I've built a new sharepoint site page using the example I found here:
Link
The purpose of the page is to add a new user to the aspnet membership database that serves as the authentication provider for my sharepoint site, which uses forms based authentication.
I've slightly customized the asp createuser control.
The sharepoint site is forms based but the top level site is accessible anonymously, and I've created a subsite for members (hence the user registration page). The site page is in the top level site so that people can register.
If I'm already logged in and fill out the form, the user is successfully added to the membership store, however if I access the page anonymously and fill out the form, the user is successfully added to the membership database, but I can no longer navigate the website, I keep getting http 500 page cannot be displayed errors until I clear the browser cache and cookies.
I don't think it's a programming error but more likely something to do with site security and authentication
Once the user is created successfully and page is redirected to the one you provided in ContinueDestinationPageUrl property, the page is being loaded with the recently created user’s credentials. Since you haven’t added this new user to your MOSS site, you’ll get Access Denied error. So, in order to resolve this issue, you need to set LoginCreatedUser property of the control to false, so that page is loaded with the original user’s credentials, not with the one’s recently created.
Related
I want to sign in to a SharePoint portal through calling a web page. Forms based authentication is enabled on SharePoint.
The scenario is as follows:
Calling /_forms/default.aspx?username=userX. which is the default page for forms authentication in sharepoint.
The page create and set authentication ticket for userX without asking his password.
The page redirected to some default page.
I have tried to manipulated /_forms/default.aspx to create ticket using FederatedAuthentication.SessionAuthenticationModule.AuthenticateSessionSecurityToken,
but no result.
I'd greatly appreciated if some one helps me.
I have a site that I'm trying to migrate into my Sitecore instance. The Sitecore instance has multiple sites. For the one site I'm trying to migrate over, there is a login page for external users to login. I'm validating this against an external database. This all works so far. My issue is that I need to prevent the external users from accessing certain pages without logging in(they should be redirected to the login page). The way that this was working when the site was outside of Sitecore was that there was forms authentication being done and when a page was trying to be accessed without the user being logged in the ReturnURL would be used to return the user to the proper page after login.
I'm not sure how to do this now that I have multiple sites inside of my sitecore instance.
Any suggestion?
This is not very different in Sitecore to how it was done before, except now you can control the security of which pages should be accessible by logged in users with the Sitecore Security Editor. There are a few pieces which you need to hook up in order to get this work properly though.
Have a read through these articles, they should provide everything you need to get this to work:
Implementing Sitecore Extranet login on a website
Setting Up a Sitecore Extranet (site seems to be down, view cached copy)
Set the value of <setting name="NoAccessUrl" value="/sitecore/service/noaccess.aspx" /> in web.config to your Login page (this can be an item in Sitecore) using a patch config and if a user tries to access a restricted page they will be redirected to this page, which will also include the return url parameter.
If you are using an external database to authenticate users then you will also need implement your own membership provider:
Sitecore authenticate users against external membership database
Sitecore Membership Providers
Be sure to correctly set the domain attribute of your <site> definition to whatever you set in domains.config and set as the providerName of your <provider> definition.
hi i would like to know how would you lougout an user if he modifies the url or refreshes the web pages like in bank web sites
in asp .net.
Thanks for your answers
I have implemented a solution similar to Vignesh Kumar's answer by using roles and restricting access to pages based on the roles a user has. When a user logs in I check which pages they can access based on their assigned roles and build the navigation menu accordingly so that they're not able to navigate to restricted pages.
In my master page's Page_Load method I check whether a user has access to the page they're trying to access and if not I log them out and redirect them to the login screen.
I have an ASP.net website which is set to operate on Windows Authentication. It runs on IIS7 with windows authentication on. Every user who isn't from administrator group, Internet Explorer keep prompting for user credenials. Though when user clicks on cancel, the web site runs ok as long as user does not click on any page control.
I have a master page with telerik controls on it. This page contains AJAX Manager and ScriptManager. If user call an aspx page without master page, the credential windows doesnt appear.
Telerik resources are registered in web.config..and as I said the website works without problem for admin group. Normal users are also from the same domain..but for them login windows keep coming...
any idea?
The website is not registerd under trusted intranet sites..but this shouldnt be a problem as otherwise admin should also get error message.
Regards
I am answering my own question as it might be helpful for others too.
I was finaly abled to track down the issue with the help of Process Monitor. http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
It turned out that one of the CSS file didn't have enough permissions for normal users.
Hallo,
i have created a web site with Asp.Net by using Sql Membership Provider, sitemap and security trimming enabled.
Based on these i have set web.config files into directories for allowing or not the users access according to their roles.
After some time i removed the MembershipProvider and i creted by hand the "standard" login procedure which cretaed a ticket and a authentication cookie and sets the GenericPrincipal into the Application_AuthenticateRequest.
The problem after these changes is that althought the sitemap displays the right pages for each different user according to his roles, when i click on this page the system redirects me to the "default.aspx" page such as the user is not allowed to enter that page!
It is strange that the sitemap and security trimming is working BUT actually i cannot enter the pages!!!!!
You can add users and roles with IIS management tool. This way you can avoid any typing error.