Relative path for Forms Authentication cookie - cookies

<authentication mode="Forms">
<forms name="ASPAuth"
path="/Admin"
timeout="20"
requireSSL="false"
slidingExpiration="true" />
</authentication>
On my dev system I have the above in my web.config. This works fine if I am using VS web server. But when I host the same website on my IIS7 using a virtual directory it doesn't.
VS Url looks like: http://localhost:xxxx/
IIS URL looks like: http://MachineName/MyApp/.
When accessing the website through IIS the IsAuthenticated is always false. I figured out that it's because the cookie is being assigned to http://MachineName/Admin/ not http://MachineName/MyApp/Admin.
How I make it so that "Admin" is a relative path? I tried path="~/Admin" but that doesn't work.
Thanks!

Try putting a transformation into your Web.Release.Config:
<authentication mode="Forms">
<forms name="ASPAuth"
path="/MyApp/Admin"
timeout="20"
requireSSL="false"
slidingExpiration="true"
xdt:Transform="Replace"
xdt:Locator="Match(key)"/>
</authentication>

Answer:
It's simply not possible to do it at this stage. You cannot have a relative path with a tilda (~) in your web.config for forms authentication path unless you're willing to write your own HttpModule.
See this post (and the comments):
http://www.west-wind.com/weblog/posts/2008/Jan/20/Forms-Authentication-and-path-in-the-forms-Tag

Related

Sitecore 8.1 Upgrade Media section broken

I upgraded sitecore from 7.0 to 8.1. The only real problem I have ran into is the media section is broken and the images appear broken on the site itself.
The weird part and I can upload and download the media items. It is broken in both chrome and firefox.
Thanks]1
Update
<encodeNameReplacements>
<replace mode="on" find="&" replaceWith=",-a-," />
<replace mode="on" find="?" replaceWith=",-q-," />
<replace mode="on" find="/" replaceWith=",-s-," />
<replace mode="on" find="*" replaceWith=",-w-," />
<replace mode="on" find="." replaceWith=",-d-," />
<replace mode="on" find=":" replaceWith=",-c-," />
</encodeNameReplacements>
It looks like a problem with Sitecore Media Protection (included first time in Sitecore 7.5).
You can read more about it in Adam blog post "Do not turn Sitecore Media Request protection off and protect older Sitecore versions with ImageGuard".
But I don't know why hashes are not added to the links in Sitecore. It should be disabled for the Sitecore internal sites (e.g. shell, login, etc).
Try to disable media protection by changing the config in /App_config/Include/Sitecore.Media.RequestProtection.config file and see if this is the reason of your problems.
Fixed it. It turns out the way sitecore is configured has changed a lot between 7-8.1. By adding
<sitecore configSource="App_Config\Sitecore.config" />
and removing the old section fixed the problem.
You are missing a replacement:
<replace mode="on" find=" " replaceWith="-" />
It can cause problems in images request, if you are using spaces in media item names.
Add it to your section
Another thing to see is if your CustomHandler section is like this:
<customHandlers>
<handler trigger="-/media/" handler="sitecore_media.ashx" />
<handler trigger="~/media/" handler="sitecore_media.ashx" />
<handler trigger="~/api/" handler="sitecore_api.ashx" />
<handler trigger="~/xaml/" handler="sitecore_xaml.ashx" />
<handler trigger="~/icon/" handler="sitecore_icon.ashx" />
<handler trigger="~/feed/" handler="sitecore_feed.ashx" />
</customHandlers>
This is the same of "Configuration Files Changes" especified by Sitecore Upgrade 8.1 IR
One of the new changes in 8.1 is the change of the default prefix from "~" to "-". It could be related to this prefix change. If you take the URLs that are getting a 404 and replace the ~ with a -, do the URLs to media work?

Sitecore.Context.User.IsAuthenticated returns true for extranet\Anonymous user

I have Sitecore 6.6 installed. I wanted to add a new domain to Sitecore; Since my Sitecore instance is deployed in two servers with two Sitecore sites in each pointing to different web databases but same core, master and analytics databases, I couldn't do it using Sitecore Domain manager.So I thought of doing it manually by editting the App_Config\Security\domains.config in the server. The following was the domains.config that I had.
<?xml version="1.0" encoding="utf-8"?>
<domains xmlns:sc="Sitecore">
<domain name="sitecore" ensureAnonymousUser="false" />
<domain name="extranet" defaultProfileItemId="{AE4C4969-5B7E-4B4E-9042-B2D8701CE214}" />
<domain name="default" isDefault="true" />
<sc:templates>
<domain type="Sitecore.Security.Domains.Domain, Sitecore.Kernel">
<ensureAnonymousUser>true</ensureAnonymousUser>
<locallyManaged>false</locallyManaged>
</domain>
</sc:templates>
<domain name="Station" defaultProfileItemId="{F181ED3D-F342-46E6-B6F6-2A6A6173B513}" />
<domain name="Emailcampaign" />
</domains>
I added one more domain(MyDomain) at the end like below.
<?xml version="1.0" encoding="utf-8"?>
<domains xmlns:sc="Sitecore">
<domain name="sitecore" ensureAnonymousUser="false" />
<domain name="extranet" defaultProfileItemId="{AE4C4969-5B7E-4B4E-9042-B2D8701CE214}" />
<domain name="default" isDefault="true" />
<sc:templates>
<domain type="Sitecore.Security.Domains.Domain, Sitecore.Kernel">
<ensureAnonymousUser>true</ensureAnonymousUser>
<locallyManaged>false</locallyManaged>
</domain>
</sc:templates>
<domain name="Station" defaultProfileItemId="{F181ED3D-F342-46E6-B6F6-2A6A6173B513}" />
<domain name="Emailcampaign" />
<domain name="MyDomain" />
</domains>
As soon as I did that, Sitecore.Context.User.IsAuthenticated started returning true for extranet\Anonymous user(Non-logged in user) in the code.
Has anyone faced this issue before?
Please let me know where am I going wrong.
I also encounted this issue back when I was working with Sitecore 6.6, I'm not certain if its an issue in later versions. Essentially when you modified your domains.config with the param ensureAnonymousUser set to true the Anonymous User for that domain, in this case Extranet, was created in the database - it may not have been until you changed that setting.
In Sitecore all non-logged in users view the site as the user *domain*/anonymous. As Sitecore's membership is based on .NET Membership it determines that the User is logged in as its using that account.
Therefore I recommend completing an additional check with your Sitecore.Context.User.IsAuthenticated to check if the username of User's account is *domain of site*/anonymous, Sitecore.Context.User.Name, if it is return false.
EDIT
I have confirmed Sitecore.Context.User.IsAuthenticated returning true for *domain*\Anonymous user has been fixed in Sitecore 8. Therefore you can use it to determine if the User is logged in and not using the *domain*\anonymous account.
We finally resolved this issue! This was caused by a fix we added to solve an issue we had with Sitecore ECM. The issue was that Sitecore used to log out as soon as we clicked on the message preview. So we followed the steps given in the below thread to fix the issue.
https://stackoverflow.com/a/30836600/4165670
But we were not testing for Anonymous user like it is done in the thread. We never pushed this code into Content Delivery site and when
we created the new domain, This code got pushed into the Content Delivery site with some other code.
Since we are setting the current user as the Active user in the code, it started showing that extranet\Anonymous user as the current user.

IIS 7 URL Rewrite - ignore language from url

I'm trying to setup a 301 redirect for some pages on my site so I setup some rewrite mappings as:
<rewriteMap name="v2 structure">
<add key="/what-we-do/why-us" value="/who-we-are/knowledge/why-us" />
<add key="/what-we-do/why-us/sourcing-models" value="/who-we-are/knowledge/why-us/sourcing-models" />
</rewriteMap>
The site is multi language so the url will include the language:
www.domain.com/en/what-we-do/why-us should redirect to www.domain.com/en/who-we-are/knowledge/why-us
www.domain.com/es/what-we-do/why-us should redirect to www.domain.com/es/who-we-are/knowledge/why-us
The mapping that I have doesn't trigger because of the language on the url. I can make it work by adding the language to the key and value on the mapping but i would had to repeat the mapping for each different language that the site has.
Is there a way to match trigger the rules mapped ignoring the language on the url?
Thank you,
Joao

ASP.Net login control will not work with Intelligencia.UrlRewriter

I hope someone can help me shed some light on this nightmare I'm having...!
I have just complete an ASP.Net e-commerce website with the help of an Apress book; The BalloonShop project, some of you might already know the one.
Everything is fine and dandy apart from one niggle that I cant seen to sort out!
I cannot logout from my site using the asp.net login control from any page that does not have the .aspx extension in the Url. This is namely; Departments, Category and Products as these are using the Intelligencia.UrlRewriter to provide browser friendly url's.
My url's are rewritten perfectly, but when I try to logout from a page that is using the url rewriter it does not work, and I receive the following message in my error log email:
Exception generated on 22 February 2013, at 22:23
Page location: /Triple-x/Dynamo-p4/?
<div id=":143">ProductId=4
Message: The HTTP verb POST used to access path '/Triple-x/Dynamo-p4/' is not allowed.
Source: System.Web
Method: System.IAsyncResult BeginProcessRequest(System.Web.HttpContext, System.AsyncCallback, System.Object)
Stack Trace:
at System.Web.DefaultHttpHandler.BeginProcessRequest(HttpContext context, AsyncCallback callback, Object state)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionSt ep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)</div>
In my web.config if have:
<configSections>
<section name="rewriter" requirePermission="false" type="Intelligencia.UrlRewriter.Configuration.RewriterConfigurationSectionHandler,Intelligencia.UrlRewriter" />
</configSections>
<rewriter>
<!-- Rewrite department pages -->
<rewrite url="^.*-d([0-9]+)/?$" to="~/Catalog.aspx?DepartmentID=$1" processing="stop" />
<rewrite url="^.*-d([0-9]+)/page-([0-9]+)/?$" to="~/Catalog.aspx?DepartmentID=$1&Page=$2" processing="stop" />
<!-- Rewrite category pages -->
<rewrite url="^.*-d([0-9]+)/.*-c([0-9]+)/?$" to="~/Catalog.aspx?DepartmentId=$1&CategoryId=$2" processing="stop" />
<rewrite url="^.*-d([0-9]+)/.*-c([0-9]+)/page-([0-9]+)/?$" to="~/Catalog.aspx?DepartmentId=$1&CategoryId=$2&Page=$3" processing="stop" />
<!-- Rewrite product details pages -->
<rewrite url="^.*-p([0-9]+)/?$" to="~/Product.aspx?ProductId=$1" processing="stop" />
</rewriter>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<add name="UrlRewriter" type="Intelligencia.UrlRewriter.RewriterHttpModule" />
<remove name="ScriptModule" />
<!--<add name="ScriptModule" preCondition="managedHandler" />-->
</modules>
</system.webServer>
I am also using IIS7 on my local machine, and have read that this can sometimes be the cause re: AppPool version. I have tried changing this to Classic ASP as suggested, but this did not work for me!
Does anyone know if this is a common problem when hosting on local machine and using Intelligencia.UrlRewriter? Would this possibly not be an issue if hosting on a shared web hosting server?
If I'm way off the mark then please forgive my naivety, as I am still quite new to this, especially projects of this size.
Thanks for you help!!
If you want to use url rooting you can use this codes. I use it also an e-commerce project:
in Global.asax file :
void Application_Start(object sender, EventArgs e)
{
if (RouteTable.Routes.Count <= 0)
{
RouteTable.Routes.Add("Urun", new Route("Urun/{category}/{name}/{prid}/{caid}", new PageRouteHandler("~/ProductDetail.aspx")));
RouteTable.Routes.Add("Kategori", new Route("Kategori/{upper}/{name}/{caid}", new PageRouteHandler("~/Categories.aspx")));
RouteTable.Routes.Add("Icerik", new Route("Icerik/{name}/{cpid}", new PageRouteHandler("~/ContentPage.aspx")));
}
}
And you can this codes wherever you want to give link:
var param = new RouteValueDictionary
{
{"category", "Oyuncak"},
{"prid", ((DiscountProductsResult) e.Item.DataItem).ProductId},
{"name", ((DiscountProductsResult) e.Item.DataItem).UrlView.Replace(" ", "-")},
{"caid", 0}
};
VirtualPathData path = RouteTable.Routes.GetVirtualPath(null, "Urun", param);
And you can get querystring values like this:
RouteData.Values["caid"]

FormsAuthentication.SetAuthCookie

hi we are using FormsAuthentication.SetAuthCookie(profile.Id, false);
Now the question is when does this cookie expires?
It of course expires once I close all the browsers but it doesn't I keep the browser open and I don't know the timelimit.
It will depend on the Timeout property in web.config.
In the system.web attribute of your web.config file, you must set the following:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
then your cookie will expire depending on the value you have set in the timeout attribute.