Supposed to go live tomorrow, found an intermittent login issue
Need some serious help. We're supposed to go live tomorrow and I can't figure this out. Intermittently when you login then navigate to another page within the site, when the page loads you are no longer logged in. It doesn't happen all the time. Below is my code for a custom login control. It resides on a master page. Also, this behavior has been seen regardless of what page you login from.
Can someone please help?
web.config
<
authentication
mode
=
"Forms"
/>
protected void LoginButton_Click(object sender, System.Web.UI.ImageClickEventArgs e)
if (Page.IsValid)
var authenticationMode = Config.Get<
SecurityConfig
>().AuthenticationMode;
var userEmail = (TextBox)LoginView1.FindControl("txtUserEmail");
var password = (TextBox)LoginView1.FindControl("txtPassword");
if (AuthenticationMode.Forms == authenticationMode)
var userManager = UserManager.GetManager("Default");
userManager.Provider.SuppressSecurityChecks = true;
var user = userManager.GetUserByEmail(userEmail.Text.Trim());
if (user != null)
var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), user.UserName, password.Text.Trim(), false);
userManager.SaveChanges();
userManager.Provider.SuppressSecurityChecks = false;
if (validate == UserLoggingReason.UserAlreadyLoggedIn)
SecurityManager.Logout(UserManager.GetDefaultProviderName(), user.Id);
validate = SecurityManager.AuthenticateUser(null, user.UserName, user.Password, true);
if (validate == UserLoggingReason.Success)
FormsAuthentication.SetAuthCookie(user.UserName, true);
Response.Redirect(HttpContext.Current.Request.Url.AbsoluteUri, true);
else
var failureText = (Label)LoginView1.FindControl("FailureText1");
failureText.Text = "<
center
>The username/email or password is incorrect</
center
>";
failureText.Visible = true;
else
var failureText = (Label)LoginView1.FindControl("FailureText1");
failureText.Text = "<
center
>The username/email or password is incorrect</
center
>";
failureText.Visible = true;
I've found something like this where if you load multiple tabs at the same time, especially on a build (iis reset)
It'll throw me back to login on one of the tabs
I'm not doing anything like that. Just logging in then going to another page within the site. I was hoping adding the following in the web.config would fix it but it did not.
<forms timeout="129600" name=".Sitefinity" protection="All" slidingExpiration="true" loginUrl="~/" cookieless="UseCookies"/>
Hi,
I can see that you call FormsAuthentication.SetAuthCookie. SecurityManager.AuthenticateUser sets cookie internally for UserLoggingReason.Success. Try without it, it might be causing the problems.
As a side note: Please, use ElevatedModeRegion instead of SuppressSecurityChecks. This will guarantee that SuppressSecurityChecks is restored to its original value. Otherwise Sitefinity might skip some permissions checking.
Thanks Boyko. Removing FormsAuthentication.SetAuthCookie fixed it.