Single Sign on not working with Sitefinity 4.0

Posted by Community Admin on 03-Aug-2018 12:47

Single Sign on not working with Sitefinity 4.0

Sitefinity - General Discussions

All Replies

Posted by Community Admin on 21-Apr-2011 00:00

Hi,

We are using CMS Integration with our Website. by using Sitefinity APIs we are able to create new users in Sitefinity whenever we create new user in our web site. Once user login to our website we want the user automatically login to Sitefinity that is Single sign on when user goto Http:/Website/Sitefinity/

following are the configurtions we did at web.config

authentication mode="Forms" 

 forms name=".ASPNET" loginUrl="~/sitefinity/login" protection="All" timeout="1440" path="/"/


During our login process we are Validating Sitefinity user by calling

Public Function ValidateSitefinityUser(ByVal UserName As String, ByVal Password As String) As Boolean

   Dim oManager As

Telerik.Sitefinity.Security.UserManager = Telerik.Sitefinity.Security.UserManager.GetManager

Return oManager.ValidateUser(UserName, Password)

 

End Function

 

Above function returning true and then we are settting the cookie

   

If m_wsSiteFinity.ValidateSitefinityUser(CMSUserName, WebUserPassword) Then

 FormsAuthentication.SetAuthCookie(CMSUserName, False)

      bResult = True
End If

Above functionality is working correctly and the cookie is set. However when we goto ~/Sitefinity/ URL we are expecting we will be automatically login. but Login dialog shown to us. Please note this works fine with Sitefinity 3.7

Thanks in advance for your help.

Regards

Sham

 

 

Posted by Community Admin on 26-Apr-2011 00:00

Hi,

Some update on this problem.

I tried following code from one of the post

User sitefinityUser;
string providerName = null; // using default provider
bool rememberMe = true;
UserLoggingReason result = SecurityManager.AuthenticateUser(providerName, "user name", "password", rememberMe, out sitefinityUser);
bool authenticated = result == UserLoggingReason.Success;

The code seems authenticating the user but still when i go to Login page or default Sitefinity page i have been asked to login. Please refer AuthenticateUser.png file to see the status of user.

Your help highly appreciated.

Regards

Sham

Posted by Community Admin on 27-Apr-2011 00:00

Hello Sham,

Can you check the authenticated result ?

bool authenticated = validate == UserLoggingReason.Success;
if(authenticated)
    Response.Redirect("~/Sitefinity"); 

Please check whether there is a cookie generated for the user you use.

All the best,
Ivan Dimitrov
the Telerik team

Posted by Community Admin on 27-Apr-2011 00:00

Hi Ivan,

Yes i checked the result. the result is success. if you refer image attachment to previous thread the user is shown online. even i am generating the cookie explicitly by adding code

following is the function from my webservice which returns true

 

 

 

    Public Function ValidateSitefinityUser(ByVal UserName As String, ByVal Password As String) As Boolean

 

        Dim oManager As Telerik.Sitefinity.Security.UserManager = Telerik.Sitefinity.Security.UserManager.GetManager
        If oManager.ValidateUser(UserName, Password) Then
     Dim oMemUser As MembershipUser  
            oMemUser = oManager.GetUser(username)
            Dim membershipProvider As String = Nothing'oMemUser.ProviderName
            'Dim response As HttpResponseBase = SystemManager.CurrentHttpContext.Response
             Dim validate As UserLoggingReason = Telerik.Sitefinity.Security.SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), username, password, False, oMemUser)
            Dim authenticated As Boolean
            authenticated = validate = UserLoggingReason.Success

 

            Return authenticated

 

        End If

 

    End Function

 

FormsAuthentication.SetAuthCookie(CMSUserName,

 

False

)

 

 

 


I tried to see if cookie is generated by following code and it resulted to "Cookie Exist". I have done what we need to and same code is working fine for 3.7.

FormsAuthentication.SetAuthCookie(CMSUserName,

False)

 

 

 

If FormsAuthentication.GetAuthCookie(CMSUserName, False) IsNot Nothing Then

 

ExceptionManager.Publish(

New Exception(Convert.ToString("Cookie Exist")))

 

 

 

End If

 



Regards

Sham

Posted by Community Admin on 27-Apr-2011 00:00

Hi,

Just an update, i tried following logic sent by Boyan Barnev but after redirecting to sitefinity page its prompting me for login. the login control/page shown on the page instead of home page.



Can you, please, try if the below sample code will successfully authenticate your user - I've tested it on my side and it works fine. Please implement it in your code and inform me if the suggested solution works. Also, please make sure the user you are trying to authenticate belong to a role that has proper permissions set to access Sitefinity backend.

UserManager manager = UserManager.GetManager();

            User objUser = manager.GetUser("MyUser");

            var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), "MyUser", "password", false, outobjUser);

            boolauthenticated = validate == UserLoggingReason.Success;

            if(authenticated)

            

                Response.Redirect("~/Sitefinity");

            



Regards

Sham

 

Posted by Community Admin on 27-Apr-2011 00:00

Hi Ivan,

Thank you very much for the post. You are correct that the cookie is not getting generated for user. when i normally login to Sitefinity is generates cookie but not when i use SetAuthCookie(Username, False). i have added following config in web.config

 <authentication mode="Forms" >
      <forms name=".ASPNET" loginUrl="~/sitefinity/" timeout="1440" path="/"/>
    </authentication>

also SetAuthCookie method along with AuthenticateUser. is there something i am missing?

Regards

Sham.

Posted by Community Admin on 29-Apr-2011 00:00

Hi,

Sorry to be a trouble. I come to know the exact problem here and looking for a resolution.

Sitefinity AuthenticateUser works well and there is no issue with it. when i tried same logic on new website Single Sign on is working fine.

The problem here is tricky. I think since the AuthenticateUser is called in a Webservice the cookie is not getting generated. Same logic works when i call on web control. I tried with Supporting Session state to webmethod but no luck on that.

One question, how we can create the cookie explicitly for AuthenticateUser? or how i can access/generate the cookie? that will help me to support Single Sign on assuming I can't change my Webservice Architecture

Your help highly appreciated.

Sham

Posted by Community Admin on 04-May-2011 00:00

Hi Sham,

When you call AuthenticateUser if the result is success there must be a valid cookie. The problem could be if you do not send this cookie again to the second response. There also might be a problem if you are trying to make request between two different domains, because the cookies cannot be shared between domains.

Greetings,
Ivan Dimitrov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed