Sitefinity OAuthLogin sometimes only redirects for Administrator role
I have a widget on a Sitefinity 8.0 page that redirects to a login protected page when a child button is clicked.
Most of the time after authenticating, the OAuthLogin widget redirects to whatever is specified in the RedirectUrl URL parameter. However, once in a while, the OAuthLogin widget does not redirect and instead does a postback (looks like a refresh).
What I discovered is that this redirect error never happens for Sitefinity users in the Administrator role. My co-worker would have this error happen for him on multiple
machines including mine, but my admin account would never experience
this.
I'd like to add that the login functionality works because the
Sitefinity user is successfully logged in. In fact, after the
postback/failed redirect, when the authenticated user clicks logout, the
browser then redirects to the specified RedirectUrl that it was supposed to go to.
The OAuthLogin widget is not a custom widget so I do not
have code for that, but maybe someone with more Sitefinity experience
can explain what is happening. I have looked at the console for any
errors but cannot find any because of the postback that occurs upon
clicking the login button. Has anybody experienced this with Sitefinity
and is there something I am not understanding about the OAuthLogin widget or how Roles are applied to page permissions in Sitefinity?
Hello,
Are you referring and using the OauthExternalAuthentication project from the GitHub repository ? (https://github.com/Sitefinity/Sitefinity-External-STS-Integration) . Since this is custom widget created in an external assembly you should be able to edit it with Visual Studio.
Which service are you using for the authentication ?
For reference I also provide the documentation link to
Set up external STS login
As a sidenote, please note, that in the browser (Advanced settings -> Security) the external Auth domain needs to be entered in the the trusted domains. For instance, for Facebook, you should add "www.facebook.com" in the trusted domains.
Regards,
Dimitri Cools
Telerik
We have not had any issues setting up the STS login or installing the OauthExternalAuthentication module. The authentication works just fine. Also, we are not using an external provider yet; just logging in using Sitefinity credentials.
Like I stated, occasionally.. a non-Admin/non-Backend user tries to access a login-protected page. After logging in successfully, the page simply refreshes instead of redirecting to the RedirectURL in the URL parameters.
The RedirectURL is correct and like I have already stated, the User is authenticated. Again, this only happens when a non-Admin account is trying to do this. Also, I have made sure that my page permissions are correct and that the Role that this non-Admin account is under is permitted to access this page. I even set newly registered users under that custom Role upon registration, but nothing has changed.
Hello,
Based on your explanation you could be encountering the following bug:
http://feedback.telerik.com/Project/153/Feedback/Details/146549-login-frontend-users-are-not-redirected-to-the-url-specified-in-the-returnurl-qu
Please consider upgrading to the latest internal build of 8.0 or a higher version to overcome this.
For your information: Use the following procedure to upgrade your current version of Sitefinity to any other higher version.
We no longer have access to updates. Could you please provide more information on the issue so we can build our own control to fix the issue.
Thank you.
Hello,
Unfortunately there is no direct workaround for this issue.
To circumvent the problem it is advised to upgrade to Sitefinity's Internal Build 8.0.5715.0 or higher.