2

I have integrated Sitefinity with my asp.net application.

When I am executing below mentioned code , it is setting 3 cookies.

TelerikSecurity.SecurityManager.AuthenticateUser(Membership.Provider.Name, username, password, isRememberMe)

A_authCookie , B_RoleCookie , C_loggingcookie in HttpCookieCollection collection of HttpResponse class.

I am also doing forms authentication after that.

FormsAuthentication.SetAuthCookie(formValidationObj.Email, formValidationObj.RememberMe);

Issue : If I am passing the value of isRememberMe false in TelerikSecurity.SecurityManager.AuthenticateUser method but true in 

FormsAuthentication.SetAuthCookie

method , remember me functionality is not working , i.e. when I close the browser and open it , I have to do the login again. because I do not get the value of A_authCookie on reopening the browser But if I pass the value as true in 

TelerikSecurity.SecurityManager.AuthenticateUser`

remember me functionality starts working because I got the value of A_authCookie on reopening the browser.

Why remember me functionality is dependent on A_authCookie , which is provided and managed by sitefinity and how can I fix this issue ?

Help will be appreciated.

Piyush Sing
  • 45
  • 1
  • 9

1 Answers1

0

Sitefinity handles the creation of all security cookies during its authentication process. The correct entry point is in the security manager:

SecurityManager.AuthenticateUser(null, username, rememberMe, out user);

Note the documentation:

If successful the method execution results in setting the current thread principal to the authenticated user and issuing a authentication cookie

The reason that it's especially important to not tamper with the authentication process of Sitefinity is that the underlying authentication mechanism is actually by default Claims authentication -- regardless of whether or not it stores information in the forms auth cookie.

seraphym
  • 1,126
  • 1
  • 8
  • 21