Programmatic login not acknowledging all roles user is in.

Posted by Community Admin on 04-Aug-2018 12:37

Programmatic login not acknowledging all roles user is in.

Sitefinity - Front- & Back-End Development

All Replies

Posted by Community Admin on 13-Mar-2014 00:00

As part of a paid membership system we have set up, I'm trying to programmatically log a user in once they've purchased a membership product through the standard sitefinity ecommerce checkout process.

Firstly, when somebody purchases a membership, they are (programmatically) added to a role called "PaidUser" which has been created via the backend. I am then able to programmatically log them in using a call to the SecurityManager.AuthenticateUser method.

The problem is that the programmatic login doesn't seem to acknowledge that fact that the user is in the "PaidUser" role.

Below is a simplified snippet of what I'm trying to achieve:

01.protected void btnUserLogin_Click(object sender, EventArgs e)
02.
03. 
04.    //Try to log "PaidUser" in.
05.    UserLoggingReason validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), txtUserName.Text, txtPassword.Text, true);
06.    if (validate == UserLoggingReason.Success)
07.    
08. 
09.        UserManager userManager = UserManager.GetManager();
10. 
11.        ClaimsIdentityProxy identity = ClaimsManager.GetCurrentIdentity();
12.        User user = userManager.GetUser(identity.UserId);
13. 
14.        RoleManager roleManager = RoleManager.GetManager();
15.        if (roleManager.IsUserInRole(user.Id, Globals.Roles.PaidUser))
16.        
17. 
18.            //Permissions have been set on the redirect page below to only allow access to users in the "PaidUser" role.
19.            //When this User is redirected however, they're greeted with a "This type of page is not served" error.
20.            Response.Redirect("/member-admin/my-profile");
21. 
22.        
23. 
24.    
25. 
26.
 

 Even though the user is in the PaidUser role, they are denied access to a page that is only visible to users in the PaidUser role.

If I use the built-in Login widget, everything works fine. But using the code above doesn't work.

I am using version 6.1 and testing in Visual Studio 2010. I have read this post and thus have the project configuered to use "Use Local IIS Web server" and "Use IIS Express" settings.

Any help would be appreciated. Thanks.

Posted by Community Admin on 15-Mar-2014 00:00

Anyone?

Posted by Community Admin on 18-Mar-2014 00:00

Hello Gavin,

I have tested this custom login and it works fine:

<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="CustomLogin.ascx.cs" Inherits="SitefinityWebApp.Examples.CustomLogin" %>
 
<asp:Panel ID="loginWidgetPanel" runat="server" DefaultButton="LoginButton">
    User:
    <asp:TextBox runat="server" ID="User" />
    Pass:
    <input type="password" name="Password" value="" runat="server" ID="Pass" /><br />
    <asp:CheckBox Text="Remember me" runat="server" ID="Remember" />
    <br />
    <asp:Button Text="Login" runat="server" ID="LoginButton" OnClick="OnLoginClick_Click" />
</asp:Panel>

protected void OnLoginClick_Click(object sender, EventArgs e)
        
            var userName = this.User.Text;
            var pass = this.Pass.Value;
            var remember = this.Remember.Checked;
 
            UserLoggingReason validate = SecurityManager.AuthenticateUser(null, userName, pass, remember);
 
            if (validate == UserLoggingReason.Success)
            
 
                UserManager userManager = UserManager.GetManager();
 
                ClaimsIdentityProxy identity = ClaimsManager.GetCurrentIdentity();
                User user = userManager.GetUser(identity.UserId);
 
 
                var userIdentity = ClaimsManager.GetCurrentIdentity();
                bool isAuthenticated = userIdentity.IsAuthenticated;
 
 
                RoleManager roleManager = RoleManager.GetManager();
                if (roleManager.IsUserInRole(user.Id, "PaidUser"))
                
 
                    //Permissions have been set on the redirect page below to only allow access to users in the "PaidUser" role.
                    //When this User is redirected however, they're greeted with a "This type of page is not served" error.
 
 
                    Response.Redirect("/paiduser");
                
                else
                
                    // Add the profile just for the test
                    AddUserToRoles(userName, "PaidUser", roleManager, userManager);
                    Response.Redirect("/paiduser");
                
 
            
             
        
 
        public static void AddUserToRoles(string userName, string roleToAdd, RoleManager roleManager, UserManager userManager)
        
            roleManager.Provider.SuppressSecurityChecks = true;
 
            if (userManager.UserExists(userName))
            
                User user = userManager.GetUser(userName);
 
                Role role = roleManager.GetRole(roleToAdd);
                roleManager.AddUserToRole(user, role);
            
 
            roleManager.SaveChanges();
            roleManager.Provider.SuppressSecurityChecks = false;
        

I have created the role in the backend in advanced and gave a View permission to that page of that role only.

Regards,
Svetoslav Manchev
Telerik
 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

This thread is closed