Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Custom authentication problem - UnifiedPrincipal identity goes missing

For a project we're working on we've written a fairly basic custom authentication provider - the basic principal of the code is shown below. The Application_Start in Global.asax has been modified to add this provider to the authentication chain. Using this, a user can successfully log in (we're using EPiServer.Util.LoginBase.HandleFormsLogin(emailAddress, textBoxPassword.Text, false) for the log in code) and view protected content in the site. When logged in the UnifiedPrincipal.Current.Identity.Name value is as you'd expect. However, after approximately 1 to 2 minutes the UnifiedPrincipal object reverts back to the anonymous user and the user is required to log in again. I can't work out if I've missed something simple or if there's an EPiServer problem. It's almost as if the log in times out after a short period of time. I've checked the standard Session object and this is still valid even after the UnifiedPrincipal object has reverted back to the anonymous user. Has anyone come across this before or can anyone shed any light on this - I'm at a loss to explain the behaviour. Thanks in advance. Justin public static void CustomAuthenticate(object sender, AuthenticationEventArgs e) { string connectionString = ...................; if (e.IsHandled) { return; } if (LoginStatus.Success == XXXXXX.ValidateLogin(connectionString, e.Username, e.Password)) { ........ UnifiedPrincipal up = new UnifiedPrincipal( new GenericPrincipal( new GenericIdentity(e.Username, "CustomType"), new string[] { "GroupName....." } ) ); up.Password = e.Password; up.UserData.Email = e.Username; up.AddToCache(); e.Principal = up; } else { e.IsDenied = true; return; } }
Sep 22, 2006 0:32
Is your website hosted on load balanced servers? We had a similar problem to this, but it was only from certain ISP's (AOL !!!) To fix it we had to add a line to the web.config file like this: Regards, Steve.
Sep 29, 2006 13:31
Hi Steve Ludlow I was wondering if you could give a more detailed explanation of your solution, im not so familiar with validationKey for web.config files. thx
May 04, 2007 9:57
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.