Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Bart De Wachter 6 posts 27 karma points
    Mar 15, 2012 @ 16:00
    Bart De Wachter
    0

    Problem setting Public Access / Checking roles

    Hi Kevin, 

    I've tried implementing your ADRoleProvider and I seem to be stuck at the very last part.
    What I've done up till now: added login page with the autologin usercontrol, set integrated security on IIS, added ADRoleProvider.

    So to test, I created a new page and tried setting the Public Access restricted by role.
    The allowed role shows up fine and I'm able to set up the Public Access.
    When I now try browsing to the secured page, umbraco sends me to the login page.
    The AutoLogin usercontrol does its work, a new member is created when needed, forms authentication is set and redirect is called.

    This is where it gets funky, the page keeps redirecting to itself and umbraco keeps forwarding the request to the login-page. So I get caught up in an endless loop...

    I've tried debugging the ADRoleProvider and from what I'm seeing only the Initialize method is getting hit, the methods used for checking Role membership are not.

    Anyone have any idea what I'm missing/doing wrong?

     

  • MrBAMF 1 post 21 karma points
    Mar 16, 2012 @ 17:16
    MrBAMF
    0

    I have the same issue as you.

    FF reports "The page isn't redirecting properly"

  • Bart De Wachter 6 posts 27 karma points
    Mar 21, 2012 @ 15:21
    Bart De Wachter
    1

    Hey MrBAMF, I solved my problem and I'm guessing it will solve yours too:


    When a page gets loaded by umbraco, it checks the user's access to the page and logged-in status.
    To verify that status and redirect if the user is not logged in: there is this if-statement in the umbraco.requestHandler code: 

     if (System.Web.Security.Membership.GetUser() == null || !library.IsLoggedOn()) {
                            HttpContext.Current.Trace.Write("umbracoRequestHandler""Not logged in - redirecting to login page...");
                            currentPage = umbracoContent.GetElementById(Access.GetLoginPage(currentPage.Attributes.GetNamedItem("path").Value).ToString());
                        }

     
    library.IsLoggedOn() returns true, no problem there. Membership.GetUser() however keeps returning null and so each time we get redirected to the login-page.

    The reason for this is the fact that the GetUser() method tries to look up a user from your membership datastore using the current HttpContext Identity username.
    Now if you are using windows authentication and are using a domain, this username will look like this: domain\\username 

    The problem is, in the autologon usercontrol, we are stripping the domain and slashes from the username and using that to create our new membership user.
    That's why Membership will not find a user and hence return null.

    In order to fix this, I commented out the following piece of code inside the autologon usercontrol:

                // stip the \ from the username if present
                if (username.IndexOf('\\'> 0)
                {
                    username = username.Substring(username.IndexOf('\\'+ 1);

    From then on, the member gets created using the full windows username (domain\\username) and the Membership.GetUser() method will return the
    correct user. 

    Hope this was clear enough for you, let me know if you have any other questions!

     

  • godwin 6 posts 50 karma points
    Jun 26, 2012 @ 07:59
    godwin
    0

    WEN I TYPE MY URL IN BROWSER INSTEAD OF HOME PAGE A WINDOW SAYING AUNTHENTICATION REQUIRED IS LOADING. ANY ONE PLS HELP

  • Phil Dye 149 posts 325 karma points
    Aug 23, 2012 @ 15:36
    Phil Dye
    0

    Thanks Bart, just had the exact same problem

    phil

  • bob baty-barr 1180 posts 1294 karma points MVP
    Sep 11, 2012 @ 23:14
    bob baty-barr
    0

    i see what this fix is doing... but my autologin is still not working... what could i be missing?

    my umbraco member gets created... but i cannot successfully view my protected page?

    plus it would be great not to have all my members in one folder, but i guess they will never really be viewed ;)

  • Phil Dye 149 posts 325 karma points
    Jan 15, 2013 @ 19:32
    Phil Dye
    0

    Bob, if you can run this locally, within the domain you're using, try attaching the VS debugger...

    I'd first breakpoint in the WindowsLogin control; if you're being thrown back to the login/error page, that control is failing to create the Umbraco member. It sounds like that's happening OK if you're getting members being created.

    So, the request is getting authenticated OK, then it's back to ADRoleProvider.GetRolesForUser(username) to get the groups from AD and return them to Umbraco to check with the allowed groups. I'd suspect an LDAP permissions failure in UserPrincipal.FindByIdentity() - it's in a try/catch block that ignores any error, so you'll never see it...

    Phil

     

  • bob baty-barr 1180 posts 1294 karma points MVP
    Jan 15, 2013 @ 19:39
    bob baty-barr
    0

    Phil, i have it all working... well, sort of... the only thing that is not working is that if i protect a node and grant access for a group other than the main group that is working it fails, even though i know i am a member of that group. does that make sense?

  • Phil Dye 149 posts 325 karma points
    Jan 16, 2013 @ 09:51
    Phil Dye
    0

    Hmm, weird... I'd still be tempted to try debugging GetRolesForUser, and check the actual groupnames that you're getting back from LDAP.  Umbraco will show the configured group names (as roles) regardless of whether those groups actually exist, so it's possible there's a mismatch between the group names you're expecting and the ones you're actually getting.

    Phil


  • Simon 692 posts 1068 karma points
    Sep 30, 2015 @ 14:37
    Simon
    0

    Hi Guys,

    I am using the FormsAuthentication in order to Login users and I am setting the member ID in the cookie, as follows:

    FormsAuthentication.SetAuthCookie(member.Id.ToString(), rememberMe);
    

    The reason that I am not storing the email since user can change the email address.

    Now When I tried the Umbraco Public Access Restriction, by roles, it is always redirect me to the login page.

    Does anyone has an idea how can I override this since Umbraco is trying to get the User by Membership I think and it is return null.

    Thank you for your help.

    Kind Regards.

  • Simon 692 posts 1068 karma points
    Sep 30, 2015 @ 15:39
    Simon
    0

    I cannot find this code in umbraco source code:

     if (System.Web.Security.Membership.GetUser() == null || !library.IsLoggedOn()) {
                            HttpContext.Current.Trace.Write("umbracoRequestHandler", "Not logged in - redirecting to login page...");
                            currentPage = umbracoContent.GetElementById(Access.GetLoginPage(currentPage.Attributes.GetNamedItem("path").Value).ToString());
                        }
    

    I am using 7.2.6

    How can I override this check because Membership.GetUser() I do not want to get the value from the current username stored in cookie since I will have the ID number of the user.

    Thank you.

  • Nik 1612 posts 7258 karma points MVP 7x c-trib
    Sep 30, 2015 @ 17:04
    Nik
    0

    Hi Simon,

    I would suggest you start a new thread regarding this, the reason being the age of this one. There have been quite big version jumps in Umbraco with masses of the code basis changing with each release.

    This might be the reason you cannot find that code in your source, because it is no longer there.

Please Sign in or register to post replies

Write your reply to:

Draft