Serialization error in UserIdentity upgrading from 5.1.3270 to 5.1.3450
Getting the following error when upgrading:
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
Stack Trace:
|
I get this after we login and redirect to a login page. We are doing our own login page with a redirect so it acts like forms authentication used to. I can't seem to find anywhere I am serializing anything from this class but it also doesn't mean I am wrong. Any reason why this error would pop up after this upgrade?
Hi Jeffrey,
From the stack trace I see the Claims authentication module which provides the default authentication provider in Sitefinity encounters the exception.
I suppose the project is running in claims authentication (you can check in Administration->Settings->UserAuthentication) and in this case I suggest using one of the login approaches described below.
As SecurityManager.AuthenticateUser() solely will not keep you logged in, but will authenticate a user for the current request only after this the user will not be authenticated, you have to create authentication cookie that will persist the user as logged in.
protected
void
Page_Load(
object
sender, EventArgs e)
var manager = UserManager.GetManager();
string
userName =
"UserB"
;
string
password =
"password"
;
if
(manager.ValidateUser(userName, password))
DateTime now = DateTime.UtcNow;
var user = manager.GetUser(userName);
user.IsLoggedIn =
true
;
user.LastLoginIp = SystemManager.CurrentHttpContext.Request.UserHostAddress;
user.LastLoginDate = now;
user.LastActivityDate = now;
var loginReason = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), userName, password,
true
);
if
(loginReason == UserLoggingReason.UserAlreadyLoggedIn)
SecurityManager.Logout(UserManager.GetDefaultProviderName(), user.Id);
loginReason = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), userName, password,
true
);
if
(loginReason == UserLoggingReason.Success)
manager.Provider.SuppressSecurityChecks =
true
;
manager.SaveChanges();
FormsAuthentication.SetAuthCookie(userName,
true
);
if
(Request[
"returnUrl"
] ==
null
)
Response.Redirect(String.Format(
"0://1/login-test"
, Request.Url.Scheme, Request.Url.Authority));
else
Response.Redirect(Request[
"returnUrl"
]);
This code will authenticate and create authentication cookie if you are using Forms authentication. In case you use claims authentication the code must be modified to:
var authMode = Config.Get<SecurityConfig>().AuthenticationMode;
if
(Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Forms == authMode)
//old code should work here.
else
if
(Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Claims == authMode)
HttpWebRequest tokenRequest = (HttpWebRequest)HttpWebRequest.Create(SitefinityClaimsAuthenticationModule.Current.GetIssuer());
tokenRequest.Headers.Add(
"deflate"
,
"true"
);
tokenRequest.Headers.Add(
"realm"
, SitefinityClaimsAuthenticationModule.Current.GetRealm());
tokenRequest.Headers.Add(
"wrap_name"
, username);
tokenRequest.Headers.Add(
"wrap_password"
, password);
HttpWebResponse issuerResponse = (HttpWebResponse)tokenRequest.GetResponse();
if
(HttpStatusCode.Unauthorized != issuerResponse.StatusCode)
//else authentication is failed
using
(StreamReader responseStream =
new
StreamReader(issuerResponse.GetResponseStream()))
string
token = responseStream.ReadToEnd();
Response.Redirect(
"~/MyAccount?"
+ token);
Hello Pavel,
I receive 'Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule.Current' is obsolete: '"There is no need to use this property, it will be removed in one of the next releases"' when using SitefinityClaimsAuthenticationModule.Current
can you point me to the replacement code?
Thanks!
Hello Barry,
Yes, the Current property sends this warning, but you can still use the code as it is with no problems.
Kind regards,