Supposed to go live tomorrow, found an intermittent login is

Posted by Community Admin on 19-Dec-2012 00:00

Need some serious help. We're supposed to go live tomorrow and I can't figure this out. Intermittently when you login then navigate to another page within the site, when the page loads you are no longer logged in. It doesn't happen all the time. Below is my code for a custom login control. It resides on a master page. Also, this behavior has been seen regardless of what page you login from.

Can someone please help?

web.config

<authentication mode="Forms"/>

login.ascx.cs

protected void LoginButton_Click(object sender, System.Web.UI.ImageClickEventArgs e)

if (Page.IsValid)

var authenticationMode = Config.Get<SecurityConfig>().AuthenticationMode;

var userEmail = (TextBox)LoginView1.FindControl("txtUserEmail");

var password = (TextBox)LoginView1.FindControl("txtPassword");

if (AuthenticationMode.Forms == authenticationMode)

var userManager = UserManager.GetManager("Default");

userManager.Provider.SuppressSecurityChecks = true;

var user = userManager.GetUserByEmail(userEmail.Text.Trim());

if (user != null)

var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), user.UserName, password.Text.Trim(), false);

userManager.SaveChanges();

userManager.Provider.SuppressSecurityChecks = false;

if (validate == UserLoggingReason.UserAlreadyLoggedIn)

SecurityManager.Logout(UserManager.GetDefaultProviderName(), user.Id);

validate = SecurityManager.AuthenticateUser(null, user.UserName, user.Password, true);

if (validate == UserLoggingReason.Success)

FormsAuthentication.SetAuthCookie(user.UserName, true);

Response.Redirect(HttpContext.Current.Request.Url.AbsoluteUri, true);

else

var failureText = (Label)LoginView1.FindControl("FailureText1");

failureText.Text = "<center>The username/email or password is incorrect</center>";

failureText.Visible = true;

else

var failureText = (Label)LoginView1.FindControl("FailureText1");

failureText.Text = "<center>The username/email or password is incorrect</center>";

failureText.Visible = true;

Posted by Community Admin on 19-Dec-2012 00:00

I've found something like this where if you load multiple tabs at the same time, especially on a build (iis reset)

It'll throw me back to login on one of the tabs

Posted by Community Admin on 19-Dec-2012 00:00

I'm not doing anything like that. Just logging in then going to another page within the site. I was hoping adding the following in the web.config would fix it but it did not.

<forms timeout="129600" name=".Sitefinity" protection="All" slidingExpiration="true" loginUrl="~/" cookieless="UseCookies"/>

Posted by Community Admin on 21-Dec-2012 00:00

Hi,

I can see that you call FormsAuthentication.SetAuthCookie. SecurityManager.AuthenticateUser sets cookie internally for UserLoggingReason.Success. Try without it, it might be causing the problems.

As a side note: Please, use ElevatedModeRegion instead of SuppressSecurityChecks. This will guarantee that SuppressSecurityChecks is restored to its original value. Otherwise Sitefinity might skip some permissions checking.

Regards,
Boyko Karadzhov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 21-Dec-2012 00:00

Thanks Boyko. Removing FormsAuthentication.SetAuthCookie fixed it.

This thread is closed

All Replies