Sitefinity 4.0 Forms Authentication

Posted by Community Admin on 03-Aug-2018 23:21

Sitefinity 4.0 Forms Authentication

Sitefinity - General Discussions

All Replies

Posted by Community Admin on 01-Apr-2011 00:00

Hello,

In Sitefinity 4.0 FormsAuthentication is no longer in consideration for authenticating users.

I wonder, where I can set my Login page path, so each page that requires authentication will route to Login page for anonymous users.

To be more clear: in Sitefinity 3.x it was set in web.config
    

<

authentication mode="Forms">

 

<

forms name=".ASPNET" loginUrl="/Login.aspx" protection="All" timeout="1440" path="/" />

</

authentication>

 


Appreciate any help.
Thanks.

Posted by Community Admin on 04-Apr-2011 00:00

Hi there,

You can still set the login page url from the web.config file but you have to add some other tweaks

<authentication mode="Forms">
  <forms loginUrl="~/login" defaultUrl="~/home" />
</authentication>

    <customErrors mode="On">
  <error statusCode="403" redirect="~/login" />
</customErrors>

You will also need to create a custom Login user control and in the page load event of the control add the following

var user = SecurityManager.GetCurrentUser();
 
string redirectUrl = GetRedirectUrl();
if (!string.IsNullOrEmpty(redirectUrl) && redirectUrl.StartsWith("/sitefinity"))
    Response.Redirect("~/Sitefinity/login.aspx?ReturnUrl=" + redirectUrl);
 
if (user.Identity.IsAuthenticated)
    Response.Redirect(FormsAuthentication.DefaultUrl, true);
 
if (Request.QueryString["aspxerrorpath"] != null)
    Response.Redirect(Request.RawUrl.Replace("aspxerrorpath", "ReturnUrl"));

private string GetRedirectUrl()
    HttpContext context = HttpContext.Current;
    string returnUrl = context.Request.QueryString["ReturnUrl"];
    if (returnUrl == null)
    
        return loginControl.DestinationPageUrl;
    
 
    return HttpUtility.UrlDecode(returnUrl);

Hope this helps. Let me know if you need any help setting it up.

Cheers

Posted by Community Admin on 04-Apr-2011 00:00

Hi George,

Thanks for your reply. This is nice trick but it does not work in my case. The problem is much deeper and I should have probably explained it in full.

The thing is that "aspxerrorpath" parameter attached to URL is triggered by custom error 403 set up in web.config.
If you do NOT set up custom error and just set up Forms Authentication loginUrl, no redirects will happen and you will get error saying: "The type of page you have requested is not served because it has been explicitly forbidden."

Why cannot I set 403 in custom errors routing to Login page?
Let's say I have Members and NonMembers roles and page allowed to be viewed for Members only. When user is initially anonymous and logs in as Member, everything works fine. But when user logs in as NonMember he is redirected back to Login page since he has no permissions to view this page. Login page just displays him Welcome message and Sign Out link which makes completely no sence in this case.

So, 403 in custom errors should navigate to some page with simple message "Permissions denied". While redirection to login page must be triggered by something else, not by Custom Errors section.

In all Sitefinity 3.x apps as well as in all non-Sitefinity apps I am working on, I just set loginUrl for Forms Authentication in web.config and it works.
As for Sitefinity 4.0 I have no idea where it should be set up.

Thanks.

Posted by Community Admin on 05-Apr-2011 00:00

Hello,

This feature (of handling the aspxerrorpath in the error pages) is not implemented at this time.
We logged a task  pending to be implemented on Q2.

Best wishes,
Ivan Dimitrov
the Telerik team


Posted by Community Admin on 12-Dec-2014 00:00

Hello,

My issue is not the same as described in this thread, but it's related to Forms Authentication. I'm using SF 7.1 on IIS7 and the problem is that httpErrors always override customErrors set in web.config.

Let's say I want to handle 401 error and redirect all anonymous users to login page.

If I do not set any httpErros, my customErrors are ignored and I end up getting 401 - Unauthorized IIS7 error. If I setup httpErrors in web.config I'm being correctly redirected to login page, but the problem in this case is that ReturnUrl parameter is not appended. So I cannot redirect user upon authentication since I do not know where user came from.

I also tried to setup redirect from Global.asax like in the snippet below, but with no luck as well.

Please let me know if there is any solution to this issue.

Thanks.

[quote]

void Application_Error(object sender, EventArgs e)

var currentPage = HttpContext.Current.Request.Url.ToString();

Exception ex = Server.GetLastError();

if (ex is HttpException)


HttpException httpEx = ex as HttpException;

if (httpEx.ErrorCode == 401 || httpEx.Message.ToLower().Contains("access is denied due to invalid credentials") || httpEx.Message.ToLower().Contains("you do not have permission to view this directory or page using the credentials that you supplied"))

Response.Redirect("~/login?ReturnUrl=" + currentPage);
Server.ClearError();



 

[/quote]

Posted by Community Admin on 17-Dec-2014 00:00

Hello Leo,

You have been provided answers to your question in the support ticket you have opened. Feel free to share the solution with the community.

Regards,
Pavel Benov
Telerik

 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

This thread is closed