Setting UserInfo.UserIsDomain to true causes e.User to be null on Authenticate handler

Aaron VanMeter asked on October 20, 2017 23:55

The only thing the documentation says about UserIsDomain is that:

Is domain user : Indicates if the user was imported from Active Directory.

We have a custom security handler that we use to actually import corporate users from a couple of different AD domains (into the same site), and we were setting UserIsDomain to true to separate those users from users that are allowed to log in without AD authentication. We also want to check some other information before forcing the AD login process, and thought we could use e.User just like we do when a non-UserIsDomain user logs in. However, as soon as that flag is set, e.User is always NULL when the user logs in.

I threw together a little test handler function that does ensure that, yes, the user exists in the database and their password matches the password they logged in with -- in the code below, for user's that have UserIsDomain == true, password1 and password2 always match.

private void Test_Authenticate_Execute(object sender, AuthenticationEventArgs e)
    if (e.User == null)
        UserInfo userExists = UserInfoProvider.GetUserInfo(e.UserName);
        var password1 = userExists.GetValue("UserPassword").ToString();

        UserInfoProvider.SetPassword(e.UserName, e.Password);

        e.User = UserInfoProvider.GetUserInfo(e.UserName);
        var password2 = e.User.GetValue("UserPassword").ToString();

        if (password1 != password2)
            e.User = null;

If I go into the admin site and uncheck the user's "User is domain" box, and log back in with that user, then e.User in the code above is no longer null.

So, is this the desired functionality for the login process with user's marked "User is domain", or a bug? And if it is the desired functionality, you might want to add a note to that effect in the custom security handler section.

Recent Answers

Matt Nield answered on October 23, 2017 11:55 (last edited on October 23, 2017 12:48)

Hi Aaron, if you suspect this is a bug, it may be worth forwarding to the Kentico support team. I've always found them to be very helpful with questions like this.

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on October 23, 2017 15:39

According to source code, if the UserInfo.UserIsDomain is checked, the e.User object is set to null. So as Matt stated this could very well be a bug but could also be by design based on AD authentication AND the custom global event handler.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.