ASP.NET authentication

Posted by Community Admin on 03-Aug-2018 23:34

ASP.NET authentication

Sitefinity - General Discussions

All Replies

Posted by Community Admin on 07-Oct-2010 00:00

Someone posted here that we can use ASP.NET login control to authenticate users. So I created one with custom membership provider. Login process work fine: control sends username and password, they are passed to ValidateUser of my custom membership class, that method returns "true", and "loggedin" event is fired (Login successed). BUT SiteFinity still says I am logged in as Anonymous and is not authenticated.


I tried using this suggestion:
SecurityManager.SetAuthenticationCookie(SystemManager.CurrentHttpContext, user.ProviderName, user, true)
but it gives me exception:
The parameter providerName could not be resolved when attempting to call constructor Telerik.Sitefinity.Security.UserManager(System.String providerName, System.String transactionName)

If I just try to instaniate UserManager like this:
UserManager man = new UserManager("Documents");
I also receive an exception:
Invalid type specified Telerik.Sitefinity.Security.Data.MembershipDataProvider

So it looks like UserManager can't work with ASP.NET compatible membership providers.

Posted by Community Admin on 08-Oct-2010 00:00

I fixed the issue by moving away from ASP.NET compatible to Sitefinity membership provider.

Posted by Community Admin on 11-Oct-2010 00:00

Hi Max,

Yes, you need a Sitefinity provider to get this working. Currently we have not added pubic controls that you can use to authenticate your users directly, because of some missing implementation. You could use LoginForm control.

Sincerely yours,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 03-Nov-2010 00:00

Max,


How exactly did you do that, if I may ask. I am having the same problem.

Many thanks,
Andrei

Posted by Community Admin on 03-Nov-2010 00:00

Ivan,


I am trying the LoginForm control. It works, authenticates the user, redirects me to the page I requested, but when getting to the page I asked, all I can see is the Login Form and nothing else. Not sure why.

Can you help,
Andrei

Posted by Community Admin on 04-Nov-2010 00:00

Hello Andrei,

Most probably the authenticated user does not have permissions for the controls on your destination page. Check the permissions over the widgets and content data that should be displayed.

All the best,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 04-Nov-2010 00:00

Ivan,


I have created a new page and left it blank with no controls on it at all. The permissions on the page are left unchanged. And it still does it.

I set the DestinationPageUrl property to ~/Briefing/test.aspx (test.aspx being the blank page) and it still does it. I go to the ~/Briefing page where the Login control is. The address bar shows: http://localhost:26339/IAA/briefing I enter thecredentials, click the Login button and a postback happens. Then the address bar shows:http://localhost:26339/IAA/Briefing/test.aspx but all I can see is the Login form, just as if I did not move from the Briefing page. Below is my code.

Also, a quick question about one of our already live systems. It used to work but not sure why it does not now. When I access the Sitefinity Admin side through the Network Load Balancing address. I get the Login page. I enter the correct Login details and then it refreshes the page and I see the Login page again (with no errors or anything). When I go directly to the Web Server hosting Sitefinity and try to login then it works. Would you know why it is not letting me through via the NLB when it used to do before? Thank you.

<%@ Control Language="VB" AutoEventWireup="false" CodeFile="LogIn.ascx.vb" Inherits="LogIn" %>
<asp:Login ID="LoginControl" runat="server" BackColor="#F7F6F3"
    BorderColor="#E6E2D8" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
    Font-Names="Verdana" Font-Size="0.8em" ForeColor="#333333" Height="16px"
    Width="331px" >
    <InstructionTextStyle Font-Italic="True" ForeColor="Black" />
    <LayoutTemplate>
        <table cellpadding="4" cellspacing="0" style="border-collapse:collapse;">
            <tr>
                <td>
                    <table cellpadding="0" style="height:168px;width:383px;">
                        <tr>
                            <td align="center" colspan="2"
                                style="color:White;background-color:#5D7B9D;font-size:medium;font-weight:bold;">
                                Log In</td>
                        </tr>
                        <tr>
                            <td align="right">
                                <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName" Font-Bold="true" Font-Size="Medium">User Name: </asp:Label>
                            </td>
                            <td>
                                <asp:TextBox ID="UserName" runat="server" Font-Size="Medium" Width="180px"></asp:TextBox>
                                <asp:RequiredFieldValidator ID="UserNameRequired" runat="server"
                                    ControlToValidate="UserName" ErrorMessage="User Name is required."
                                    ToolTip="User Name is required." ValidationGroup="ctl00$LoginControl">*</asp:RequiredFieldValidator>
                            </td>
                        </tr>
                        <tr>
                            <td align="right">
                                <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password" Font-Bold="true" Font-Size="Medium">Password: </asp:Label>
                            </td>
                            <td>
                                <asp:TextBox ID="Password" runat="server" Font-Size="Medium" TextMode="Password"
                                    Width="180px"></asp:TextBox>
                                <asp:RequiredFieldValidator ID="PasswordRequired" runat="server"
                                    ControlToValidate="Password" ErrorMessage="Password is required."
                                    ToolTip="Password is required." ValidationGroup="ctl00$LoginControl">*</asp:RequiredFieldValidator>
                            </td>
                        </tr>
                        <tr>
                            <td align="center" colspan="2" style="color:Red;">
                                <asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
                            </td>
                        </tr>
                        <tr>
                            <td align="right" colspan="2">
                                <asp:Button ID="LoginButton" runat="server" BackColor="#FFFBFF"
                                    BorderColor="#CCCCCC" BorderStyle="Solid" BorderWidth="2px" CommandName="Login"
                                    Font-Names="Verdana" Font-Size="Medium" ForeColor="#284775" Text="Log In"
                                    ValidationGroup="ctl00$LoginControl" Width="68px" />
                            </td>
                        </tr>
                    </table>
                </td>
            </tr>
        </table>
    </LayoutTemplate>
    <LoginButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC" BorderStyle="Solid"
        BorderWidth="1px" Font-Names="Verdana" Font-Size="Medium" ForeColor="#284775" />
    <TextBoxStyle Font-Size="Medium" />
    <TitleTextStyle BackColor="#5D7B9D" Font-Bold="True" Font-Size="Medium" ForeColor="White" />
</asp:Login>
 
 
 
 
Imports Telerik.Sitefinity.Web.UI
Imports Telerik.Sitefinity.Security
Imports Telerik.Sitefinity.Services
 
Partial Class LogIn
    Inherits System.Web.UI.UserControl
    Private _destinationPageUrl As String = "~/Default.aspx"
 
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Dim username As String = HttpContext.Current.User.Identity.Name
        SecurityManager.SetAuthenticationCookie(SystemManager.CurrentHttpContext.Response, Membership.GetUser(username).ProviderName, username, False)
        LoginControl.DestinationPageUrl = _destinationPageUrl
    End Sub
 
    Public Property DestinationPageURL() As String
        Get
            Return _destinationPageUrl
        End Get
        Set(ByVal value As String)
            _destinationPageUrl = value
        End Set
    End Property
 
End Class

Posted by Community Admin on 04-Nov-2010 00:00

Hello Andrei,

1. Remove the .aspx from the destination page. The url should be ~/Briefing/test

2. The second issue, it generally occurs if you use IIS7 and the managed modules are not enabled.

Best wishes,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 04-Nov-2010 00:00

Ivan,


I took .aspx off and checked the IIS version which is 5.1 (Windows XP SP3).

Still the same thing only now the address bar shows: localhost:26339/.../test

Many thanks,
Andrei

Posted by Community Admin on 04-Nov-2010 00:00

Hi Andrei,

I prepared a short video for you.

Best wishes,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 04-Nov-2010 00:00

Ivan,


That's exactly what I am doing and still does not work. 
However, I have created another Project quickly and tested it and it worked. So why it would not work with one but the other I do not know. I know I changed the permissions at one point but then I changed them back. Could it be that they did not change back properly?

Anyway, thank you very much for the video, it proves that there is nothing wrong with the code.

One thing though. It works when I am logged in the Admin Side. If I log off from the Admin Side and navigate to the Login screen page and try to log in, I get an error (below). It seems to work only when I am logged in the Admin Side.

Server Error in '/quicktest' Application.

Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error: 

Line 10:     Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Line 11:         Dim username As String = HttpContext.Current.User.Identity.Name
Line 12:         SecurityManager.SetAuthenticationCookie(SystemManager.CurrentHttpContext.Response, Membership.GetUser(username).ProviderName, username, False)
Line 13:         LoginControl.DestinationPageUrl = _destinationPageUrl
Line 14:     End Sub

Source File: C:\Program Files\Copperchase\quicktest\Controls\LogIn.ascx.vb    Line: 12 

Stack Trace: 

[NullReferenceException: Object reference not set to an instance of an object.]
   LogIn.Page_Load(Object sender, EventArgs e) in C:\Program Files\Copperchase\quicktest\Controls\LogIn.ascx.vb:12
   System.Web.UI.Control.OnLoad(EventArgs e) +65
   System.Web.UI.Control.LoadRecursive() +98
   System.Web.UI.Control.LoadRecursive() +168
   System.Web.UI.Control.LoadRecursive() +168
   System.Web.UI.Control.LoadRecursive() +168
   System.Web.UI.Control.LoadRecursive() +168
   System.Web.UI.Control.LoadRecursive() +168
   System.Web.UI.Control.LoadRecursive() +168
   System.Web.UI.Control.LoadRecursive() +168
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3493

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1

Posted by Community Admin on 04-Nov-2010 00:00

Hello Andrei,

You have added you code inside Page_Load and you are calling Membership.GetUser(username). When you are not authenticated there is no user in the context. This code should go inside  LoggedIn and Authenticate events

this.Login1.LoggedIn += new EventHandler(Login1_LoggedIn);
this.Login1.Authenticate += new AuthenticateEventHandler(Login1_Authenticate);

Also, you are not making any check for null exceptions.

Kind regards,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 05-Nov-2010 00:00

Ivan,


Sorry, that was a bit silly of me. Having all in the Load event. Have not had loads of dealings with Login Controls before and hence unsure how much stuff is done for me. Ok its working now. Its taking me through, but as an Anonymous user. I have an asp:LoginName control on the DestinationPageUrl which shows Anonymous. My code is below. Many thanks,
Andrei
Imports Telerik.Sitefinity.Web.UI
Imports Telerik.Sitefinity.Security
Imports Telerik.Sitefinity.Services
 
Partial Class LogIn
    Inherits System.Web.UI.UserControl
    Private _destinationPageUrl As String = "~/Default.aspx"
 
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        LoginControl.DestinationPageUrl = _destinationPageUrl
    End Sub
 
    Public Property DestinationPageURL() As String
        Get
            Return _destinationPageUrl
        End Get
        Set(ByVal value As String)
            _destinationPageUrl = value
        End Set
    End Property
 
    Protected Sub LoginControl_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles LoginControl.Authenticate
        If Membership.ValidateUser(LoginControl.UserName, LoginControl.Password) Then
            e.Authenticated = True
        Else
            e.Authenticated = False
            LoginControl.FailureText = "Authentication failed. Please try again."
        End If
    End Sub
 
    Protected Sub LoginControl_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles LoginControl.LoggedIn
        Try
            Dim username As String = HttpContext.Current.User.Identity.Name
            SecurityManager.SetAuthenticationCookie(SystemManager.CurrentHttpContext.Response, Membership.GetUser(username).ProviderName, username, False)
        Catch ex As Exception
            'TODO:Raise apropriate exception.
        End Try
    End Sub
 
End Class

Posted by Community Admin on 09-Nov-2010 00:00

Ivan,


Any more thoughts? I have tried everything and getting 'Anonymous' still. My latest 'LoggedIn' code is:
Protected Sub LoginControl_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles LoginControl.LoggedIn
    Try
        Dim userName As String = LoginControl.UserName
        If CountUsers Then
            If Not Me.IsBackend OrElse Not Me.IsDesignMode Then
                CountUserIn(userName)
            End If
        End If
 
        'set the authentication cookie.
        Dim user As Model.User = CType(Membership.GetUser(userName), Model.User)
        SecurityManager.SetAuthenticationCookie(SystemManager.CurrentHttpContext.Response, user.ProviderName, user, False)
 
        'just for test to see if cookie being set.
        Dim curruser As String = SecurityManager.GetCurrentUserName
    Catch ex As Exception
        'TODO:Raise apropriate exception.
    End Try
End Sub

For test purposes I am getting the current user 'curruser' in the code above straight after setting the cookie and it returns 'Anonymous'. I am running the website in design mode and there are no errors. Returns the correct user when I check the 'user' variable.

I would appreciate your input if possible.

Many thanks,
Andrei




Posted by Community Admin on 11-Nov-2010 00:00

Hello Andrei,

Please take a look at this post. where I sent a reply.

Best wishes,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed