnablePasswordReset="False" EnablePasswordRetrieval="False" ResetPasswordUrl="False" PasswordRetrievalUrl="False" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10"  enabled="True" name="ABPMembershipProvider" xmlns:p3="urn:telerik:sitefinity:configuration:type" />
    </membershipProviders>


    In de login controle we use:

     

    SecurityManager.AuthenticateUser("ABPMembershipProvider", 
    txtLoginName.Text.Trim(), txtPassword.Text.Trim(), true);<BR><BR>

     

    And then we get the following error...
    [ArgumentException: Invalid type specified Telerik.Sitefinity.Security.Data.MembershipDataProvider]
       Telerik.Sitefinity.Data.ManagerBase`1.InstantiateProvider(IDataProviderSettings providerSettings, Type providerType, ExceptionPolicyName policy, ManagerBase`1 manager) +1877
       Telerik.Sitefinity.Data.ManagerBase`1.InstantiateProvider(IDataProviderSettings providerSettings, ExceptionPolicyName policy, ManagerBase`1 manager) +74
       Telerik.Sitefinity.Data.ManagerBase`1.SetProvider(String providerName, String transactionName) +510
    
    [TargetInvocationException: Exception has been thrown by the target of an invocation.]
       System.RuntimeMethodHandle._InvokeConstructor(IRuntimeMethodInfo method, Object[] args, SignatureStruct& signature, RuntimeType declaringType) +0
       System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +517
       Telerik.Sitefinity.Data.ManagerBase`1.InstantiateManager(String providerName, String transactionName) +249
       Telerik.Sitefinity.Data.ManagerBase`1.GetManager(String providerName, String transactionName) +570
       Telerik.Sitefinity.Security.SecurityManager.AuthenticateUser(String membershipProviderName, String userName, String password, Boolean persistent, User& user) +46
       Telerik.Sitefinity.Security.SecurityManager.AuthenticateUser(String membershipProviderName, String userName, String password, Boolean persistent) +28
       SitefinityWebApp.Widgets.WebShop.Account.Login.btnLogin_Click(Object sender, EventArgs e) in C:\Users\RKo\Documents\Visual Studio 2010\Projects\ABPDynamics.WebShop\ABPDynamics.WebShop\Widgets\WebShop\Account\Login.ascx.cs:95
       System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3707

    In sitefinity is the CustomMembershipProvider visible ?
    Whats the problem here?

    Regards,

    Rick

  8. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    10 Aug 2011
    Link to this post
    Hello Rick,

    The default membership provider could not be removed. You need to create an instance of SecurityManager with the custom provider you have created and then authenticate the user.

    Kind regards,
    Ivan Dimitrov
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>

  9. Rick Kooke
    Rick Kooke avatar
    2 posts
    Registered:
    26 Nov 2009
    10 Aug 2011
    Link to this post
    Hi Ivan,

    Thanks for your help, but do you have an example for me?

    Kind Regards,

    Rick
  10. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    11 Aug 2011
    Link to this post
    Hello,
    Is it possible to make available a sample website where custom role/membership providers have been utilised.

    I cannot find any documentation that shows how to configure the website for this.

    What actions are required on the web.config, securityconfig.config to implement this ? ... in terms of registering the provider and database connection strings, for the database used to house roles/members which is NOT the sitefinity one ...

    Sonia
  11. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    12 Aug 2011
    Link to this post
    Hello Sonia,

    Here is one post that shows how to configure a custom membership provider
    http://www.sitefinity.com/blogs/slavoingilizov/posts/11-04-20/using_the_asp_net_sql_membership_provider_in_sitefinity.aspx

    If you have custom provider that inherits from OpenAcess implementation or directly from our data provider you can register it in the configurations - Administration >> Settings >> Advanced >> Security.

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>

  12. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    12 Aug 2011
    Link to this post
    Ivan,
    I've implemented a rough version for a custom membership and role provider that at the moment does not save to a sql server backend.

    I've setup 2 arrays, an array of users, an array of roles ...

    My providers know what custom roles my users belong to ...

    When I go to the user profile page ... the interface has not checked the custom roles my users belong to
    however if I add an 'application role' to my user, this information is saved

    Also if I assign permissions to my custom roles that information is saved

    the only thing missing is the link between the user and the role, its built in the provider to know this association but sitefinity does not recognise it

    Each time I go into the user profile the custom roles are unticked

    What is the purpose of the ApplicationRoles in the securityconfig.config file ? if I take them away my site stops working, how do I populate this programmatically with custom roles if it is necessary for them to stay ?

    Sonia 
  13. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    17 Aug 2011
    Link to this post
    Hi Sonia,

    In your custom role provider do you implement a property of type ManagerInfo and named ManagerInfo? It is used to link a role from the role provider to a user in a membership provider. Here is a sample implementation:

    public ManagerInfo ManagerInfo
    {
        get
        {
        if (this.managerInfo == null)
        {
            this.managerInfo = new ManagerInfo()
            {
            ApplicationName = this.ApplicationName,
            ManagerType = typeof(RoleManager).FullName,
            ProviderName = this.Name,
            Id = Guid.NewGuid()
            };
        }
        return this.managerInfo;
        }
    }

    Greetings,
    Lubomir Velkov
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>

  14. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    18 Aug 2011
    Link to this post
    Lubomir,
    I can't find any reference to ManagerInfo in the RoleProvider class so I haven't implemented.

    However, I've downloaded the latest copy of your code (4.2) and my implementation seems to work there so there must be  bug in the previous version of sitefinity

    Also how do you disable buttons such as create new user/role and reset password on a custom role/membership provider ?
  15. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    22 Aug 2011
    Link to this post
    Hi Sonia,

    I'm glad you resolved one of the issues. As for these buttons - I don't think there is a way to allow/disable them for a specific provider. You can do this for the entire module using permission settings. Unfortunately you can't do this per provider.

    Best wishes,
    Lubomir Velkov
    the Telerik team

    Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>

  16. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    31 Aug 2011
    Link to this post
    I don't know if this related to my using custom role/membership provider as it doesn't appear to be hitting the code in these components but when I try to navigate to the permission page on assets like a page or news content, the backend goes into an infinite loop

    I can't locate the code that is causing the problem because it does not appear to be entering my custom role/membership modules

    Can you tell me what the possible problem is ?
  17. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    02 Sep 2011
    Link to this post
    Hi Sonia,

    Could you tell me the exact version of Sitefinity that you use? Also, in your membership database - how many users and roles (and user/role combinations) do you have? There was a performance issue when there are many users and roles that was fixed in one of the latest versions. It is possible that you do not enter an infinite loop, but rather that you need to wait until some method executes properly.

    Kind regards,
    Lubomir Velkov
    the Telerik team

    Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>

  18. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    02 Sep 2011
    Link to this post
    Version 4.2

    And the looping only occurs when the backend is used within firefox browser. It's OK if used in conjunction with ie.

    It has nothing to do with mu custom membership/role providers
  19. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    04 Sep 2011
    Link to this post
    Hi Sonia,

    Do you use Firefox 6? We had a problem with Firefox 6 resulting in an infinite loop that was resolved in a hotfix. Please check this forum post for more information:

    http://www.sitefinity.com/devnet/forums/sitefinity-4-x/general-discussions/sitefinity-4-2-hotfix-1.aspx

    All the best,
    Lubomir Velkov
    the Telerik team

    Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>

  20. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    05 Sep 2011
    Link to this post
    Yes we are using Firwfox 6.0.1

    Thanks for a solution.
    Sonia 
  21. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    07 Sep 2011
    Link to this post
    trying to install sitefinity on an external box ... kept getting the error endpointnot found exception when trying to delete a page in the backend . Changed the servicepaths workflowbaseurl in the systemconfig file, moved on to a model error but when I look in log see the following ...

    If there is a potential problem with my custom role/member providers why would the error be in the telerik providers ?
     

    ----------------------------------------
    Timestamp: 07/09/2011 16:04:35

    Message: HandlingInstanceID: 21c8550d-c83f-4569-9532-f6374729ed47
    An exception of type 'System.ArgumentException' occurred and was caught.
    ------------------------------------------------------------------------
    09/07/2011 17:04:35
    Type : System.ArgumentException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
    Message : Invalid type specified Telerik.Sitefinity.Security.Data.RoleDataProvider
    Source : Telerik.Sitefinity
    Help link :
    ParamName :
    Data : System.Collections.ListDictionaryInternal
    TargetSite : TProviderBase InstantiateProvider(Telerik.Sitefinity.Configuration.IDataProviderSettings, System.Type, Telerik.Sitefinity.Abstractions.ExceptionPolicyName, Telerik.Sitefinity.Data.ManagerBase`1[TProviderBase])
    Stack Trace :    at Telerik.Sitefinity.Data.ManagerBase`1.InstantiateProvider(IDataProviderSettings providerSettings, Type providerType, ExceptionPolicyName policy, ManagerBase`1 manager)

    Additional Info:

    MachineName : S8045-7676-WB01
    TimeStamp : 07/09/2011 16:04:35
    FullName : Telerik.Sitefinity.Utilities, Version=4.2.1650.0, Culture=neutral, PublicKeyToken=b28c218413bdf563
    AppDomainName : /LM/W3SVC/3/ROOT-1-129598850694882845
    ThreadIdentity :
    WindowsIdentity : NT AUTHORITY\NETWORK SERVICE
    Requested URL : http://***.com/

    Category: ErrorLog

    Priority: 0

    EventId: 9010

    Severity: Warning

    Title:Enterprise Library Exception Handling

    Machine: S8045-7676-WB01

    App Domain: /LM/W3SVC/3/ROOT-1-129598850694882845

    ProcessId: 5372

    Process Name: c:\windows\system32\inetsrv\w3wp.exe

    Thread Name:

    Win32 ThreadId:3500

    Extended Properties:
    ----------------------------------------
    ----------------------------------------
    Timestamp: 07/09/2011 16:04:36

    Message: HandlingInstanceID: 6b0327c5-8d9c-4665-97eb-3315be296c45
    An exception of type 'System.ArgumentException' occurred and was caught.
    ------------------------------------------------------------------------
    09/07/2011 17:04:36
    Type : System.ArgumentException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
    Message : Invalid type specified Telerik.Sitefinity.Security.Data.MembershipDataProvider
    Source : Telerik.Sitefinity
    Help link :
    ParamName :
    Data : System.Collections.ListDictionaryInternal
    TargetSite : TProviderBase InstantiateProvider(Telerik.Sitefinity.Configuration.IDataProviderSettings, System.Type, Telerik.Sitefinity.Abstractions.ExceptionPolicyName, Telerik.Sitefinity.Data.ManagerBase`1[TProviderBase])
    Stack Trace :    at Telerik.Sitefinity.Data.ManagerBase`1.InstantiateProvider(IDataProviderSettings providerSettings, Type providerType, ExceptionPolicyName policy, ManagerBase`1 manager)

    Additional Info:

    MachineName : S8045-7676-WB01
    TimeStamp : 07/09/2011 16:04:36
    FullName : Telerik.Sitefinity.Utilities, Version=4.2.1650.0, Culture=neutral, PublicKeyToken=b28c218413bdf563
    AppDomainName : /LM/W3SVC/3/ROOT-1-129598850694882845
    ThreadIdentity :
    WindowsIdentity : NT AUTHORITY\NETWORK SERVICE
    Requested URL : http://***.com/

    Category: ErrorLog

    Priority: 0

    EventId: 901

  22. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    08 Sep 2011
    Link to this post
    the above was resolved by setting workflowBaseUrl correctly in the systemconfig file, however I have now hit another problem ...

    This is to do with page authorisation.

    I set up a page YESTERDAY where only authenticated persons could view it

    In ie, when I log in then explicitly call the page, I can see the page fine. In firefox, and chrome I get a message saying I am prohited from seeing the page

    TODAY when I repeat the same test in ie and try to navigate to the page, the browser goes into an infinite loop, firefox and chrome indicate that there is a  HTTP 310 ERR_TOO_MANY_REDIRECTS error

    When I setup another page TODAY where only authenticated persons can view it, and I navigate to the page after logging in in ie, I can see thSEE THIS NEW PAGE OK, with the same problems I experienced before in firefox and chrome

    WHAT IS GOING ON ?????????? is there a problem with the time element in the cookie which is somehow getting saved in the sitefinity database and is causing a problem aftyer 24 hours have elapsed ? 
  23. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    08 Sep 2011
    Link to this post
    Also I've just noticed that there are loads of cookie names in the securityconfig file .... if I'm creating a custom cookie to go with my custom membership/roles provider what name should I be calling the cookie because at the moment I'm just using the ASP.NET default name for the cookie ...
  24. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    08 Sep 2011
    Link to this post
    Hi Sonia,

    In Internet Explorer were you logged in in the Backend? I suppose you were in IE and were not in Firefox/Chorme, this is why you were able to see the page. Also the session timeout is adjustable in the Advanced Settings -> Security.

    Regards,
    Lubomir Velkov
    the Telerik team

    Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>

  25. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    08 Sep 2011
    Link to this post
    OK that explains why I could see the authenticated page in ie but why does trying to navigate to the next day cause an infinite loop ?

    what name should I be calling a custom cookie ?
  26. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    08 Sep 2011
    Link to this post
    My problem is that I am doing an integration of Sitefinity with a third party CRM which is written in classic asp

    I have written a custom login widget that captures the users username and password and posts this information to an asp classic page for authentication, once the user has been authenticated in the other system they are redirected back into the sitefinity application however at this point I won't have an authentication cookie for the asp.net application so I have to create one.

    I'm using a httpmodule to create an authentication cookie if the home page has been requested with the username & remember me flag as form data. I do that in the context.AuthenicateRequest event.

    In the global.asax Application_AuthenticateRequest event I look for the cookie, if found construct a genericprincipal and assign to context.user

    However all this is not allowing me access to sitefinity authenticated pages.

    I've changed the name of my forms authentication cookie to be the same as what's specified in securityconfig for authCookieName and also put a machinekey in my web.config file with same validationkey and decryptionkey as in securityconfig

    ... however none of this is working ...

  27. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    08 Sep 2011
    Link to this post
    Getting this ...

    Invalid authenticaiotn ticket data.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.IO.InvalidDataException: Invalid authenticaiotn ticket data.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [InvalidDataException: Invalid authenticaiotn ticket data.]
       Telerik.Sitefinity.Security.SecurityManager.RenewTicket(FormsAuthenticationTicket oldTicket, TimeSpan newTimeout) +201
       Telerik.Sitefinity.Security.SecurityManager.BuildIdentity(HttpContextBase context) +738
       Telerik.Sitefinity.Security.SecurityManager.BuildPrincipal(HttpContextBase context) +165
       Telerik.Sitefinity.Security.SecurityManager.AuthenticateRequest(HttpContextBase context) +664
       Telerik.Sitefinity.Web.SitefinityHttpModule.Context_AuthenticateRequest(Object sender, EventArgs e) +53
       System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
    
  28. Sonia
    Sonia avatar
    15 posts
    Registered:
    11 Aug 2011
    08 Sep 2011
    Link to this post
    In my httpmodule context.AuthenticateRequest event I now just have this line, which is executed when a condition is met ...

     

     

     

    SecurityManager.AuthenticateUser("***Member", _email,string.Empty, false);

    where "***Member" is my custom membership provider

    I have removed any code that was in Global.asax

    Now I am getting the following error ...

    My custom roleprovider is based on System.Web.Security.RoleProvider ....



     

    Unable to cast object of type 'System.Web.Security.RolePrincipal' to type 'Telerik.Sitefinity.Security.SitefinityPrincipal'.

     

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.InvalidCastException: Unable to cast object of type 'System.Web.Security.RolePrincipal' to type 'Telerik.Sitefinity.Security.SitefinityPrincipal'.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [InvalidCastException: Unable to cast object of type 'System.Web.Security.RolePrincipal' to type 'Telerik.Sitefinity.Security.SitefinityPrincipal'.]
       Telerik.Sitefinity.Web.SiteMapBase.IsAccessibleToUser(HttpContext context, SiteMapNode node) +232
       Telerik.Sitefinity.Web.SitefinitySiteMap.IsAccessibleToUser(HttpContext context, SiteMapNode node) +67
       System.Web.SiteMapNode.IsAccessibleToUser(HttpContext context) +17
       Telerik.Sitefinity.Web.SitefinityRoute.CheckSecurity(HttpContextBase httpContext, PageSiteNode node) +53
       Telerik.Sitefinity.Web.SitefinityRoute.GetRouteData(HttpContextBase httpContext) +640
       System.Web.Routing.RouteCollection.GetRouteData(HttpContextBase httpContext) +287
       System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context) +60
       System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender, EventArgs e) +86
       System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
    
  29. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    13 Sep 2011
    Link to this post
    Hello Sonia,

    By default ASP.NET issues RolePrincipal but what we do is save our SitefinityPrincipal and then cast it back to our saved value. In our SitefinityHttpModule we have the following code:

    void context_PostAuthenticateRequest(object sender, EventArgs e)
    {
        HttpContextBase context = SystemManager.CurrentHttpContext;
        if (!(context.User is SitefinityPrincipal))
        {
            var sfPrincipal = context.Items["SitefinityPrincipal"] as SitefinityPrincipal;
            if (sfPrincipal != null)
                context.User = sfPrincipal;
        }
    }

    As you can see we saved the "SitefinityPrincipal" in the Items collection in before and then we replace the context.User value. I guess you could do the same.

    Kind regards,
    Lubomir Velkov
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get it now >>

29 posts, 0 answered