I've been pulling my hair out all day trying to get a member login working. In absence of any documentation on how to do it, here's what I've done:
I have a user control with a username, password and submit button. Inside the submit button's click event handler I am getting the member object using Member.GetMemberFromLoginAndEncodedPassword and have verfied the returned member object is not null. Then I call Member.AddMemberToCache passing in the member object.
When I then look in the cookies for the page I see the following cookies: yourAuthCookie, umbracoMemberLogin, umbracoMemberGuid, umbracoMemberId, umbPanel_pHeight and umbPanel_pWidth.
I assume so far so good at this point. I've also verified the member object is stored in the cache.
Then, after the page loads I have another logout button. Inside the event handler for the button I call Member.GetCurrentMember, but this always returns a null object. I used reflector to see what this method does and saw that it makes a call to Member.CurrentMemberId, which checks the boolean value HttpContext.Current.User.Identity.IsAuthenticated, however, when debugging I can see that HttpContext.Current.User is null.
Can anyone shed any light on what might be going on here? Am I missing some Forms Authentication or umbraco provider specific configuration that isn't set up out of the box?
Neils, I have tried using the code to check the user myself using the code you provided, Neils. But the FormsAuthenticationModule still doesn't create the HttpContext.Current.User object upon subsequent page requests. The object is null. I was under the impression the FormsAuthenticationModule automatically detected the authentication cookie and created the HttpContext.Current.User object? Have I missed something that needs to be done on subsequent page requests?
Thanks Masood. But this is where I get confused. Should I use the traditional ASP.NET FormsAuthentication methods or the umbraco umbraco.cms.businesslogic.member namespace (assuming the UmbracoMembershipProvider is a wrapper around the umbraco.cms.businesslogic.member namespace)?
I was able to log in using the method you mentioned, except that I used the Member.GetMemberFromLoginAndEncodedPassword and encoded the password using the umbraco.providers.members.UmbracoMembershipProvider EncodePassword method. After calling the Member.AddMemberToCache(member) method (not using the AddMemberToCache(Member, bool, TimeSpan) overload) I saw the member record in the cache, and also saw the cookies I mention in my first post. But upon subsequent page requests I was unable to retrieve the logged in Member object when calling Member.GetCurrentMember(). That's when I noticed the HttpContext.Current.User object was not created (was null).
Perhaps I am missing something glaringly obvious. I haven't used the ASP.NET Login control. I want to have a login control on my homepage, also on a second document type, as they are pages that will often be landed on and I just don't want to have to get the user to go to the login page. The only time I need to redirect to a separate login page is when a particular document type is requested (not the homepage or second document type I mention above) and a user is not logged in. This has all come about because this is the way the site has been designed, which was nothing to do with me! :)
I'm still unable to access the logged in member from any page after performing the login stage. Any help you can provide is very much appreciated...
why don't you just add that asp.net login control onto those 2 specific pages (home page and second doc type pages) if most people land on those pages.
using the asp.net login control, you don't need to do anything additional, it''ll just work out of the box, as umbraco's authentication system is based on asp.net membership, you should really avoid using the member api directly (also because of performance)
why don't you just add that asp.net login control onto the template for those 2 specific pages (home page and second doc type pages) if most people land on those pages.
This code works fine for me though i would also suggest using asp.net login control. With asp.net login control, you don't need to call FormAuthenticate method.
I have also noticed some issues with using umbraco api e.g. if logged in using umbraco api, then asp.net LoginName control doesn't display login name correctly.
As noted by Dirk, the best choice is using asp.net login control (its just matter of droping a control on your web form) and works perfectly for umbraco & .net.
I suspect my next question though, will be, how do I get at the umbraco.cms.businesslogic.member.Member object from the Principal object exposed via the login control so that I can see properties like the full name (Member.Text), as well as custom MemberType properties. Can't say I've investigated it yet...
I've got no code behind hooked into any events for the controls, nor do I have any code interacting with the control properties or methods.
I've then tried the following:
I've tried loggin in with a member that does not exist. I get an error message within the control saying "Your login attempt was not successful. Please try again."
I've tried loggin in again, this time with the member I created within the CMS. In this case the AnonymousTemplate is still displayed after postback (with username & password textboxes, remember me checkbox and login button still displayed). The Welcome text does not get displayed. The authentication cookie does appear in the browser cookies. But any attempt to get the logged in Member or HttpContext.Current.User in a subsequent request fails.
Any ideas why the cookie would be created, but the FormsAuthenticationModule would fail to instantiate the user on subsequent page requests? I've spent two days on this... If not, can anyone verify that they do have this type of setup working on an umbraco version 4.5.1 and / or 4.5.2 installation?
Thanks Dirk, but I had already updated the parameter in the weblconfig file:
defaultMemberTypeAlias="Another Type"
Setting it to TestType. Still not able to retrieve the curent member using HttpContext.Current.User or Member.GetCurrentMember(). The authentication cookie is there after login. I'm wondering if it coulld be an issue with IIS, or the fact that I'm using localhost (port 80), but I'm clutching at straws really. No idea what the problem is.
Same with Neils example, after calling SetAuthCookie the cookie exists, but again, Member.GetCurrentMember() returns a null object. The Member.CurrentMemberId() method that is called by GetCurrentMember() is getting a null reference from HttpContext.Current.User when trying to check if IsAuthenticated == true. I'm totally stumped... :o(
Thanks for all your help. Any other ideas are more than welcome. Maybe I'm going to have to store the member id in a session variable...
Well I seem to have finally solved the problem, although I'm not sure why what I've done fixes the issue as it is beyond my knowledge of ASP.NET and IIS...
My development machine is Vista running IIS 7.0. The umbraco web applicaton application pool running in Integrated managed pipeline mode.
So I looked at some other blog posts regarding forms authentication and managed pipeline mode issues. In a couple of places the suggestion was to remove and add several modules within the system.webServer section of the web.config file:
After doing this I was able to successfully call Member.GetCurrentMember() as well as obtain a reference to HttpContext.Current.User upon subsequent requests to pages.
Perhaps a better ASP.NET professional than I can shed some light on what the issue was and why this fixed it. The issues I experienced may also not be an issue on other OS / IIS installations, hence Dirk, Neils and Masood not being able to repeat the same issue.
Anyway, a problem solved, and its solution is documented here. 3 days on and I can now continue developing my customer's website... :-)
Member Login
Hi
I've been pulling my hair out all day trying to get a member login working. In absence of any documentation on how to do it, here's what I've done:
I have a user control with a username, password and submit button. Inside the submit button's click event handler I am getting the member object using Member.GetMemberFromLoginAndEncodedPassword and have verfied the returned member object is not null. Then I call Member.AddMemberToCache passing in the member object.
When I then look in the cookies for the page I see the following cookies: yourAuthCookie, umbracoMemberLogin, umbracoMemberGuid, umbracoMemberId, umbPanel_pHeight and umbPanel_pWidth.
I assume so far so good at this point. I've also verified the member object is stored in the cache.
Then, after the page loads I have another logout button. Inside the event handler for the button I call Member.GetCurrentMember, but this always returns a null object. I used reflector to see what this method does and saw that it makes a call to Member.CurrentMemberId, which checks the boolean value HttpContext.Current.User.Identity.IsAuthenticated, however, when debugging I can see that HttpContext.Current.User is null.
Can anyone shed any light on what might be going on here? Am I missing some Forms Authentication or umbraco provider specific configuration that isn't set up out of the box?
I've tried this on umbraco 4.5.1 and 4.5.2
Hi Marc,
I'd strongly advice you to using the standard asp.net login controls for member authentication.
Have a look at Morten's blog post about integrating member authentication into an umbraco site: http://www.mortenbock.dk/blog/2009/04/01/setting-up-membership-in-umbraco.aspx. It's a simple tutorial that all teach you the basics of setting up your authentication system.
Feel free to ask more questions if you still have some after heaving read and followed Morten's article.
Cheers,
/Dirk
but if you realley want to check the user by yourself:
Thanks for your help Neils and Dirk.
Neils, I have tried using the code to check the user myself using the code you provided, Neils. But the FormsAuthenticationModule still doesn't create the HttpContext.Current.User object upon subsequent page requests. The object is null. I was under the impression the FormsAuthenticationModule automatically detected the authentication cookie and created the HttpContext.Current.User object? Have I missed something that needs to be done on subsequent page requests?
private void LoginUser(string username, string password)
{
bool useSession=true;
int timeout=20;
Member loginMember = Member.GetMemberFromLoginNameAndPassword(username, password);
if (loginMember != null)
{
Member.AddMemberToCache(loginMember, useSession, new TimeSpan(0, timeout, 0));
}
else
{
// Not logged in
}
}
Have you tried using asp.net Login control?
Thanks Masood. But this is where I get confused. Should I use the traditional ASP.NET FormsAuthentication methods or the umbraco umbraco.cms.businesslogic.member namespace (assuming the UmbracoMembershipProvider is a wrapper around the umbraco.cms.businesslogic.member namespace)?
I was able to log in using the method you mentioned, except that I used the Member.GetMemberFromLoginAndEncodedPassword and encoded the password using the umbraco.providers.members.UmbracoMembershipProvider EncodePassword method. After calling the Member.AddMemberToCache(member) method (not using the AddMemberToCache(Member, bool, TimeSpan) overload) I saw the member record in the cache, and also saw the cookies I mention in my first post. But upon subsequent page requests I was unable to retrieve the logged in Member object when calling Member.GetCurrentMember(). That's when I noticed the HttpContext.Current.User object was not created (was null).
Perhaps I am missing something glaringly obvious. I haven't used the ASP.NET Login control. I want to have a login control on my homepage, also on a second document type, as they are pages that will often be landed on and I just don't want to have to get the user to go to the login page. The only time I need to redirect to a separate login page is when a particular document type is requested (not the homepage or second document type I mention above) and a user is not logged in. This has all come about because this is the way the site has been designed, which was nothing to do with me! :)
I'm still unable to access the logged in member from any page after performing the login stage. Any help you can provide is very much appreciated...
why don't you just add that asp.net login control onto those 2 specific pages (home page and second doc type pages) if most people land on those pages.
using the asp.net login control, you don't need to do anything additional, it''ll just work out of the box, as umbraco's authentication system is based on asp.net membership, you should really avoid using the member api directly (also because of performance)
Hope this helps.
Regards,
/Dirk
Btw, first sentence should read as:
why don't you just add that asp.net login control onto the template for those 2 specific pages (home page and second doc type pages) if most people land on those pages.
/Dirk
This code works fine for me though i would also suggest using asp.net login control. With asp.net login control, you don't need to call FormAuthenticate method.
I have also noticed some issues with using umbraco api e.g. if logged in using umbraco api, then asp.net LoginName control doesn't display login name correctly.
As noted by Dirk, the best choice is using asp.net login control (its just matter of droping a control on your web form) and works perfectly for umbraco & .net.
Regards,
Masood
Thanks Dirk,
I'll give it a whirl.
I suspect my next question though, will be, how do I get at the umbraco.cms.businesslogic.member.Member object from the Principal object exposed via the login control so that I can see properties like the full name (Member.Text), as well as custom MemberType properties. Can't say I've investigated it yet...
You can use 'Member.GetCurrentMember()' and other umbraco api calls after logging in using asp.net login control.
Hi Mark,
this is what you need: http://www.aaron-powell.com/umbraco-members-profiles
Hope this helps.
Regards,
/Dirk
Hey guys. First I want to thank you all for your help so far. Unfortunately I'm still having what appears to be the same issue.
Within the CMS I have done the following:
On my home page I have created the following control structure:
<asp:LoginView ID="LoginViewUmbraco" runat="server">
<AnonymousTemplate>
<asp:Login runat="server" />
</AnonymousTemplate>
<LoggedInTemplate>
Welcome
</LoggedInTemplate>
</asp:LoginView>
I've got no code behind hooked into any events for the controls, nor do I have any code interacting with the control properties or methods.
I've then tried the following:
Any ideas why the cookie would be created, but the FormsAuthenticationModule would fail to instantiate the user on subsequent page requests? I've spent two days on this... If not, can anyone verify that they do have this type of setup working on an umbraco version 4.5.1 and / or 4.5.2 installation?
Thanks!
you're doing ok, just one minor thing you've forgotten: you need to change a settings in web.config to reflect the name of your member type
<membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name="UmbracoMembershipProvider" type="umbraco.providers.members.UmbracoMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Another Type" passwordFormat="Hashed" /> <add name="UsersMembershipProvider" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" /> </providers> </membership>Just change this bit
into
defaultMemberTypeAlias="TestType"and you should be up and running. If not, let us know what's stilll not working.
Cheers,
/Dirk
using my login code from the last page an using mazoods code to get member wil work. I have used this on 4.5.1 before
using System.Web.Security; if( System.Web.Security.Membership.ValidateUser(username, password) ) { FormsAuthentication.SetAuthCookie(username, true); }Thanks Dirk, but I had already updated the parameter in the weblconfig file:
Setting it to TestType. Still not able to retrieve the curent member using HttpContext.Current.User or Member.GetCurrentMember(). The authentication cookie is there after login. I'm wondering if it coulld be an issue with IIS, or the fact that I'm using localhost (port 80), but I'm clutching at straws really. No idea what the problem is.
Same with Neils example, after calling SetAuthCookie the cookie exists, but again, Member.GetCurrentMember() returns a null object. The Member.CurrentMemberId() method that is called by GetCurrentMember() is getting a null reference from HttpContext.Current.User when trying to check if IsAuthenticated == true. I'm totally stumped... :o(
Thanks for all your help. Any other ideas are more than welcome. Maybe I'm going to have to store the member id in a session variable...
Well I seem to have finally solved the problem, although I'm not sure why what I've done fixes the issue as it is beyond my knowledge of ASP.NET and IIS...
My development machine is Vista running IIS 7.0. The umbraco web applicaton application pool running in Integrated managed pipeline mode.
I found the following ASP.NET forum post:
http://www.weask.us/entry/authentication-problem-windows-vista-cookie-written-httpcontext-current-user-null
This suggests switching to classic managed pipeline mode, which is not an option, at least when running umbraco with appsetting:
<add key="umbracoUseDirectoryUrls" value="true" />
So I looked at some other blog posts regarding forms authentication and managed pipeline mode issues. In a couple of places the suggestion was to remove and add several modules within the system.webServer section of the web.config file:
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
After doing this I was able to successfully call Member.GetCurrentMember() as well as obtain a reference to HttpContext.Current.User upon subsequent requests to pages.
Perhaps a better ASP.NET professional than I can shed some light on what the issue was and why this fixed it. The issues I experienced may also not be an issue on other OS / IIS installations, hence Dirk, Neils and Masood not being able to repeat the same issue.
Anyway, a problem solved, and its solution is documented here. 3 days on and I can now continue developing my customer's website... :-)
Check that your IIS process e.g. IIS_IUSRS has permission to the App_Data folder.
is working on a reply...