Old Forums
Search:
Bug reports Found a bug? Post it here please.
Version 7.x > Bug reports > Redirect to Native Kentico Login Page View modes: 
User avatar
Member
Member
anna.goldberg-jonassoftware - 3/26/2013 10:02:09 AM
   
Redirect to Native Kentico Login Page
Hello,

We have our custom Login page. We have it set in Settings -> Membership CMSSecuredAreasLogonPage to point to our custom value.

However, whenever the screen lock pops up, refresh action loads native kentico login page.

I've noticed that Kentico has hard-coded values for login redirect in several places in the code, such as ScreenLockDialog.ascx, AccessDenied and ResetPassword. In those files the value is fixed and set to "cmspages/logon.aspx". I fixed it in our code, but wanted to let you know that it is there and it might be a problem for those using custom login pages set in Administration-> Membership and Security.

User avatar
Kentico Support
Kentico Support
kentico_filipl - 3/27/2013 7:45:51 AM
   
RE:Redirect to Native Kentico Login Page
Hello,

Thank you for letting us know about a potential bug.

Which hotfix version are you using? I looked at the files you mentioned with the latest hotfix 7.0.27 and did not find any hard-coded values for the logon page. Accessing logon page is achieved using Settings KeyProvider and calling CMSContext methods like this: 
SettingsKeyProvider.GetStringValue(CMSContext.CurrentSiteName + ".CMSSecuredAreasLogonPage");

Can you point to the exact line where you have seen it? Thanks in advance.

Best regards,
Filip Ligac

User avatar
Member
Member
anna.goldberg-jonassoftware - 4/3/2013 9:34:49 AM
   
RE:Redirect to Native Kentico Login Page
We are using Kentico 7.0 version.

We inherit from CMSPage.cs class where there is hard-coded login value in HandleScreenLock() function:
                // ScreenLock - redirect to logon page if screen is locked
                if (!isScreenLockCallback && IsScreenLocked)
                {
                    // Sign out current user
                    FormsAuthentication.SignOut();
                    IsScreenLocked = false;

                    // Get the logon page URL
                    const string logonPage = "~/cmspages/logon.aspx";

                    if (!Request.AppRelativeCurrentExecutionFilePath.ToLowerCSafe().Contains(logonPage))
                    {
                        // Redirect to logon page
                        URLHelper.Redirect(logonPage + "?ReturnUrl=" + Request.Path);
                    }
                }

Since we are using your compiled version of the file, we would like to have a fix for this bug.
I tried to response redirect from your logon page to ours, but you're using events handling and it's not working either. Please help!

Thank you!

User avatar
Kentico Support
Kentico Support
kentico_filipl - 4/4/2013 4:57:35 AM
   
RE:Redirect to Native Kentico Login Page
Hello,

If you are using clean install of Kentico CMS, it is possible that such hard-coded strings could be there. However, I was not able to find anything like you have posted in the latest hotfix 7.0.28. If you are looking for a fix, you could try to update to this latest hotfix. It should solve your problem.

Best regards,
Filip Ligac
User avatar
Member
Member
anna.goldberg-jonassoftware - 4/16/2013 12:21:24 PM
   
RE:Redirect to Native Kentico Login Page
Hello,
Downloaded your lateste fix 7.30
I am looking at CMS.UIControls HandleScreenLock() method.
It's still has hard-coded value for redirect (see method attached).
As far as I can see, this issue still persist.
You can easily reproduce it by enabling screen lock in Site Manager and setting lock interval to 1min. Also we have custom value for Login page set in Settings -> Membership CMSSecuredAreasLogonPage. After elapsed time, the page gets redirected to you cmspages/logon.aspx. Please, confirm. Thank you!

private void HandleScreenLock()
{
if (SqlHelper.IsDatabaseAvailable && CMSContext.IsCorrectDatabaseVersion)
{
string[] values = base.Request.Params.GetValues("__CALLBACKID");
bool flag = (values != null) && values[0].Contains("screenLock");
if (!flag && IsScreenLocked)
{
FormsAuthentication.SignOut();
IsScreenLocked = false;
if (!base.Request.AppRelativeCurrentExecutionFilePath.ToLowerCSafe().Contains("~/cmspages/logon.aspx"))
{
URLHelper.Redirect("~/cmspages/logon.aspx?ReturnUrl=" + base.Request.Path);
}
}
if (!flag)
{
SecurityHelper.LogScreenLockAction();
if (SecurityHelper.IsScreenLockEnabled(CMSContext.CurrentSiteName))
{
string script = "\r\n try\r\n {\r\n if(window.top && window.top.HideScreenLockWarningAndSync && (typeof window.top.HideScreenLockWarningAndSync === 'function')){\r\n window.top.HideScreenLockWarningAndSync(" + SecurityHelper.GetSecondsToShowScreenLockAction(CMSContext.CurrentSiteName) + ");\r\n }\r\n }\r\n catch(error)\r\n {\r\n // Do nothing - this error is probably caused by cross-domain access\r\n }";
ScriptHelper.RegisterClientScriptBlock((Page) this, typeof(string), "ScreenLock_Hide", ScriptHelper.GetScript(script));
}
}
}
}
User avatar
Kentico Support
Kentico Support
kentico_filipl - 4/17/2013 3:54:00 AM
   
RE:Redirect to Native Kentico Login Page
Hello,

We have finally been able to reproduce the issue and developers confirmed it as a bug. Thank you for your patience during investigating this problem.

It probably would not be fixed in the next hotfix (7.0.31) but it should definitely happen in the release after that (7.0.32).

Best regards,
Filip Ligac

Top