Can you please provide some more information such as:

- Umbraco Version

- Where 'isLoggedOn' is being read from

- Which login control are you using

Of course - sorry for the lack of information - I was REALLY frustrated when i wrote that ;-)

Umbraco version: 4.0.2.1

I have written a usercontrol which is place on every page that checks if the user is logged on or not. Currently, all it does is just to write true if logged on and false if not.

Since my last post i have noticed that when I log on, I am redirected to the front page. Here the isLoggedOn is true, and stays true event if I refresh the page (using ctrl+r). But if I click on the link in the menu for the front page (or any other page), the control returns false again.

I have been using both a self made login control:

Member currentUser = Member.GetMemberFromLoginNameAndPassword(TextBox1.Text, TextBox2.Text);
            if (currentUser != null)
            {
                if (UseCookiesForAuthentication)
                    Member.AddMemberToCache(currentUser);
                else
                    Member.AddMemberToCache(currentUser, true, new TimeSpan(0, 0, 0));
            }

and the default asp.net login control, and event the macros in Niels Hartvigs MemberControl package. All with the same result - neither works.

The code for the usercontrol that i have placed on every page:

        protected void Page_Load(object sender, EventArgs e)
        {
            Content.Text = umbraco.library.IsLoggedOn().ToString();
        }

I have also tried to use the Member.isLoggedOn() with no luck.

Maybe it has something to do with the IIS website setup? The project was initially installed on my local computer and then uploaded to a hosted webserver. I can only get to the IIS manager from work, so I have not been able to play around with the settings there. Maybe app pool restart would do the job?

If you want to test yourself, here is the link to the login page: alpha dot firmafisk dot dk/brugerkonto    (change the dot to .)
You can use this to login: user: [email protected]  psw: 1234

Hope this information can help someone identify the problem. If not, please don't hesitate to ask.

/Dan

Forgot to mention that I have also tried System.Web.Security.Membership.GetUser()  which returns null and Membership.GetNumberOfUsersOnline().ToString() which returns 0 (zero).

Directly interacting with the membership API is no longer recommended due to the move to the ASP.NET membership provider model. There was a problem if you were storing members in Session in v3, but I think that was only with signing them out.

Check out this wiki page, it'll cover all that you should need to for doing membership stuff - http://our.umbraco.org/wiki/how-tos/membership-providers

Personally I recommend just using the standard ASP.NET login control, I put together a small demo site using them (for a blog I did about the membership profile provider) which I may have the code still for, I'll check tomorrow for you.

I have located the problem!

I have been using umbracoUseDirectoryUrls = true which I would love to go back to. But setting this to default (false) fixes the problem and the login works fine.

For now, I'll just keep the ugly .aspx urls, but if anyone knows how to get this to work with directoryUrls, I would highly appreciate the help.

Anyway, thank you for your help so far Slace.

Enjoy the rest of the weekend - finally, I can ;-)

Just noticed that there is still a problem with the front page which is just the domain url (www.firmafisk.dk) and does not have the aspx extension. On the front page, the login status is then "not logged in" and on all other pages (with the aspx extension) the user is still logged on.

I find this very strange - maybe it is a IIS setting? Any ideas?

Aha! I would NEVER have figured that one out myself!

I have the exact same problem. When directory URL's are used, nothing works - it's like the user isn't logged in. Turning directory URL's off, everything but the first page works, just like in your case.

It looks like I'm going to have to use the standard ASP.NET login control, but I'm not sure if it's flexible enough.

Thanks Dan for documenting this problem! Thumbs up for that!

/Thomas Kahn

And now when I have switched to plain ASP.NET controls added to usercontrols and have directory URL's set to true, I still get the same errors. Setting directory URL's to false and everything works like a charm.

It looks like a bug, but I'm not sure?

/Thomas

I found a solution to the problem on codeplex:

http://umbraco.codeplex.com/WorkItem/View.aspx?WorkItemId=22929&ProjectName=umbraco&PendingVoteId=22929

If you follow these instructions:

Default behaviour for iis7 for the formsauthentication module is to only invoke for requests to asp.net applications or managed handlers (probably also for iis6). If you disable the 'Invoke only for requests to ASP.NET applications or managed handlers' option, forms authentication will work then also for directory urls.

...it will work. I'm running IIS7 and this is how I altered the settings:

1. Open up IIS Manager
2. Select the website you want to alter
3. Double click on "Modules"
4. Locate the parameter named "FormsAuthentication" and double click on it
5. Uncheck the checkbox "Invoke only for requests to ASP.NET applications or managed handlers"
6. Click OK

It looks like it adds the following lines to the web.config:

<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" preCondition="" />

After having done this adjustment, logging in and out and displaying the correct login status works again!

/Thomas Kahn

One thing that still doesn't work though is if you have directory url's set to true and try to access a protected page and you are not logged in. Then you get the following error:

[NullReferenceException: Object reference not set to an instance of an object.]
   System.Web.Security.Membership.GetCurrentUserName() +37
   System.Web.Security.Membership.GetUser() +7
   umbraco.requestHandler..ctor(XmlDocument _umbracoContent, String url) +3493
   umbraco.UmbracoDefault.Page_PreInit(Object sender, EventArgs e) +903
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.EventHandler.Invoke(Object sender, EventArgs e) +0
   System.Web.UI.Page.OnPreInit(EventArgs e) +8699406
   System.Web.UI.Page.PerformPreInit() +31
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +282

Setting directory url's to false makes things work again.

/Thomas

Then, if you follow the other advice on the codeplex page; adding an attribute to the modules tag in web.config:

<modules runAllManagedModulesForAllRequests="true">

...then you get rid of the problem that occurs if you try to access a protected page while not being logged in (with directory url's set to true).

A follow-up question: are there any other implications when doing the above alteration? I'm not very good at web servers, but could this compromise security? Will ISP's allow this modification?

/Thomas K

Ahhhh I'm having this problem... Moved a site from IIS6 to IIS7

http://our.umbraco.org/forum/getting-started/installing-umbraco/6262-Admin-Password-Moved-Umbraco-Site

@Thomas - So will this solve my problem when logged in?

<modules runAllManagedModulesForAllRequests="true">

Just to let you know adding 

<modules runAllManagedModulesForAllRequests="true">

Solved my problem on the site :)

Here's an article that describes the problem a little more in detail:

http://ruslany.net/2008/09/wildcard-script-mapping-and-iis-7-integrated-pipeline/

/Thomas

Had the exaxt same problem. Thanks for sharing the solution. Thumbs up!

Great. Works for me to.

Thanks, Thomas!

Your solutions are work for my latest project hosted on IIS7 :-)

is working on a reply...