November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

Custom membership provider invalid user

Chris Hopkins
Chris Hopkins
Vote:
  
I'm trying to implement a custom Membership and Role provider to authenticate over WCF. I've got a breakpoint on my ValidateUser() Method in my custom MembershipProvider and as a test I'm always returning true. 
I'm using the Multiplex authentication as I have some site admins setup in the EPiServer DB and if I try to login using one of these site admins everything works fine. If however I try to login using a WCF based user I stay on the EPiServer Login Page, I don't receive any exceptions or a password invalid message.
Has anyone got any ideas of where I'm going wrong here?
 web.config
<roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="MultiplexingRoleProvider">
			<providers>
				<clear/>
<add name="MultiplexingRoleProvider" provider1="SqlServerRoleProvider" provider2="WCFRoleProvider" providerMap1="SqlServerMembershipProvider" providerMap2="WCFMembershipProvider"  type="EPiServer.Security.MultiplexingRoleProvider, EPiServer"/>
				<add applicationName="MyApp" name="WCFRoleProvider" type="MyApp.Classes.WCFRoleProvider, MyApp"/>
			</providers>
		</roleManager>
<membership defaultProvider="MultiplexingMembershipProvider" userIsOnlineTimeWindow="10">
			<providers>
				<clear/>
 <add provider1="SqlServerMembershipProvider" provider2="WCFMembershipProvider" name="MultiplexingMembershipProvider" type="EPiServer.Security.MultiplexingMembershipProvider, EPiServer"/>
				<add name="WCFMembershipProvider" type="MyApp.Classes.WCFMembershipProvider, MyApp" />
			</providers>
		</membership>
 
WCFMembershipProvider.cs
public override bool ValidateUser(string username, string password)
        {
            bool isValid = true;
           
            return isValid;
        }
WCFRoleProvider.cs
public override string[] GetAllRoles()
        {
            return new string[2]{"WCFCustomer", "WCFBilling"};
        }

        public override string[] GetRolesForUser(string username)
        {
            if (username == "testWCFLogin")
            {

                return new string[1] { "WCFCustomer" };
            }
            else
            {
                return new string[0];
            }
        }

 
#56342
Jan 18, 2012 15:30
Tobias Nilsson
Tobias Nilsson
Vote:
 

Hi Chris,

If you indeed do not move from the login page (I'm assuming the /util/login.aspx page) then it means that the login was successful, but you do not have authorization to that page. I'm guessing it's because you are trying to access edit mode and only certain roles are allowed into edit mode (see edit mode's location in web.config) which you are not part of.

Hope that helps :) 

#56345
Jan 18, 2012 15:52
Chris Hopkins
Chris Hopkins
Vote:
 

Hi Toni,

 

That makes sense, I put that into the edit section and it's logged me in! So obvious but would have spent hours on it until I worked it out

 

Thanks very much

#56347
Jan 18, 2012 16:43
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.