| |
|
|
|
|
|
|
|
|
|
 |  | |
| | |
| | |
| | |
 | | |
|
|
|
| Re: Help! Users "randomly" getting logged out |
|
|
| Can anyone from core comment on this potential fix? This is becoming a big problem. |
|
|
|
| |
|
|
| Re: Help! Users "randomly" getting logged out |
|
|
I've the same issue, DNN 4.0.2 installed using the source package, but only when I modify text/html modules. Hope someone come up with a solution soon.
Rgds |
|
|
|
| |
|
|
| Re: Help! Users "randomly" getting logged out |
|
|
Found this http://forums.asp.net/thread/1116225.aspx and will try the solution in development enviroment before to make changes on the server... hope it works!
Rgds |
|
|
|
| |
|
|
| Re: Help! Users "randomly" getting logged out |
|
|
| can you post the dll you create? I would love to test this out. Does anyone knwo if this change will affect anything? |
|
|
|
| |
|
|
| Re: Help! Users "randomly" getting logged out |
|
|
I don't know how to post a file here, but I'll tell you what I've changed in the code, so you can build the dll.
Remember, I'm using DNN 4.0.2, I've not checked if the dll is fixed on DNN 4.0.3, or earlier versions.
This is the code for DNNMembershipModule.vb
Imports System
Imports System.Security
Imports System.Security.Principal
Imports System.Web
Imports System.Web.Security
Imports System.IO
Imports AspNetSecurity = System.Web.Security
Imports DotNetNuke.Common
Imports DotNetNuke.Common.Utilities
Imports DotNetNuke.Entities.Portals
Imports DotNetNuke.Entities.Users
Imports DotNetNuke.Services.Personalization
Imports DotNetNuke.Security
Imports DotNetNuke.Security.Roles
Namespace DotNetNuke.HttpModules
Public Class DNNMembershipModule
Implements IHttpModule
Public ReadOnly Property ModuleName() As String
Get
Return "DNNMembershipModule"
End Get
End Property
Public Sub Init(ByVal application As HttpApplication) Implements IHttpModule.Init
AddHandler application.AuthenticateRequest, AddressOf Me.OnAuthenticateRequest
AddHandler application.EndRequest, AddressOf Me.OnEndRequest
End Sub
Public Sub OnAuthenticateRequest(ByVal s As Object, ByVal e As EventArgs)
Dim Context As HttpContext = CType(s, HttpApplication).Context
Dim Request As HttpRequest = Context.Request
Dim Response As HttpResponse = Context.Response
'First check if we are upgrading/installing
If Request.Url.LocalPath.EndsWith("Install.aspx") Then
Exit Sub
End If
' Obtain PortalSettings from Current Context
Dim _portalSettings As PortalSettings = PortalController.GetCurrentPortalSettings
Dim OriginalApplicationName As String = Globals.GetApplicationName
If Request.IsAuthenticated = True And Not _portalSettings Is Nothing Then
Dim objMembershipUser As AspNetSecurity.MembershipUser = AspNetSecurity.Membership.GetUser(True)
If objMembershipUser Is Nothing Then
'could be a SuperUser, try super user application name
Globals.SetApplicationName(Globals.glbSuperUserAppName)
objMembershipUser = AspNetSecurity.Membership.GetUser
'Reset the Application Name
Globals.SetApplicationName(OriginalApplicationName)
End If
If Not Request.Cookies("portalaliasid") Is Nothing Then
Dim PortalCookie As formsAuthenticationTicket = formsAuthentication.Decrypt(Context.Request.Cookies("portalaliasid").Value)
' check if user has switched portals
If _portalSettings.PortalAlias.PortalAliasID <> Int32.Parse(PortalCookie.UserData) Then
' expire cookies if portal has changed
Response.Cookies( "portalaliasid").Value = Nothing
Response.Cookies( "portalaliasid").Path = "/"
Response.Cookies( "portalaliasid").Expires = DateTime.Now.AddYears(-30)
Response.Cookies( "portalroles").Value = Nothing
Response.Cookies( "portalroles").Path = "/"
Response.Cookies( "portalroles").Expires = DateTime.Now.AddYears(-30)
' check if user is valid for new portal
Dim objUsers As New UserController
Dim objUser As UserInfo = objUsers.GetUserByUsername(_portalSettings.PortalId, Context.User.Identity.Name)
If objUser Is Nothing Then
' log user out
Dim objPortalSecurity As New PortalSecurity
objPortalSecurity.SignOut()
' Redirect browser back to home page
Response.Redirect(Request.RawUrl, True)
Exit Sub
End If
End If
End If
Dim arrPortalRoles() As String
Dim objRoleController As New RoleController
Dim objUserController As New UserController
Dim Username As String
Username = Nothing
Dim intUserId As Integer = -1
Dim objUserInfo As UserInfo
Dim UserInfoCacheKey As String = objUserController.GetCacheKey(_portalSettings.PortalId, Context.User.Identity.Name)
If Globals.PerformanceSetting = Globals.PerformanceSettings.HeavyCaching _
AndAlso Not DataCache.GetCache(UserInfoCacheKey) Is Nothing Then
objUserInfo = CType(DataCache.GetCache(UserInfoCacheKey), UserInfo)
Else
objUserInfo = objUserController.GetUserByUsername(_portalSettings.PortalId, Context.User.Identity.Name)
If Globals.PerformanceSetting = Globals.PerformanceSettings.HeavyCaching Then
UserInfoCacheKey = objUserController.GetCacheKey(_portalSettings.PortalId, objUserInfo.Username)
Dim intExpire As Integer = Globals.PerformanceSettings.HeavyCaching
DataCache.SetCache(UserInfoCacheKey, objUserInfo, TimeSpan.FromMinutes(intExpire))
End If
End If
If Not objUserInfo Is Nothing Then
intUserId = objUserInfo.UserID
Username = objUserInfo.Username
'Else --->COMMENT THIS LINE
'The user is authenticated because they have
'an auth cookie, but it is possible that
'their cookie contains the userid instead
'of the username.
'Dim objPortalSecurity As New PortalSecurity --->COMMENT THIS LINE
'objPortalSecurity.SignOut() --->COMMENT THIS LINE
'Exit Sub --->COMMENT THIS LINE
End If
' authenticate user and set last login ( this is necessary for users who have a permanent Auth cookie set )
If objMembershipUser Is Nothing Or objMembershipUser.IsLockedOut = True Or objMembershipUser.IsApproved = False Then
Dim objPortalSecurity As New PortalSecurity
objPortalSecurity.SignOut()
Else ' valid Auth cookie
' create cookies if they do not exist yet for this session.
If Request.Cookies("portalroles") Is Nothing Then
' keep cookies in sync
Dim CurrentDateTime As Date = DateTime.Now
intUserId = objUserInfo.UserID ---> ADD THIS LINE
Username = objUserInfo.Username ---> ADD THIS LINE
' create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles )
Dim PortalTicket As New formsAuthenticationTicket(1, Username, CurrentDateTime, CurrentDateTime.AddHours(1), False, _portalSettings.PortalAlias.PortalAliasID.ToString)
' encrypt the ticket
Dim strPortalAliasID As String = formsAuthentication.Encrypt(PortalTicket)
' send portal cookie to client
Response.Cookies( "portalaliasid").Value = strPortalAliasID
Response.Cookies( "portalaliasid").Path = "/"
Response.Cookies( "portalaliasid").Expires = CurrentDateTime.AddMinutes(60) ---> ORIGINAL VALUE IS 1, CHANGE IT TO 60
' get roles from UserRoles table
arrPortalRoles = objRoleController.GetPortalRolesByUser(intUserId, _portalSettings.PortalId)
' create a string to persist the roles
Dim strPortalRoles As String = Join(arrPortalRoles, New Char() {";"c})
' create a cookie authentication ticket ( version, user name, issue time, expires every hour, don't persist cookie, roles )
Dim RolesTicket As New formsAuthenticationTicket(1, objUserInfo.Username, CurrentDateTime, CurrentDateTime.AddHours(1), False, strPortalRoles)
' encrypt the ticket
Dim strRoles As String = formsAuthentication.Encrypt(RolesTicket)
' send roles cookie to client
Response.Cookies( "portalroles").Value = strRoles
Response.Cookies( "portalroles").Path = "/"
Response.Cookies( "portalroles").Expires = CurrentDateTime.AddMinutes(60) ---> ORIGINAL VALUE IS 1, CHANGE IT TO 60
End If
If Not Request.Cookies("portalroles") Is Nothing Then
' get roles from roles cookie
If Request.Cookies("portalroles").Value <> "" Then
Dim RoleTicket As formsAuthenticationTicket = formsAuthentication.Decrypt(Context.Request.Cookies("portalroles").Value)
' convert the string representation of the role data into a string array
Context.Items.Add( "UserRoles", ";" + RoleTicket.UserData + ";")
Else
Context.Items.Add( "UserRoles", "")
End If
Context.Items.Add( "UserInfo", objUserInfo)
End If
End If
End If
If CType(HttpContext.Current.Items("UserInfo"), UserInfo) Is Nothing Then
Context.Items.Add( "UserInfo", New UserInfo)
End If
End Sub
Public Sub OnEndRequest(ByVal s As Object, ByVal e As EventArgs)
Dim Context As HttpContext = CType(s, HttpApplication).Context
Dim Response As HttpResponse = Context.Response
'avoid adding to .net 2 as httpOnlyCookies default to true in 2.0
If System.Environment.Version.Major < 2 Then
Const HTTPONLYSTRING As String = ";HttpOnly"
For Each cookie As String In Response.Cookies
Dim path As String = Response.Cookies(cookie).Path
If path.EndsWith(HTTPONLYSTRING) = False Then
'append HttpOnly to cookie
Response.Cookies(cookie).Path += HTTPONLYSTRING
End If
Next
End If
End Sub
Public Sub Dispose() Implements IHttpModule.Dispose
End Sub
End Class
End Namespace
I've been testing this new dll for more than 6 hr without problems. Let me know if it works for you.
Rgds |
|
|
|
| |
| | |
| | |
| | |
|  |
| |
|
|
|
These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.
For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:
1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
|
| |
|
|
|
|
|
|
|
|