Programmatically authenticated user unable to view pages

Posted by Community Admin on 04-Aug-2018 01:14

Programmatically authenticated user unable to view pages

All Replies

Posted by Community Admin on 30-May-2012 00:00

Hi,

The following problem has been a brick wall for us for a couple of weeks
now. Telerik are trying to help, but I am hoping to expedite things by
crowd sourcing.


We have some code that programmatically authenticates a user:
//-------------------

protected void Page_Load(object sender, EventArgs e)
UserManager manager = UserManager.GetManager();
  
var objUser = manager.GetUser("theuser"); //Curious -objUser never gets used?
  
var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), "theuser", "password", true);
bool authenticated = validate == UserLoggingReason.Success;
  
manager.Provider.SuppressSecurityChecks = true;
manager.SaveChanges();
  
//Set Auth. cookie per suggestion from Telerik
FormsAuthentication.SetAuthCookie("theuser", true);
if (authenticated)
Trace.Write("Page_Load: authenticated: " + authenticated);
Trace.Write("Page_Load: User.Identity.Name: " + User.Identity.Name);
if (Request["returnUrl"] == null)
else
Response.Redirect(Request["returnUrl"]);
else
Response.Write("authenticated: " + authenticated.ToString());

//--------------------




 When I run this, "validate" has the value UserLoggingReason.Success, so
the user is successfully authenticated. After this, the user is redirected
to the site's home page: ~/Home.

Problem: When the page loads it shows a 403 error:

This type of page is not served.
Description: The type of page you have requested is not served because it has been explicitly forbidden.
Please review the URL below and make sure that it is spelled correctly.
Requested URL: /sites/demo/Home

The user was created in Sitefinity using the CMS and is assigned to the Role "Users".
The site has permissions for all pages set to:
View pages (?): Users
The Page /Home, inherits permissions from all pages.
The root of the sitefinity application is in /sites.

It would appear that the user does not have permission to view the page.
However, if I log in with the account through the sitefinity CMS interface, and
navigate to Home.aspx, I can view it fine.

Why can't the logged in user see the page when viewing via a redirection
after being logged in programmatically?

Cheers,
Geoff

Posted by Community Admin on 30-May-2012 00:00

Geoff,

This post seems promising! :)

Posted by Community Admin on 30-May-2012 00:00

Hi Tim,
Thanks for response.

Yes I had read and re-read that thread till I was near blind.
Thought I was going mad. In fact the answer is that those
are all for FormsAuthentication. That method doesn't work
for the new claims based authentication.

Telerik gave me the solution this morning. I show how its done
below. The weird part (to me anyway) is how they check for a
successful login. It seems to use a test request back to the server.
Not very efficient. I have asked them about this.

Cheers,
Geoff

AuthenticationMode authMode = Config.Get<SecurityConfig>().AuthenticationMode;
Trace.Write("Page_Load: authMode: " + authMode);
 
if (Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Forms == authMode)
    User objUser = manager.GetUser(strUser);
    UserLoggingReason validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), strUser, strPwd, false);
    manager.Provider.SuppressSecurityChecks = true;
    manager.SaveChanges();
 
    if (validate == UserLoggingReason.Success)
    
        //'We are now authenticated, tell formSecurity, and create the session cookie
        Trace.Write("Page_Load: logged in with Forms authentication");
 
        FormsAuthentication.SetAuthCookie(strUser, false);
 
        if (Request["returnUrl"] == null)
            Response.Redirect(strURL);
        else
            Response.Redirect(Request["returnUrl"]);
    
else if (Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Claims == authMode)
    //Set claims authentication token. New in sitefinity 5.0
    HttpWebRequest tokenRequest = (HttpWebRequest)HttpWebRequest.Create(SitefinityClaimsAuthenticationModule.Current.GetIssuer());
    tokenRequest.Headers.Add("deflate", "true");
    tokenRequest.Headers.Add("realm", SitefinityClaimsAuthenticationModule.Current.GetRealm());
    tokenRequest.Headers.Add("wrap_name", strUser);
    tokenRequest.Headers.Add("wrap_password", strPwd);
 
    HttpWebResponse issuerResponse = (HttpWebResponse)tokenRequest.GetResponse();
    if (HttpStatusCode.Unauthorized != issuerResponse.StatusCode) //else authentication is failed
    
        Trace.Write("Page_Load: logged in with Claims authentication");
        using (StreamReader responseStream = new StreamReader(issuerResponse.GetResponseStream()))
        
            string token = responseStream.ReadToEnd();
            Response.Redirect(strURL +"?"+ token);
        
    

Posted by Community Admin on 01-Aug-2012 00:00

One extra thing to note to Geoff's post above about authenticating for Claims based auth, if you are using a custom membership provider, you need to change the the provider via the sf_domain header property for Claims Based auth'

tokenRequest.Headers.Add("sf_domain", "CustomProviderName");

Posted by Community Admin on 20-Sep-2012 00:00

I have 5.1.3270 installed and it's telling me the SitefinityClaimsAuthenticationModule is deprecated.  Can anyone enlighten me as to the new class names?  Is it part of ClaimsManager?  Where is this documented???  Guess I'll open a support ticket too.

Posted by Community Admin on 21-Sep-2012 00:00

Hi guys,

In Sitefinity 5.1 SP2 there is a fix which allows to use the code below and it will leave an authentication cookie without workarounds. It will work fine in both Claims authentication mode (the default one for Sitefinity) and Forms mode.

SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), "theuser", "password", true);

I hope you will enjoy it.

Regards,
DimBo
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 11-Oct-2012 00:00

When switching out to use the single line authentication call I get the following error:

Type 'Telerik.Sitefinity.Security.UserIdentity' in assembly 'Telerik.Sitefinity, Version=5.1.3450.0, Culture=neutral, PublicKeyToken=b28c218413bdf563' is not marked as serializable.

Posted by Community Admin on 19-Oct-2012 00:00

Did you find a solution for this error ?

I have the same problem.

Posted by Community Admin on 24-Oct-2012 00:00

Hello Dominic,

The problem occurs only when running the project using Visual Studio or Sitefinity Project Manager's integrated webservers. This functionality relies on having the project run through IIS, where the exception does not occur.

Greetings,
Boyan Barnev
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 08-Dec-2012 00:00

What is the fix for this issue?

Posted by Community Admin on 08-Dec-2012 00:00

No fix.
We just can't run the website from the Visual Studio interface using "Start debugging" button. 

Boyan's answer worked immediatly for me running the project through IIS.  Just create an IIS application for your project and run from that instance (http://localhost/you_iis_app_name) and it will work.

Posted by Community Admin on 24-Apr-2015 00:00

Hello. I'm new to Sitefinity and so I decided to learn about it using a sample app from the SDK. I'm using the Telerik.Sitefinity.Samples.Quantum app. I imported it in my Visual Studio and added a web form to the project (ShowClaims.aspx) which is a page that will simply display the identity claims contained in the security token returned to the app by the STS. Here's my question: How does one go about adding a page to the app from the front end UI? I'm currently logged I the dashboard (localhost:60876/.../dashboard) which is what I call the front end UI, and I assume that would be the way to add my new page to the app. I see where I can create a new page but where do I point it to the code I entered in Studio?

Posted by Community Admin on 24-Apr-2015 00:00

Hello Patrick.

 I will answer from my experiences.

All pages that required VB/C# coding have to be done in your Visual Studio project. Either ASPX pages or as I always do, User control (ASCX).

Once your user control is working, in your VS Studio project go Under (App_Data\Sitefinity\Configuration) .. you will find a file called "ToolboxesConfig.Config".  In this file you will create a new section for all your user controls.  This will allow you to use them in your Sitefinity pages.

The new section would look like :

<add enabled="True" title="​PATRICK CONTROLS" ordinal="0" name="PATRICKCONTROLS">
<tools>
<add enabled="True" type="~/UserControls/YourControl.ascx" title="​YourControl Title" visibilityMode="None" name="YourControlName" />

</tools>
</add>

 This will add a new WIDGET section that will be available in Sitefinity when creating new pages after you republish your website.

You will then be able to drag and drop your usercontrol in the sitefinity pages.

That is how to use usercontrol in Sitefinity.  Pages made directly from Sitefinity in the backend are mainly just text/image/link content managed by non-technical people.

Hoping this helped you a little.

Don't hesitate to ask more question if needed.

Posted by Community Admin on 24-Apr-2015 00:00

By the way.  You only need to add one section for all your user control in the ToolboxesConfig.config file.

If you have 2 usercontrols, it would like like this.

 

<add enabled="True" title="​PATRICK CONTROLS" ordinal="0" name="PATRICKCONTROLS">
< tools>

< add enabled="True" type="~/UserControls/YourControl.ascx" title="​YourControl Title" visibilityMode="None" name="YourControlName" />

< add enabled="True" type="~/UserControls/YourControl2.ascx" title="​YourControl2 Title" visibilityMode="None" name="YourControlName2" />

</tools>
< /add>

 

This file can be modified directly from Sitefinity.  A Google search will help your for this.  I always preferred modifying my custom section manually directly in the file.

You will see other sections in that files.  Do not alter them.

Posted by Community Admin on 24-Apr-2015 00:00

Thx for the quick reply Dominic! You offer a solution for controls and widgets, but what about a web form (visual c#) added in Studio, how do I make use of it or see it from the dashboard UI (or the Sitefinity backend as you refer to it)?

Posted by Community Admin on 24-Apr-2015 00:00

Why don't you simply copy the design/code of your ASPX page into a ASCX usercontrol and use it in a page like I explained?

 

 

 

Posted by Community Admin on 24-Apr-2015 00:00

I could try it. I see instructions in MSDN on how to convert a code-behind ASP.NET Web page into a user control. I'll let you know how your solution works for me. Thx.

Posted by Community Admin on 24-Apr-2015 00:00

One thing Dominic: Where do I place the actual  new code files, YourControl.ascx and YourControl.ascx.cs? Where is that UserControls folder?

<add enabled="True" type="~/UserControls/YourControl.ascx" title="​YourControl Title" visibilityMode="None" name="YourControlName" />
 

Posted by Community Admin on 24-Apr-2015 00:00

Never mind! It's ​a folder in the Visual Studio project.

Posted by Community Admin on 24-Apr-2015 00:00

Yes it is a folder in VS Studio, but it does not have to have that name.  You can name the folder to whatever is meaningful to you.

Posted by Community Admin on 24-Apr-2015 00:00

Right, thx Dominic.

Btw, it might be safer to register the widget (user control) via the admin UI instead of manually editing Sitefinity's config file. See this doc on how to do this: docs.sitefinity.com/register-a-new-widget-in-the-backend

Posted by Community Admin on 24-Apr-2015 00:00

Yes maybe safer, but when you have several user controls, and multiple environnements, you would have to repeat the procedure on DEVL/TEST/PROD environnement.  Just copying the proper section of the config file is so much faster.

Posted by Community Admin on 24-Apr-2015 00:00

Agreed! Spoken like a developer who has been there, done that, and using the tool for a while!

Thx for your help Dominic.

This thread is closed