Role Caching Issue
We are currently evaluating Sitefinity for use on a project and I am running into an issue.
We need both a custom membership provider and a custom role provider - which I have created and seem to be working.
We have a requirement that certain user behaviours dynamically change the roles assigned to them (while they are visiting the site). This part is working fine..
However, when we have content with permissions set for specific roles, the user can not view content even after receiving the appropriate roles. If the user logs out and back in, the content is now available.
So, it seems that Sitefinity is caching user roles/permissions or the content displayed to users somehow. I attempted to turn off output caching to see if this was the issue, but this made no difference.
Is there a way to either invalidate the cache or turn off role caching (if it does this).. or somehow force content blocks to always render content according to the user's current permissions??
Hi Mark,
I noticed the same behavior recently. Support confirmed to me that permissions aren't cached by Sitefinity. I did finally see the correct permissions being applied; it probably happened after app pool recycling. That's all the details I have right now. Hopefully someone from Telerik can look into this for you.
When I query RoleManager.GetAllRolesOfUser(..), I always get the most recent set of roles for the user.
The content blocks still do not show/hide based on the current roles, however, so there must be permission caching at some level.
Does anyone have any insight into this? This may be a showstopper for us to choose sitefinity going forward.
I can't believe you did not get a reply on this. Or did you contact Support and got it solved that way? In that case I would be interested in how this works.
Never got a response. We ended up not choosing Sitefinity for our project and went with an open source CMS framework (N2), which I am much, much happier with.
Shame on Telerik then. Thanks for your reply and all the best with N2.
Was this ever answered? I am having exactly the same issue. In my case, I provide access to forums based on the user profile (which can change while they are logged in). The access is not updated until the user logs out then logs in again.
Hello,
Currently, when a role is assigned to a user while the user is logged in we do not update the roles cookie and the user needs to log out and then to log in again in order the user roles to be updated.
We have logged an item in our feedback portal related to this on the following link:
http://feedback.telerik.com/Project/153/Feedback/Details/138121-newly-added-roles-should-not-require-the-user-to-log-out-and-then-log-back-in
Hopefully we will add this to our product for our future releases.
You may refer to the below forum thread where the same has been discussed and try the suggestion there as a workaround until this is implemented:
http://www.sitefinity.com/developer-network/forums/ecommerce/instantly-apply-role-after-purchasing-a-product
Regards,
Sabrie Nedzhip
Telerik
I tried that as a workaround and it doesn't seem to be working for me. Is there any way to delete or recreate the role cookie from a page loaded by the user?
Hi Mark,
Please check the below KB article and try the suggested workarounds:
http://www.sitefinity.com/developer-network/knowledge-base/details/roles-assigned-to-user-while-logged-in-do-not-take-effect-before-the-user-logs-out-and-logs-in-again
Regards,
Sabrie Nedzhip
Telerik
the second option worked for me. However, you should include a sample what the "roleProvider" string is (in my case it was "Default")
var value = String.Concat(roleId, ";", roleName, ";", roleProvider);
var principal = Sitefinity.Security.Claims.ClaimsManager.GetCurrentPrincipal();
Telerik.Sitefinity.Security.Claims.ClaimsManager.SetClaim(principal.Identities[0].Claims, Telerik.Sitefinity.Security.Claims.SitefinityClaimTypes.Role, value);
Just to add to this as well... Ldap is 1000% cached and not cleared on user login. Moreover Sitefinity has refused to fix this and has instead told me to go figure it out myself with the pdb files. #Frustrated