Authenticate user in Sitefinity 4.0

Posted by Community Admin on 03-Aug-2018 19:32

Authenticate user in Sitefinity 4.0

All Replies

Posted by Community Admin on 08-Mar-2011 00:00

Hello,

Working for a long time with Sitefinity 3.x it was enough to set programmatically FormsAuthentication cookie and Sitefinity treated the user properly, allowing access to the CMS pages according to permissions set.

Now I started working with SF 4.0 and I found out that user authentication is different and FormsAuthentication cookie is no longer enough.
My attempt was to replicate in my login module what SF does. I need custom login module since I authenticate user against client Association Management System (AMS) database and then check if user exists in Sitefinity (CMS). If no, I add user to CMS and set authentication cookies, if yes, update user info, if necessary, and set cookies.

So, for the user existing in SF if I login using SF login page (~/Sitefinity/login) it sets the following cookies:
ASPXAUTH
SFAUTH
SFROLES
and I can access restricted page in CMS.

From my login module, I use the following code to set the same cookeis:

SecurityManager.AuthenticateUser("Default", tbUsername.Text.Trim, tbPassword.Text, False)

 

 

FormsAuthentication.SetAuthCookie(tbUsername.Text.Trim,

False)

 

 

Response.Redirect(

"/testpageWithRestrictedPermissions")

But I cannot access restricted page, it's "explicitly forbidden".
OK. I am missing something.
I tried to go to my login page, logout and then login again. After this the restricted page is available. It's available as many times as I logout and login again, but only until I close the browser (I set non-persistent cookies).

Reopening browser window requires me to login TWICE again in order to access restricted page.

Did anybody encounter the same issue and find any solution?

Any suggestion is greatly appreciated.

Thanks a lot.

 

 

 

Posted by Community Admin on 09-Mar-2011 00:00

Hi

Have a look at this thread:
http://www.sitefinity.com/devnet/forums/sitefinity-4-x/general-discussions/programmatic-login.aspx

It worked for me. When I have a chance I'll have a look at the code and see what is different in yours.

Matt

Posted by Community Admin on 09-Mar-2011 00:00

Hi Matt,

Thanks for the reply.

I saw this post. It's related to beta 2 version, and I am using final release. Do not know if anything was changed in Telerik assemblies since then, but SecurityManager.SetAuthenticationCookie is not accessible for me. I can call SecurityManager.AuthenticateUser instead.

Am I missing anything in references?

Imports

 

Telerik.Sitefinity.Security

 

Imports

 

Telerik.Sitefinity.Model

 

Imports

 

Telerik.Sitefinity.Security.Model

 

Posted by Community Admin on 09-Mar-2011 00:00

Hi ,

You have to use AuthenticateUser , because the other method was made internal. You cannot use SetAuthenticationCookie.


Best wishes,
Ivan Dimitrov
the Telerik team

Posted by Community Admin on 28-Apr-2011 00:00

Hi,

I am facing the same issue logged here. i tried AuthenticateUser and then SetAuthCookie(username, False) but no luck.

whether the problem was resolved for Developer and i am interested to know what was the resolution.

Your help appreciated. Thanks in advance.

Regards

Sham.

Posted by Community Admin on 28-Apr-2011 00:00

Hi Sham,

Use the following code.

 

 

 

Imports Telerik.Sitefinity.Security
Imports Telerik.Sitefinity.Model
Imports Telerik.Sitefinity.Security.Model

 

Private Function UserLogin(ByVal strFirstName As String, ByVal strLastName As String, ByVal strUserName As String, ByVal strPassword As String, ByVal strEmail As String) As String
        Dim strRetVal As String = ""
  
        Dim usrMngr As UserManager = UserManager.GetManager()
        Dim roleMngr As RoleManager = RoleManager.GetManager("AppRoles")
  
        usrMngr.Provider.SuppressSecurityChecks = True
        roleMngr.Provider.SuppressSecurityChecks = True
  
        Dim dtNow As DateTime = DateTime.UtcNow
        Dim ip As String = HttpContext.Current.Request.UserHostAddress
  
        Dim objUser As User
           
        objUser = usrMngr.GetUser(strUserName)
  
            If Not objUser Is Nothing Then
                objUser.IsLoggedIn = False
                usrMngr.SaveChanges()
            End If
          
        objUser.FirstName = strFirstName
        objUser.LastName = strLastName
        objUser.Email = strEmail
        objUser.Password = strPassword
          
        objUser.IsApproved = True
        objUser.LastLoginIp = ip
        objUser.LastLoginDate = dtNow
        objUser.LastActivityDate = dtNow
  
        usrMngr.SaveChanges()
  
        Dim validate As UserLoggingReason
  
        validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), strUserName, strPassword, False, objUser)
  
        strRetVal = validate.ToString
  
       Return strRetVal
    End Function

This function will return "SUCCESS" for authenticated user.

Posted by Community Admin on 28-Apr-2011 00:00

Hi,

Thank you for the code snippet. I am already using AuthenticateUser Method and everything seems fine. "Success" is returned and i see that user Online but somehow the cookie is not getting generated by FormAuthentication.SetAuthCookie(User, False). Since Cookie is not generated when  visit /Sitefinity/Login i have been asked to provide user name password but i am expecting i will be logged in automatically.

but when manually i login to Sitefinity the cookie is generated properly. I am not sure what step i am missing but same logic works well with 3.7. my sitefinity version is 4.0 SP1 and i am not using 4.1 right now.

Posted by Community Admin on 03-May-2011 00:00

Hi ,

When the user is authenticated and if you get success then you should have the cookies in the CookieCollection.  The problem might appear if you do not add these cookies to the cookie container of the current request

request.CookieContainer = new CookieContainer();

It depends on whether you are using the same application or there is some routing, because the cookies are valid only in the scope of one domain name. If you are working in the context of the same domain, after you authenticate a user you should make another request that contains the cookies  you get from the first request.

Kind regards,
Ivan Dimitrov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 17-May-2011 00:00

Hello,

Might be the wrong thread for this question, but I need to find out how I can
check if a user is already logged on somewhere else? Currently I am only
checking if the credentials are ok, but even if they are ok, the user still
gets bounced off if s/he is logged on somewhere else, it seems. If that
is the case then I want to give a meaningful message to the user, or
log the user off from the other location and log him on locally.

Many thanks,
Andrei

Posted by Community Admin on 18-May-2011 00:00

Hello Andrei,

The Telerik.Sitefinity.Security.Model.User has a property IsLoggedIn that shows whether the user is online or not.

Greetings,
Ivan Dimitrov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 18-May-2011 00:00

Ivan,

This is what I have:

// get the current user
var user = Telerik.Sitefinity.Security.SecurityManager.GetCurrentUser();
if (!user.Identity.IsAuthenticated)
    Response.Redirect("~/Briefing?info=User was not authenticated.");

What I want is:
Pseodo Code
-----
      If (user.IsOnline)
      
             Log him off from whereever,
             Log him on locally,
      
      Else if (!user.IsAuthenticated)
      
              Bounce him!
      

I was getting issues where I enter the correct details in my own Custom Login Control and it would still bounce
me off. I expect it was because I was logged somewhere else. 

The user type you indicated in the last post is different and I am having some trouble getting it to work.

Many thanks,
Andrei

Posted by Community Admin on 18-May-2011 00:00

Ignore my earlier request, I am taking a different approach.

Thanks
Andrei

Posted by Community Admin on 15-Mar-2012 00:00

I encountered this problem where I could authenticate correctly using the login page, but during membership creation, and redirection, it did not authenticate correctly, even though the cookies were present.

The problem is all about roles. After creating a user, we redirect to a page that only allows a specific role. Even though the user is in the role, the cookie was created before the role was assigned/saved.

By moving the authentication to a point after the role is assigned/saved, the cookies now contained the correctly information about which role they are in. The redirect then worked correctly. 

     
if (roleMgr.RoleExists(Rolename))
  // use Role Manager's ADD method and GetRole method
  roleMgr.AddUserToRole(user, roleMgr.GetRole(Rolename));
  roleMgr.SaveChanges();
 
 
var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), CreateUserWizard1.UserName, CreateUserWizard1.Password, true);
bool authenticated = (validate == UserLoggingReason.Success);

Posted by Community Admin on 15-Mar-2012 00:00

I encountered this problem where I could authenticate correctly using the login page, but during membership creation, and redirection, it did not authenticate correctly, even though the cookies were present.

The problem is all about roles. After creating a user, we redirect to a page that only allows a specific role. Even though the user is in the role, the cookie was created before the role was assigned/saved.

By moving the authentication to a point after the role is assigned/saved, the cookies now contained the correctly information about which role they are in. The redirect then worked correctly. 

     
if (roleMgr.RoleExists(Rolename))
  // use Role Manager's ADD method and GetRole method
  roleMgr.AddUserToRole(user, roleMgr.GetRole(Rolename));
  roleMgr.SaveChanges();
 
 
var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), CreateUserWizard1.UserName, CreateUserWizard1.Password, true);
bool authenticated = (validate == UserLoggingReason.Success);

This thread is closed