My question is: how can I get Umbraco to immediately recognize that the member is logged in when I call the Members.Login() method in a custom RenderMvcController?
Here's the background:
I have an Umbraco 8 stand-alone install (not cloud), running an intranet site. We have the site set up in IIS to do windows authentication so we can get the username of the currently logged in user accessing the intranet site.
Most of the site is accessible to all staff. Parts of it, however, are only accessible to certain members. We've set up those parts to use member group restrictions.
When a user access any page of the site, we get their ActiveDirectory name and email address and add them to the Umbraco members (with a temporary password), if they aren't already an Umbraco member - using Members.RegisterMember().
Then, whether they were just added or not, we auto-log them in using the Members.Login() method.
All of this is done in a custom RenderMvcController that has been set as the default using a composer implementing IUserComposer.
Unfortunately, on the very first visit to the site, the page the member loads does not recognize them as logged in. The member is created if needed and has been logged in, but the page doesn't recognize that. If they reload the page or navigate to another page, they are recognized as logged in. I'm guessing that the MembershipHelper has cached their status already and the Members.Login() method doesn't change that.
So what do I need to do to a) get the cache reset? b) force the page to reload? c) a better way of auto-logging in a member? d) other?
After some digging, I found that the root of the problem isn't Umbraco as much as it is FormsAuthentication. Although both Umbraco and FormsAuthentication have ways of fixing this that they should probably use.
When calling the MembershipHelper.Login method, Umbraco calls FormsAuthentication.SetAuthCookie. Unfortunately, everywhere else in Umbraco that verifies if a member is logged in checks the HttpContext.User object which isn't set by the SetAuthCookie method. The cookie itself is used to set the HttpContext.User when the HttpContext is first created - which is why the user shows up on any page load/reload after the first one.
gave me what I needed to manually set the HttpContext.User and ensure it shows as IsAuthenticated so that the future calls by Umbraco (within the same page load context) see the logged in user, allowing that user to be detected on the first page load.
Ideally, the Umbraco MembershipHelper.Login method would do this for you.
Umbraco Membership Auto-Login Problem on First Page Load
My question is: how can I get Umbraco to immediately recognize that the member is logged in when I call the Members.Login() method in a custom RenderMvcController?
Here's the background:
I have an Umbraco 8 stand-alone install (not cloud), running an intranet site. We have the site set up in IIS to do windows authentication so we can get the username of the currently logged in user accessing the intranet site.
Most of the site is accessible to all staff. Parts of it, however, are only accessible to certain members. We've set up those parts to use member group restrictions.
When a user access any page of the site, we get their ActiveDirectory name and email address and add them to the Umbraco members (with a temporary password), if they aren't already an Umbraco member - using Members.RegisterMember().
Then, whether they were just added or not, we auto-log them in using the Members.Login() method.
All of this is done in a custom RenderMvcController that has been set as the default using a composer implementing IUserComposer.
Unfortunately, on the very first visit to the site, the page the member loads does not recognize them as logged in. The member is created if needed and has been logged in, but the page doesn't recognize that. If they reload the page or navigate to another page, they are recognized as logged in. I'm guessing that the MembershipHelper has cached their status already and the Members.Login() method doesn't change that.
So what do I need to do to a) get the cache reset? b) force the page to reload? c) a better way of auto-logging in a member? d) other?
After some digging, I found that the root of the problem isn't Umbraco as much as it is FormsAuthentication. Although both Umbraco and FormsAuthentication have ways of fixing this that they should probably use.
When calling the MembershipHelper.Login method, Umbraco calls FormsAuthentication.SetAuthCookie. Unfortunately, everywhere else in Umbraco that verifies if a member is logged in checks the HttpContext.User object which isn't set by the SetAuthCookie method. The cookie itself is used to set the HttpContext.User when the HttpContext is first created - which is why the user shows up on any page load/reload after the first one.
The information I gathered from these sources
gave me what I needed to manually set the HttpContext.User and ensure it shows as IsAuthenticated so that the future calls by Umbraco (within the same page load context) see the logged in user, allowing that user to be detected on the first page load.
Ideally, the Umbraco MembershipHelper.Login method would do this for you.
is working on a reply...