asp.net Forms Authentication Issue - Sitefinity - Front- & Back-End Development

All Replies

Posted by Community Admin on 06-Dec-2011 00:00

Hello Everyone,
I am having an issue with my forms authentication with Sitefinity 4.3. What I am trying to do is create a public/private website. The public section is one page and the private section is one page. I have an ASP.Net Login Control on the public section and set up everything in Web.Config to secure the private section.

Web.Config

<authentication mode="Forms">

<forms name=".ASPXAUTH" protection="All" loginUrl="/Default" defaultUrl="/LoggedIn" />

</authentication

>


<location path="LoggedIn">
  <system.web>
  <authorization>
    <deny users="?"/>
  </authorization>
  </system.web>
</location>

I also set up the Authentication method to control how a user gets authenticated.

protected void Page_Load(object sender, EventArgs e)

this.Login1.Authenticate += Login1_Authenticate;

accountService = new AccountService();

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

e.Authenticated = true;

Login1.FailureText = "There was an error";

FormsAuthentication.SetAuthCookie(HttpContext.Current.User.Identity.Name, Login1.RememberMeSet);

Response.Redirect(""); // Private URL Redirection

I am automatically authenticating a user in the above method, but that is only for testing.

Currently, it does not appear that the Authenticate method above ever gets hit. If I comment out the cookie generation it should not create a cookie, but it still does. I am baffled. It creates a cookie, but doesn't authorize me to go to the private section. I have been building ASP.Net websites for years and this is the first time that I am stumped on access control. =(

If anyone could help me, I would greatly appreciate it.

Thank you,
Tim

Posted by Community Admin on 09-Dec-2011 00:00

Hi Rushman,

Did you try adding this to your Global.asax.cs file:

protected void Application_Error(object sender, EventArgs e)

var currentPage = HttpContext.Current.Request.Url.ToString();

Exception ex = Server.GetLastError();

if (ex is HttpException)

HttpException httpEx = ex as HttpException;

if (httpEx.Message == "You are not authorized to access this page")

Response.Redirect("~/login-page?ReturnUrl=" + currentPage);

Server.ClearError();

This should redirect you to the ~/login-page when you try to access the private section. You can authenticate the user using one of the overloads of

SecurityManager.AuthenticateUser()

Best wishes,
Lubomir Velkov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 12-Dec-2011 00:00

Lubomir,

Thank you for your reply, but I am not having an issue with stopping someone from getting to the private section, the issue that I am having is that when I log in I am not being redirected to the private section.

When I enter my username and password (both good and I know that they work), I get an authentication cookie created, but the system redirects me back to the 'Login' page (the public section) and in the Url I get this: /Default?ReturnUrl=%2fLoggedIn.

If I am authenticated, then why aren't I able to see the private section (LoggedIn)? Is there a special way for me to use ASP.Net Forms Authentication with Sitefinity? Do I have to use Sitefinity to authenticate? If so how do I authenticate 2000+ users?

Any help would be greatly appreciated.

Thanks,
Tim

Posted by Community Admin on 15-Dec-2011 00:00

Hi Tim,

You can allow only certain roles to access a certain page. If you are logged in but not a member of the allowed role, using the code I sent you you should get a hit on Application_Error, where you should be redirected to your login page. If you use our standard Login control, passing the following parameter to the page with the control - ReturnUrl=<yoururl> will trigger an automatic redirect to this page after a successful login.

All the best,
Lubomir Velkov
the Telerik team

This thread is closed