Serialization error in UserIdentity upgrading from 5.1.3270

Posted by Community Admin on 04-Aug-2018 02:05

Serialization error in UserIdentity upgrading from 5.1.3270 to 5.1.3450

Sitefinity - Bugs & Issues

All Replies

Posted by Community Admin on 03-Oct-2012 00:00

Getting the following error when upgrading:

Type 'Telerik.Sitefinity.Security.UserIdentity' in assembly 'Telerik.Sitefinity, Version=5.1.3450.0, Culture=neutral, PublicKeyToken=b28c218413bdf563' is not marked as serializable.

 

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.Serialization.SerializationException: Type 'Telerik.Sitefinity.Security.UserIdentity' in assembly 'Telerik.Sitefinity, Version=5.1.3450.0, Culture=neutral, PublicKeyToken=b28c218413bdf563' is not marked as serializable.

Source Error:

 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 

[SerializationException: Type 'Telerik.Sitefinity.Security.UserIdentity' in assembly 'Telerik.Sitefinity, Version=5.1.3450.0, Culture=neutral, PublicKeyToken=b28c218413bdf563' is not marked as serializable.] 
Microsoft.VisualStudio.WebHost.Connection.get_RemoteIP() +0 
Microsoft.VisualStudio.WebHost.Request.GetRemoteAddress() +65 
System.Web.HttpRequest.get_UserHostAddress() +21 
Telerik.Sitefinity.Security.Claims.SFClaimsAuthenticationManager.ValidateLimitations(ClaimsPrincipalProxy principal, HttpContext context) +109 
Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule.OnPostAuthenticateRequest(Object sender, EventArgs e) +1247 
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148 
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

 

I get this after we login and redirect to a login page.  We are doing our own login page with a redirect so it acts like forms authentication used to.  I can't seem to find anywhere I am serializing anything from this class but it also doesn't mean I am wrong.  Any reason why this error would pop up after this upgrade?

Posted by Community Admin on 05-Oct-2012 00:00

Hi Jeffrey, 

From the stack trace I see the Claims authentication module which provides the default authentication provider in Sitefinity encounters the exception.
I suppose the project is running in claims authentication (you can check in Administration->Settings->UserAuthentication) and in this case I suggest using one of the login approaches described below.

As SecurityManager.AuthenticateUser() solely will not keep you logged in, but will authenticate a user for the current request only after this the user will not be authenticated, you have to create authentication cookie that will persist the user as logged in.

protected void Page_Load(object sender, EventArgs e)
    var manager = UserManager.GetManager();
    string userName = "UserB";
    string password = "password";
 
    if (manager.ValidateUser(userName, password))
    
        DateTime now = DateTime.UtcNow;
        var user = manager.GetUser(userName);
        user.IsLoggedIn = true;
        user.LastLoginIp = SystemManager.CurrentHttpContext.Request.UserHostAddress;
        user.LastLoginDate = now;
        user.LastActivityDate = now;
        var loginReason = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), userName, password, true);
 
        if (loginReason == UserLoggingReason.UserAlreadyLoggedIn)
        
            SecurityManager.Logout(UserManager.GetDefaultProviderName(), user.Id);
            loginReason = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), userName, password, true);
        
 
        if (loginReason == UserLoggingReason.Success)
        
            manager.Provider.SuppressSecurityChecks = true;
            manager.SaveChanges();
 
            FormsAuthentication.SetAuthCookie(userName, true);
 
            if (Request["returnUrl"] == null)
                Response.Redirect(String.Format("0://1/login-test", Request.Url.Scheme, Request.Url.Authority));
            else
                Response.Redirect(Request["returnUrl"]);
        
    

This code will authenticate and create authentication cookie if you are using Forms authentication. In case you use claims authentication the code must be modified to:

var authMode = Config.Get<SecurityConfig>().AuthenticationMode;
        
if (Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Forms == authMode)
     //old code should work here.
else if (Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Claims == authMode)
    HttpWebRequest tokenRequest = (HttpWebRequest)HttpWebRequest.Create(SitefinityClaimsAuthenticationModule.Current.GetIssuer());
    tokenRequest.Headers.Add("deflate", "true");
    tokenRequest.Headers.Add("realm", SitefinityClaimsAuthenticationModule.Current.GetRealm());
    tokenRequest.Headers.Add("wrap_name", username);
    tokenRequest.Headers.Add("wrap_password", password);
        
    HttpWebResponse issuerResponse = (HttpWebResponse)tokenRequest.GetResponse();
    if (HttpStatusCode.Unauthorized != issuerResponse.StatusCode) //else authentication is failed
    
        using (StreamReader responseStream = new StreamReader(issuerResponse.GetResponseStream()))
        
            string token = responseStream.ReadToEnd();
            Response.Redirect("~/MyAccount?" + token);
        
    

Regards,
Pavel Benov
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 29-Oct-2012 00:00

Hello Pavel, 

I receive 'Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule.Current' is obsolete: '"There is no need to use this property, it will be removed in one of the next releases"' when using SitefinityClaimsAuthenticationModule.Current

can you point me to the replacement code?

Thanks!

Posted by Community Admin on 01-Nov-2012 00:00

Hello Barry,

Yes, the Current property sends this warning, but you can still use the code as it is with no problems. 

Kind regards,
Pavel Benov
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed