URGENT: Programmatically Logging User Out of Existing Session (2nd post)
Hi,
I posted this question over a week ago but haven't received a (real) response yet. http://goo.gl/wRqey
We made a login box where people enter their username/pwd and then when they click go we log them in programmatically.
Here is the code we use:
SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false);
It works great, except for in one circumstance, and that is when that user is already logged in from another browser or another computer.
If you do this via the UI, you received the following warning:
Someone is already using this username and password from another computer or browser.
To proceed, you need to log him/her off.
If you click "Log the other user off and enter", it logs them off the other browser and logs them in to this browser.
We would like to do the same thing, but all in code. If they use our login window, we want to execute whatever code comes after the above warning. We want them logged out of any other location and logged in on this browser/session.
What code do we need to add that will make it so they get logged out of other locations?
Here's a scenario. I login at home on one browser. Then go to work and try to log in with the same user/password. Your control sees I didn't logout at home and asks if I want the program to log my home account out. I say yes and then I'm logged in.
I need to be able to do that same thing via code. If you read my post, that's what I'm trying to do. I am trying to automatically log out ALL other times they are logged in.
I am NOT logged in on the browser at work.
Bottom line, I am trying to make my own login form that has the same behavior as your login form, but does the second step programmatically (where it just logs out other sessions).
If this isn't possible, can you please tell me how to include your login control in a template (what is the code to add the usercontrol to a .master page, and how do I add a custom template so I can style it. I only want to do this if this isn't possible as I already have the whole thing working how I want, except my control doesn't work if they are logged in on a different browser.
Please help
Ben
Ben,
Shot in the dark here, but I was able to use this to log a user off from one browser and in on another...
public void userLogIn() var username = "userone"; var password = "password"; var result = SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false); if (result != UserLoggingReason.Success) if (result == UserLoggingReason.UserAlreadyLoggedIn) Credentials creds = new Credentials(); Guid userID = new Guid(SecurityManager.CurrentUserId.ToString()); creds.MembershipProvider = Membership.Provider.Name; creds.UserName = username; creds.Password = password; SecurityManager.Logout(creds); SecurityManager.DeleteAuthCookies(); result = SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, false); Thanks you sir, exactly what we needed!
Awesome, Tim! I've been waiting a week for that exact answer for Sitefinity. Works like a charm.
The only problem now is if I'm logged into one browser as a user, then in another browser I log
in with your code (or with Sitefinity's Login control), it works perfectly, except if I try to do anything
on the first browser again I get the following error message.
This has nothing to do with your code, Tim, but with SF (was getting the error when doing it via SF before)
Any ideas, Sitefinity or Tim or anyone else who has seen this?
Server Error in '/' Application.
Unable to cast object of type 'System.Web.Security.RolePrincipal' to type 'Telerik.Sitefinity.Security.SitefinityPrincipal'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidCastException: Unable to cast object of type 'System.Web.Security.RolePrincipal' to type 'Telerik.Sitefinity.Security.SitefinityPrincipal'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidCastException: Unable to cast object of type 'System.Web.Security.RolePrincipal' to type 'Telerik.Sitefinity.Security.SitefinityPrincipal'.]
Telerik.Sitefinity.Web.SiteMapBase.IsAccessibleToUser(HttpContext context, SiteMapNode node) +232
Telerik.Sitefinity.Web.SitefinitySiteMap.IsAccessibleToUser(HttpContext context, SiteMapNode node) +67
System.Web.SiteMapNode.IsAccessibleToUser(HttpContext context) +17
Telerik.Sitefinity.Web.SitefinityRoute.CheckSecurity(HttpContextBase httpContext, PageSiteNode node) +53
Telerik.Sitefinity.Web.SitefinityRoute.GetRouteData(HttpContextBase httpContext) +640
System.Web.Routing.RouteCollection.GetRouteData(HttpContextBase httpContext) +287
System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context) +60
System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender, EventArgs e) +86
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.237
Ben,
Can you check your web.config and verify the line below?
<roleManager enabled="false" />This seems to only work for Administrators. If I try this code with a user that isn't in any role I always end up with 'result' returning 'Success'. Has anyone else experienced this?