Authenticate user in Sitefinity 4.0
Hello,
Working for a long time with Sitefinity 3.x it was enough to set programmatically FormsAuthentication cookie and Sitefinity treated the user properly, allowing access to the CMS pages according to permissions set.
Now I started working with SF 4.0 and I found out that user authentication is different and FormsAuthentication cookie is no longer enough.
My attempt was to replicate in my login module what SF does. I need custom login module since I authenticate user against client Association Management System (AMS) database and then check if user exists in Sitefinity (CMS). If no, I add user to CMS and set authentication cookies, if yes, update user info, if necessary, and set cookies.
So, for the user existing in SF if I login using SF login page (~/Sitefinity/login) it sets the following cookies:
ASPXAUTH
SFAUTH
SFROLES
and I can access restricted page in CMS.
From my login module, I use the following code to set the same cookeis:
SecurityManager.AuthenticateUser("Default", tbUsername.Text.Trim, tbPassword.Text, False)
FormsAuthentication.SetAuthCookie(tbUsername.Text.Trim,
False)
Response.Redirect(
"/testpageWithRestrictedPermissions")
Hi
Have a look at this thread:
http://www.sitefinity.com/devnet/forums/sitefinity-4-x/general-discussions/programmatic-login.aspx
It worked for me. When I have a chance I'll have a look at the code and see what is different in yours.
Matt
Hi Matt,
Thanks for the reply.
I saw this post. It's related to beta 2 version, and I am using final release. Do not know if anything was changed in Telerik assemblies since then, but SecurityManager.SetAuthenticationCookie
is not accessible for me. I can call SecurityManager.
AuthenticateUser instead.
Am I missing anything in references?
Imports
Telerik.Sitefinity.Security
Imports
Telerik.Sitefinity.Model
Imports
Telerik.Sitefinity.Security.Model
Hi ,
You have to use AuthenticateUser , because the other method was made internal. You cannot use SetAuthenticationCookie.
Best wishes,
Ivan Dimitrov
the Telerik team
Hi,
I am facing the same issue logged here. i tried AuthenticateUser and then SetAuthCookie(username, False) but no luck.
whether the problem was resolved for Developer and i am interested to know what was the resolution.
Your help appreciated. Thanks in advance.
Regards
Sham.
Hi Sham,
Use the following code.
Imports Telerik.Sitefinity.Security
Imports Telerik.Sitefinity.Model
Imports Telerik.Sitefinity.Security.Model
Private Function UserLogin(ByVal strFirstName As String, ByVal strLastName As String, ByVal strUserName As String, ByVal strPassword As String, ByVal strEmail As String) As String
Dim strRetVal As String = ""
Dim usrMngr As UserManager = UserManager.GetManager()
Dim roleMngr As RoleManager = RoleManager.GetManager("AppRoles")
usrMngr.Provider.SuppressSecurityChecks = True
roleMngr.Provider.SuppressSecurityChecks = True
Dim dtNow As DateTime = DateTime.UtcNow
Dim ip As String = HttpContext.Current.Request.UserHostAddress
Dim objUser As User
objUser = usrMngr.GetUser(strUserName)
If Not objUser Is Nothing Then
objUser.IsLoggedIn = False
usrMngr.SaveChanges()
End If
objUser.FirstName = strFirstName
objUser.LastName = strLastName
objUser.Email = strEmail
objUser.Password = strPassword
objUser.IsApproved = True
objUser.LastLoginIp = ip
objUser.LastLoginDate = dtNow
objUser.LastActivityDate = dtNow
usrMngr.SaveChanges()
Dim validate As UserLoggingReason
validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), strUserName, strPassword, False, objUser)
strRetVal = validate.ToString
Return strRetVal
End Function
This function will return "SUCCESS" for authenticated user.
Hi,
Thank you for the code snippet. I am already using AuthenticateUser Method and everything seems fine. "Success" is returned and i see that user Online but somehow the cookie is not getting generated by FormAuthentication.SetAuthCookie(User, False). Since Cookie is not generated when visit /Sitefinity/Login i have been asked to provide user name password but i am expecting i will be logged in automatically.
but when manually i login to Sitefinity the cookie is generated properly. I am not sure what step i am missing but same logic works well with 3.7. my sitefinity version is 4.0 SP1 and i am not using 4.1 right now.
Hi ,
When the user is authenticated and if you get success then you should have the cookies in the CookieCollection. The problem might appear if you do not add these cookies to the cookie container of the current request
request.CookieContainer = new CookieContainer();
It depends on whether you are using the same application or there is some routing, because the cookies are valid only in the scope of one domain name. If you are working in the context of the same domain, after you authenticate a user you should make another request that contains the cookies you get from the first request.
Kind regards,
Ivan Dimitrov
the Telerik team
Hello,
Might be the wrong thread for this question, but I need to find out how I can
check if a user is already logged on somewhere else? Currently I am only
checking if the credentials are ok, but even if they are ok, the user still
gets bounced off if s/he is logged on somewhere else, it seems. If that
is the case then I want to give a meaningful message to the user, or
log the user off from the other location and log him on locally.
Many thanks,
Andrei
Hello Andrei,
The Telerik.Sitefinity.Security.Model.User has a property IsLoggedIn that shows whether the user is online or not.
Greetings,
Ivan Dimitrov
the Telerik team
Ivan,
This is what I have:
// get the current user
var user = Telerik.Sitefinity.Security.SecurityManager.GetCurrentUser();
if (!user.Identity.IsAuthenticated)
Response.Redirect("~/Briefing?info=User was not authenticated.");
Pseodo Code
-----
If (user.IsOnline)
Log him off from whereever,
Log him on locally,
Else if (!user.IsAuthenticated)
Bounce him!
Ignore my earlier request, I am taking a different approach.
Thanks
Andrei
I encountered this problem where I could authenticate correctly using the login page, but during membership creation, and redirection, it did not authenticate correctly, even though the cookies were present.
if
(roleMgr.RoleExists(Rolename))
// use Role Manager's ADD method and GetRole method
roleMgr.AddUserToRole(user, roleMgr.GetRole(Rolename));
roleMgr.SaveChanges();
var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), CreateUserWizard1.UserName, CreateUserWizard1.Password,
true
);
bool
authenticated = (validate == UserLoggingReason.Success);
I encountered this problem where I could authenticate correctly using the login page, but during membership creation, and redirection, it did not authenticate correctly, even though the cookies were present.
if
(roleMgr.RoleExists(Rolename))
// use Role Manager's ADD method and GetRole method
roleMgr.AddUserToRole(user, roleMgr.GetRole(Rolename));
roleMgr.SaveChanges();
var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), CreateUserWizard1.UserName, CreateUserWizard1.Password,
true
);
bool
authenticated = (validate == UserLoggingReason.Success);