Working for a long time with Sitefinity 3.x it was enough to set programmatically FormsAuthentication cookie and Sitefinity treated the user properly, allowing access to the CMS pages according to permissions set.
Now I started working with SF 4.0 and I found out that user authentication is different and FormsAuthentication cookie is no longer enough.
My attempt was to replicate in my login module what SF does. I need custom login module since I authenticate user against client Association Management System (AMS) database and then check if user exists in Sitefinity (CMS). If no, I add user to CMS and set authentication cookies, if yes, update user info, if necessary, and set cookies.
So, for the user existing in SF if I login using SF login page (~/Sitefinity/login) it sets the following cookies:
and I can access restricted page in CMS.
From my login module, I use the following code to set the same cookeis:
SecurityManager.AuthenticateUser("Default", tbUsername.Text.Trim, tbPassword.Text, False)
But I cannot access restricted page, it's "explicitly forbidden".
OK. I am missing something.
I tried to go to my login page, logout and then login again. After this the restricted page is available. It's available as many times as I logout and login again, but only until I close the browser (I set non-persistent cookies).
Reopening browser window requires me to login TWICE again in order to access restricted page.
Did anybody encounter the same issue and find any solution?
Any suggestion is greatly appreciated.
Thanks a lot.