Programmatically authenticated user unable to view pages - Front- & Back-End Development - Front- & Back-End Development - Progress Community
 Front- & Back-End Development

Programmatically authenticated user unable to view pages

  • Programmatically authenticated user unable to view pages
  • Hi,

    The following problem has been a brick wall for us for a couple of weeks
    now. Telerik are trying to help, but I am hoping to expedite things by
    crowd sourcing.


    We have some code that programmatically authenticates a user:
    //-------------------

    protected void Page_Load(object sender, EventArgs e)
    UserManager manager = UserManager.GetManager();
      
    var objUser = manager.GetUser("theuser"); //Curious -objUser never gets used?
      
    var validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), "theuser", "password", true);
    bool authenticated = validate == UserLoggingReason.Success;
      
    manager.Provider.SuppressSecurityChecks = true;
    manager.SaveChanges();
      
    //Set Auth. cookie per suggestion from Telerik
    FormsAuthentication.SetAuthCookie("theuser", true);
    if (authenticated)
    Trace.Write("Page_Load: authenticated: " + authenticated);
    Trace.Write("Page_Load: User.Identity.Name: " + User.Identity.Name);
    if (Request["returnUrl"] == null)
    else
    Response.Redirect(Request["returnUrl"]);
    else
    Response.Write("authenticated: " + authenticated.ToString());

    //--------------------




     When I run this, "validate" has the value UserLoggingReason.Success, so
    the user is successfully authenticated. After this, the user is redirected
    to the site's home page: ~/Home.

    Problem: When the page loads it shows a 403 error:

    This type of page is not served.
    Description: The type of page you have requested is not served because it has been explicitly forbidden.
    Please review the URL below and make sure that it is spelled correctly.
    Requested URL: /sites/demo/Home

    The user was created in Sitefinity using the CMS and is assigned to the Role "Users".
    The site has permissions for all pages set to:
    View pages (?): Users
    The Page /Home, inherits permissions from all pages.
    The root of the sitefinity application is in /sites.

    It would appear that the user does not have permission to view the page.
    However, if I log in with the account through the sitefinity CMS interface, and
    navigate to Home.aspx, I can view it fine.

    Why can't the logged in user see the page when viewing via a redirection
    after being logged in programmatically?

    Cheers,
    Geoff
  • Geoff,

    This post seems promising! :)
  • Hi Tim,
    Thanks for response.

    Yes I had read and re-read that thread till I was near blind.
    Thought I was going mad. In fact the answer is that those
    are all for FormsAuthentication. That method doesn't work
    for the new claims based authentication.

    Telerik gave me the solution this morning. I show how its done
    below. The weird part (to me anyway) is how they check for a
    successful login. It seems to use a test request back to the server.
    Not very efficient. I have asked them about this.

    Cheers,
    Geoff

    AuthenticationMode authMode = Config.Get<SecurityConfig>().AuthenticationMode;
    Trace.Write("Page_Load: authMode: " + authMode);
     
    if (Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Forms == authMode)
        User objUser = manager.GetUser(strUser);
        UserLoggingReason validate = SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), strUser, strPwd, false);
        manager.Provider.SuppressSecurityChecks = true;
        manager.SaveChanges();
     
        if (validate == UserLoggingReason.Success)
        
            //'We are now authenticated, tell formSecurity, and create the session cookie
            Trace.Write("Page_Load: logged in with Forms authentication");
     
            FormsAuthentication.SetAuthCookie(strUser, false);
     
            if (Request["returnUrl"] == null)
                Response.Redirect(strURL);
            else
                Response.Redirect(Request["returnUrl"]);
        
    else if (Telerik.Sitefinity.Security.Configuration.AuthenticationMode.Claims == authMode)
        //Set claims authentication token. New in sitefinity 5.0
        HttpWebRequest tokenRequest = (HttpWebRequest)HttpWebRequest.Create(SitefinityClaimsAuthenticationModule.Current.GetIssuer());
        tokenRequest.Headers.Add("deflate", "true");
        tokenRequest.Headers.Add("realm", SitefinityClaimsAuthenticationModule.Current.GetRealm());
        tokenRequest.Headers.Add("wrap_name", strUser);
        tokenRequest.Headers.Add("wrap_password", strPwd);
     
        HttpWebResponse issuerResponse = (HttpWebResponse)tokenRequest.GetResponse();
        if (HttpStatusCode.Unauthorized != issuerResponse.StatusCode) //else authentication is failed
        
            Trace.Write("Page_Load: logged in with Claims authentication");
            using (StreamReader responseStream = new StreamReader(issuerResponse.GetResponseStream()))
            
                string token = responseStream.ReadToEnd();
                Response.Redirect(strURL +"?"+ token);
            
        
  • One extra thing to note to Geoff's post above about authenticating for Claims based auth, if you are using a custom membership provider, you need to change the the provider via the sf_domain header property for Claims Based auth'

    tokenRequest.Headers.Add("sf_domain", "CustomProviderName");

  • I have 5.1.3270 installed and it's telling me the SitefinityClaimsAuthenticationModule is deprecated.  Can anyone enlighten me as to the new class names?  Is it part of ClaimsManager?  Where is this documented???  Guess I'll open a support ticket too.
  • Hi guys,

    In Sitefinity 5.1 SP2 there is a fix which allows to use the code below and it will leave an authentication cookie without workarounds. It will work fine in both Claims authentication mode (the default one for Sitefinity) and Forms mode.

    SecurityManager.AuthenticateUser(UserManager.GetDefaultProviderName(), "theuser", "password", true);

    I hope you will enjoy it.

    Regards,
    DimBo
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • When switching out to use the single line authentication call I get the following error:

    Type 'Telerik.Sitefinity.Security.UserIdentity' in assembly 'Telerik.Sitefinity, Version=5.1.3450.0, Culture=neutral, PublicKeyToken=b28c218413bdf563' is not marked as serializable.
  • Did you find a solution for this error ?

    I have the same problem.
  • Hello Dominic,

    The problem occurs only when running the project using Visual Studio or Sitefinity Project Manager's integrated webservers. This functionality relies on having the project run through IIS, where the exception does not occur.

    Greetings,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • What is the fix for this issue?
  • No fix.
    We just can't run the website from the Visual Studio interface using "Start debugging" button. 

    Boyan's answer worked immediatly for me running the project through IIS.  Just create an IIS application for your project and run from that instance (http://localhost/you_iis_app_name) and it will work.
  • Hello Patrick.

     I will answer from my experiences.

    All pages that required VB/C# coding have to be done in your Visual Studio project. Either ASPX pages or as I always do, User control (ASCX).

    Once your user control is working, in your VS Studio project go Under (App_Data\Sitefinity\Configuration) .. you will find a file called "ToolboxesConfig.Config".  In this file you will create a new section for all your user controls.  This will allow you to use them in your Sitefinity pages.

    The new section would look like :

    <add enabled="True" title="​PATRICK CONTROLS" ordinal="0" name="PATRICKCONTROLS">
    <tools>
    <add enabled="True" type="~/UserControls/YourControl.ascx" title="​YourControl Title" visibilityMode="None" name="YourControlName" />

    </tools>
    </add>

     This will add a new WIDGET section that will be available in Sitefinity when creating new pages after you republish your website.

    You will then be able to drag and drop your usercontrol in the sitefinity pages.

    That is how to use usercontrol in Sitefinity.  Pages made directly from Sitefinity in the backend are mainly just text/image/link content managed by non-technical people.

    Hoping this helped you a little.

    Don't hesitate to ask more question if needed.

  • By the way.  You only need to add one section for all your user control in the ToolboxesConfig.config file.

    If you have 2 usercontrols, it would like like this.

     

    <add enabled="True" title="​PATRICK CONTROLS" ordinal="0" name="PATRICKCONTROLS">
    < tools>

    < add enabled="True" type="~/UserControls/YourControl.ascx" title="​YourControl Title" visibilityMode="None" name="YourControlName" />

    < add enabled="True" type="~/UserControls/YourControl2.ascx" title="​YourControl2 Title" visibilityMode="None" name="YourControlName2" />

    </tools>
    < /add>

     

    This file can be modified directly from Sitefinity.  A Google search will help your for this.  I always preferred modifying my custom section manually directly in the file.

    You will see other sections in that files.  Do not alter them.

  • Thx for the quick reply Dominic! You offer a solution for controls and widgets, but what about a web form (visual c#) added in Studio, how do I make use of it or see it from the dashboard UI (or the Sitefinity backend as you refer to it)?