Forums (Obsolete)

Old Forums

Installation and deployment Questions on installation, system configuration and deployment to the live server.

Version 6.x > Installation and deployment > Forms authentication in existing MVC3 app broken

View modes:

Member

christer.anttila-ergoconsulting.com - 9/10/2012 10:40:55 PM

Forms authentication in existing MVC3 app broken

I have tried to integrate Kentico CMS 6 with an existing MVC3 site so that I can use a combination of Kentico pages and the views from the existing MVC3 site.

It all works to move between Kentico pages and MVC views but the forms authentication on the existing MVC3 site is broken.

My authentication code in the existing MVC3 site looks like this:

private ActionResult DoLogin(string emailAddress, string password)
{
User existingUser = db.Users.Where(x => x.EmailAddress == emailAddress && x.Password == password).FirstOrDefault();

if (existingUser == null)
{
RegisterPasswordFailure(emailAddress);
throw new Exception("Username or password is incorrect.");
}
else if (existingUser.UserLocked)
{
NotifyUserLocked();
}

return DoLogin(existingUser);
}

private ActionResult DoLogin(Models.User user)
{
FormsAuthentication.SetAuthCookie(user.EmailAddress, false);

Session["UserID"] = user.ID;

user.LastLoginDate = DateTime.Now;
db.SaveChanges();

return RedirectToAction("Details");

}

When I log in via the existing MVC3 sites login form IsAuthenticated is not set to True after the SetAuthCookie call, it stays as False even after the redirect to the Details action.

If I run the existing MVC3 site stand alone the forms authentication works but when it is run as part of Kentico it fails.

If I step through the code above I can see that the login and password is correct and that the salted password is the same as it is in the users table in the database but still the IsAuthenticated is left as False.

I have tried commenting out the <authorization> <deny users="?"/> </authorization> and <authentication mode="Forms">
<forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true"/>
</authentication> sections in the web.config file and replaced them with the same sections from my existing MVC3 apps web.config without success.

Authentication section from existing MVC3 site
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

I have also used firebug and IE to check that a cookie is written when SetAuthCookie is executed and there are 3 cookies written to the browser (CMSPreferredCulture, CurrentTheme, and Asp.Net_SesionId)

Any ideas as to why the forms authentication is broken in the existing MVC3 site?

Kentico Developer

kentico_helenag - 9/12/2012 4:03:10 AM

RE:Forms authentication in existing MVC3 app broken

Hello,

Do the users exist in the Kentico database? If so, please authenticate them using:

UserInfoProvider.AuthenticateUser("MyNewUser", "", CMSContext.CurrentSiteName)

See the sample code. Please do not set the authentication cookie directly.

If you want to authenticate users against an external database, please follow: Custom security handler.

Otherwise, it would be needful to exclude the MVC pages from Kentico processing (Site manager -> Settings -> URLs and SEO -> Excluded URLs).

Best regards,
Helena Grulichova

Top