Custom Membership and Role Providers
Hi,
we began to work on a site. We need a custom system for user's rights.
I developed a custom RoleProvider, MyRoleProvider inherit SitefinityRoleProvider, and a custom MembershipProvider, MyMembershipProvider inherit SitefinityMembershipProvider.
I register this two on Administration >> Settings >> Advanced >> Security.
I edit the web.config like this :
<roleManager defaultProvider="MyRoleProvider" enabled="true">
<providers>
<clear/>
<add name="MyRoleProvider" type="Sitefinity.Tools.Security.MyRoleProvider"/>
</providers>
</roleManager>
<membership defaultProvider="MyMembershipProvider">
<providers>
<clear/>
<add name="MyMembershipProvider" type="Sitefinity.Tools.Security.MyMembershipProvider"/>
</providers>
</membership>
But during the first access of site backend (Sitefinity/Login?ReturnUrl=/Sitefinity/default.aspx), i obtains this message :
Hello Nicolas,
Have you enabled the Membership provider? I do not see enabled=True attribute
<membershipProviders>
<add description="some description" resourceClassId="" type="Sitefinity.Tools.Security.MyMembershipProvider" type:type="System.RuntimeType, mscorlib" enabled="True" name="MyMembershipProvider" />
</membershipProviders>
Regards,
Ivan Dimitrov
the Telerik team
Hi Ivan,
it's enabled i see it but only in SecurityConfig.config, i can't edit this attribute in web.config.
SecurityConfig.config :
<membershipProviders>
<add description="MyMembershipProviderDescription" resourceClassId="SecurityResources" type="Sitefinity.Tools.Security.MyMembershipProvider" type:type="System.RuntimeType, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" applicationName="Backend/" enablePasswordRetrieval="false" unrestrictedRole="administrator" createUsersIfUnknown="true" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="(?=.6,)" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" enabled="True" name="MyMembershipProvider" />
</membershipProviders>
Maybe i have to disable the Default membership ?
Regards,
Nicolas
Hi Nicolas,
You should use only the securityConfig.config. Please remove the settings from the root web.config file.
All the best,
Ivan Dimitrov
the Telerik team
Hi Ivan,
The behavior evolved, i remove settings in root web.config now i obtains a "NotImplementedException" :
[NotImplementedException: La méthode ou l'opération n'est pas implémentée.] Telerik.Sitefinity.Security.MembershipProviderWrapper.GetUsers() +28 Telerik.Sitefinity.Security.Web.UI.LoginForm.InitializeProvidersList() +366 Telerik.Sitefinity.Security.Web.UI.LoginForm.CreateChildControls() +116 System.Web.UI.Control.EnsureChildControls() +102 System.Web.UI.Control.FindControl(String id, Int32 pathOffset) +20 System.Web.UI.Control.FindControl(String id) +12 Telerik.Sitefinity.Security.Web.UI.LoginForm.get_ChangePasswordLink() +30 Telerik.Sitefinity.Security.Web.UI.LoginForm.UpdateVisibilityOfLinks() +121 Telerik.Sitefinity.Security.Web.UI.LoginForm.set_ShowChangePasswordLink(Boolean value) +60 Telerik.Sitefinity.Web.LoginRouteHandler.SetLoginLogoutFroms(Page handler, RequestContext requestContext, String view) +230 Telerik.Sitefinity.Web.LoginRouteHandler.InitializeHttpHandler(Page handler, RequestContext requestContext) +202 Telerik.Sitefinity.Web.RouteHandlerBase.Handler_PreInit(Object sender, EventArgs e) +199 System.Web.UI.Page.OnPreInit(EventArgs e) +8871966 System.Web.UI.Page.PerformPreInit() +31 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +328Hello Nicolas,
You should inherit from MembershipDataProvider or OpenAccessMembershipProvider - represents OpenAccess implementation of data provider for Sitefinity membership services
Regards,
Ivan Dimitrov
the Telerik team
Hi,
I have almost the same problem. For our sitefinity website we had to build or own membership provider, to authenticate customers.
The CustomMemberShiprovider is inherited from MembershipProvider we overrided the validateUser en the Initialize.
In the SecurityConfig.config added the additional CustomMembershipProvider:
<membershipProviders> <add description="ABP Membership provider" type:type="System.RuntimeType, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" resourceClassId="" type="ABPDynamics.Webshop.MbrProvider" applicationName="/" RequiresQuestionAndAnswer="False" EnablePasswordReset="False" EnablePasswordRetrieval="False" ResetPasswordUrl="False" PasswordRetrievalUrl="False" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" enabled="True" name="ABPMembershipProvider" xmlns:p3="urn:telerik:sitefinity:configuration:type" /> </membershipProviders>
SecurityManager.AuthenticateUser("ABPMembershipProvider", txtLoginName.Text.Trim(), txtPassword.Text.Trim(), true);<BR><BR>And then we get the following error...
|
In sitefinity is the CustomMembershipProvider visible ?
Whats the problem here?
Regards,
Rick
Hello Rick,
The default membership provider could not be removed. You need to create an instance of SecurityManager with the custom provider you have created and then authenticate the user.
Kind regards,
Ivan Dimitrov
the Telerik team
Hi Ivan,
Thanks for your help, but do you have an example for me?
Kind Regards,
Rick
Hello,
Is it possible to make available a sample website where custom role/membership providers have been utilised.
I cannot find any documentation that shows how to configure the website for this.
What actions are required on the web.config, securityconfig.config to implement this ? ... in terms of registering the provider and database connection strings, for the database used to house roles/members which is NOT the sitefinity one ...
Sonia
Hello Sonia,
Here is one post that shows how to configure a custom membership provider
www.sitefinity.com/.../using_the_asp_net_sql_membership_provider_in_sitefinity.aspx
If you have custom provider that inherits from OpenAcess implementation or directly from our data provider you can register it in the configurations - Administration >> Settings >> Advanced >> Security.
Greetings,
Ivan Dimitrov
the Telerik team
Ivan,
I've implemented a rough version for a custom membership and role provider that at the moment does not save to a sql server backend.
I've setup 2 arrays, an array of users, an array of roles ...
My providers know what custom roles my users belong to ...
When I go to the user profile page ... the interface has not checked the custom roles my users belong to
however if I add an 'application role' to my user, this information is saved
Also if I assign permissions to my custom roles that information is saved
the only thing missing is the link between the user and the role, its built in the provider to know this association but sitefinity does not recognise it
Each time I go into the user profile the custom roles are unticked
What is the purpose of the ApplicationRoles in the securityconfig.config file ? if I take them away my site stops working, how do I populate this programmatically with custom roles if it is necessary for them to stay ?
Sonia
Hi Sonia,
In your custom role provider do you implement a property of type ManagerInfo and named ManagerInfo? It is used to link a role from the role provider to a user in a membership provider. Here is a sample implementation:
public ManagerInfo ManagerInfo get if (this.managerInfo == null) this.managerInfo = new ManagerInfo() ApplicationName = this.ApplicationName, ManagerType = typeof(RoleManager).FullName, ProviderName = this.Name, Id = Guid.NewGuid() ; return this.managerInfo; Lubomir,
I can't find any reference to ManagerInfo in the RoleProvider class so I haven't implemented.
However, I've downloaded the latest copy of your code (4.2) and my implementation seems to work there so there must be bug in the previous version of sitefinity
Also how do you disable buttons such as create new user/role and reset password on a custom role/membership provider ?
Hi Sonia,
I'm glad you resolved one of the issues. As for these buttons - I don't think there is a way to allow/disable them for a specific provider. You can do this for the entire module using permission settings. Unfortunately you can't do this per provider.
Best wishes,Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>
I don't know if this related to my using custom role/membership provider as it doesn't appear to be hitting the code in these components but when I try to navigate to the permission page on assets like a page or news content, the backend goes into an infinite loop
I can't locate the code that is causing the problem because it does not appear to be entering my custom role/membership modules
Can you tell me what the possible problem is ?
Hi Sonia,
Could you tell me the exact version of Sitefinity that you use? Also, in your membership database - how many users and roles (and user/role combinations) do you have? There was a performance issue when there are many users and roles that was fixed in one of the latest versions. It is possible that you do not enter an infinite loop, but rather that you need to wait until some method executes properly.
Kind regards,Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>
Version 4.2
And the looping only occurs when the backend is used within firefox browser. It's OK if used in conjunction with ie.
It has nothing to do with mu custom membership/role providers
Hi Sonia,
Do you use Firefox 6? We had a problem with Firefox 6 resulting in an infinite loop that was resolved in a hotfix. Please check this forum post for more information:
http://www.sitefinity.com/devnet/forums/sitefinity-4-x/general-discussions/sitefinity-4-2-hotfix-1.aspx
Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>
Yes we are using Firwfox 6.0.1
Thanks for a solution.
Sonia
trying to install sitefinity on an external box ... kept getting the error endpointnot found exception when trying to delete a page in the backend . Changed the servicepaths workflowbaseurl in the systemconfig file, moved on to a model error but when I look in log see the following ...
If there is a potential problem with my custom role/member providers why would the error be in the telerik providers ?
----------------------------------------
Timestamp: 07/09/2011 16:04:35
Message: HandlingInstanceID: 21c8550d-c83f-4569-9532-f6374729ed47
An exception of type 'System.ArgumentException' occurred and was caught.
------------------------------------------------------------------------
09/07/2011 17:04:35
Type : System.ArgumentException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : Invalid type specified Telerik.Sitefinity.Security.Data.RoleDataProvider
Source : Telerik.Sitefinity
Help link :
ParamName :
Data : System.Collections.ListDictionaryInternal
TargetSite : TProviderBase InstantiateProvider(Telerik.Sitefinity.Configuration.IDataProviderSettings, System.Type, Telerik.Sitefinity.Abstractions.ExceptionPolicyName, Telerik.Sitefinity.Data.ManagerBase`1[TProviderBase])
Stack Trace : at Telerik.Sitefinity.Data.ManagerBase`1.InstantiateProvider(IDataProviderSettings providerSettings, Type providerType, ExceptionPolicyName policy, ManagerBase`1 manager)
Additional Info:
MachineName : S8045-7676-WB01
TimeStamp : 07/09/2011 16:04:35
FullName : Telerik.Sitefinity.Utilities, Version=4.2.1650.0, Culture=neutral, PublicKeyToken=b28c218413bdf563
AppDomainName : /LM/W3SVC/3/ROOT-1-129598850694882845
ThreadIdentity :
WindowsIdentity : NT AUTHORITY\NETWORK SERVICE
Requested URL : http://***.com/
Category: ErrorLog
Priority: 0
EventId: 9010
Severity: Warning
Title:Enterprise Library Exception Handling
Machine: S8045-7676-WB01
App Domain: /LM/W3SVC/3/ROOT-1-129598850694882845
ProcessId: 5372
Process Name: c:\windows\system32\inetsrv\w3wp.exe
Thread Name:
Win32 ThreadId:3500
Extended Properties:
----------------------------------------
----------------------------------------
Timestamp: 07/09/2011 16:04:36
Message: HandlingInstanceID: 6b0327c5-8d9c-4665-97eb-3315be296c45
An exception of type 'System.ArgumentException' occurred and was caught.
------------------------------------------------------------------------
09/07/2011 17:04:36
Type : System.ArgumentException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message : Invalid type specified Telerik.Sitefinity.Security.Data.MembershipDataProvider
Source : Telerik.Sitefinity
Help link :
ParamName :
Data : System.Collections.ListDictionaryInternal
TargetSite : TProviderBase InstantiateProvider(Telerik.Sitefinity.Configuration.IDataProviderSettings, System.Type, Telerik.Sitefinity.Abstractions.ExceptionPolicyName, Telerik.Sitefinity.Data.ManagerBase`1[TProviderBase])
Stack Trace : at Telerik.Sitefinity.Data.ManagerBase`1.InstantiateProvider(IDataProviderSettings providerSettings, Type providerType, ExceptionPolicyName policy, ManagerBase`1 manager)
Additional Info:
MachineName : S8045-7676-WB01
TimeStamp : 07/09/2011 16:04:36
FullName : Telerik.Sitefinity.Utilities, Version=4.2.1650.0, Culture=neutral, PublicKeyToken=b28c218413bdf563
AppDomainName : /LM/W3SVC/3/ROOT-1-129598850694882845
ThreadIdentity :
WindowsIdentity : NT AUTHORITY\NETWORK SERVICE
Requested URL : http://***.com/
Category: ErrorLog
Priority: 0
EventId: 901
the above was resolved by setting workflowBaseUrl correctly in the systemconfig file, however I have now hit another problem ...
This is to do with page authorisation.
I set up a page YESTERDAY where only authenticated persons could view it
In ie, when I log in then explicitly call the page, I can see the page fine. In firefox, and chrome I get a message saying I am prohited from seeing the page
TODAY when I repeat the same test in ie and try to navigate to the page, the browser goes into an infinite loop, firefox and chrome indicate that there is a HTTP 310 ERR_TOO_MANY_REDIRECTS error
When I setup another page TODAY where only authenticated persons can view it, and I navigate to the page after logging in in ie, I can see thSEE THIS NEW PAGE OK, with the same problems I experienced before in firefox and chrome
WHAT IS GOING ON ?????????? is there a problem with the time element in the cookie which is somehow getting saved in the sitefinity database and is causing a problem aftyer 24 hours have elapsed ?
Also I've just noticed that there are loads of cookie names in the securityconfig file .... if I'm creating a custom cookie to go with my custom membership/roles provider what name should I be calling the cookie because at the moment I'm just using the ASP.NET default name for the cookie ...
Hi Sonia,
In Internet Explorer were you logged in in the Backend? I suppose you were in IE and were not in Firefox/Chorme, this is why you were able to see the page. Also the session timeout is adjustable in the Advanced Settings -> Security.
Regards,Thank you for being the most amazing .NET community! Your unfailing support is what helps us charge forward! We'd appreciate your vote for Telerik in this year's DevProConnections Awards. We are competing in mind-blowing 20 categories and every vote counts! VOTE for Telerik NOW >>
OK that explains why I could see the authenticated page in ie but why does trying to navigate to the next day cause an infinite loop ?
what name should I be calling a custom cookie ?
My problem is that I am doing an integration of Sitefinity with a third party CRM which is written in classic asp
I have written a custom login widget that captures the users username and password and posts this information to an asp classic page for authentication, once the user has been authenticated in the other system they are redirected back into the sitefinity application however at this point I won't have an authentication cookie for the asp.net application so I have to create one.
I'm using a httpmodule to create an authentication cookie if the home page has been requested with the username & remember me flag as form data. I do that in the context.AuthenicateRequest event.
In the global.asax Application_AuthenticateRequest event I look for the cookie, if found construct a genericprincipal and assign to context.user
However all this is not allowing me access to sitefinity authenticated pages.
I've changed the name of my forms authentication cookie to be the same as what's specified in securityconfig for authCookieName and also put a machinekey in my web.config file with same validationkey and decryptionkey as in securityconfig
... however none of this is working ...
Getting this ...
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
|
In my httpmodule context.AuthenticateRequest event I now just have this line, which is executed when a condition is met ...
SecurityManager.AuthenticateUser("***Member", _email,string.Empty, false);
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
|
Hello Sonia,
By default ASP.NET issues RolePrincipal but what we do is save our SitefinityPrincipal and then cast it back to our saved value. In our SitefinityHttpModule we have the following code:
void context_PostAuthenticateRequest(object sender, EventArgs e) HttpContextBase context = SystemManager.CurrentHttpContext; if (!(context.User is SitefinityPrincipal)) var sfPrincipal = context.Items["SitefinityPrincipal"] as SitefinityPrincipal; if (sfPrincipal != null) context.User = sfPrincipal;