I'm preparing a demo of MembershipReboot for my local user group. I'm experiencing a strange scenario whereby the 2 cookies:
FedAuth; and
FedAuth1
are being set in the headers of the Response. However, in subsequent Requests, they are not part of the headers. I confirmed this using Fiddler and it explains why User.Identity.IsAuthenticated is always false after successful logins.
Is the anything which may be leading to this weird scenario?
Cheers
I had a few subtle errors in my Web.config file.
In the configSections element
Instead of:
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
I had:
<section name="system.identitymodel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
In the system.webServer > modules element
Instead of:
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
I had:
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
For the system.identityModel.services element
Instead of:
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" persistentSessionLifetime="30:00:00"/>
</federationConfiguration>
</system.identityModel.services>
I had:
<system.identitymodel.services>
<federationconfiguration>
<cookiehandler requiressl="false" persistentSessionLifetime="30:00:00" />
</federationconfiguration>
</system.identitymodel.services>
This was tough to diagnose, so always be careful when configuring your application!
MembershipReboot rocks!!!
Related
My current STS configuration from the web is as follows,
<microsoft.identityModel>
<service saveBootstrapTokens="true">
<audienceUris mode="Never"/>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://fs.mysite.net/adfs/ls" realm="https://myweb.cloudapp.net/" reply="https://myweb.cloudapp.net/Account/FederatedResult" requireHttps="false"/>
<cookieHandler requireSsl="false"/>
</federatedAuthentication>
<serviceCertificate>
<certificateReference x509FindType="FindBySubjectName" findValue="*.mydomain.net"/>
</serviceCertificate>
<applicationService>
<claimTypeRequired>
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true"/>
<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true"/>
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true"/>
</claimTypeRequired>
</applicationService>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="a5069c80a92e7a49937bba9bc25a85a57b4bbc74" name="https://fs.myweb.net/adfs/services/trust"/>
</trustedIssuers>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None"/>
</service>
I need to introduce MachineKeySessionSecurityTokenHandler as below, (in the web farm environment I need to enforce cookie encryption by mahcinekey)
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
But tag is not available in system.identityModel. Also federatedAuthentication tag gives errors. Can someone help me to migrate microsoft.identityModel to system.identityModel version.
Did you put the following at the top of your web.config ?
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
I am trying to add sitecore to an existing solution where we already have an MVC Application.Now after adding Sitecore,I will make sitecore as start up project and add the reference of existing MVC Application as a reference to Sitecore MVC Application.
Since the existing application was using 4.5.1 and MVC 5.2.3,I am also using the same for my sitecore application.But the existing MVC application is using below:
1. System.Web.Http (Version:5.2.3.0)
2. System.Web.Http.WebHost (Version:5.2.3.0)
3. System.Net.Http.Formatting (Version:5.2.3.0)
So can I use the same for Sitecore?.If yes then I will have to Modify Web Config
From:
<compilation defaultLanguage="c#" debug="false" targetFramework="4.5.1">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Helpers, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Http, Version=5.1.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Http.WebHost, Version=5.1.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Net.Http.Formatting, Version=5.1.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
To:
<compilation defaultLanguage="c#" debug="false" targetFramework="4.5.1">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Helpers, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Http, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Http.WebHost, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Net.Http.Formatting, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
Is this change fine?.Please suggest.
Instead of adding Sitecore to your solution you should probably look at it the other way around I.e getting your Mvc application to work in Sitecore.
You shouldn't really change the assembly versions Sitecore is using and you should try to get your Mvc application to work with Sitecore. You can't 100% guarantee that Sitecore will work using higher or lower versions of assemblies that it needs. Whereas with your Mvc solution (I'm assuming you have the source code) you can always try to modify this to work with Sitecore.
Verified with sitecore support and they confirmed that all the above changes are fine.
I have an MVC application that I recently converted the authentication/authorization method from forms to federated. Everything works fine, but on the home page I have to create a cookie for the authorization of the rest of my site to work properly. When users navigate to the home page first it works great, if they navigate to a different page first where authorization is required they get a 401 unauthorized error page.
When I had the forms authentication implemented it would redirect users that were unauthorized to the login page, with federation I no longer have a login page so I would like to redirect to the home page. With forms authentication the redirection was automatic, how would I setup something similar for my federated application?
Here are the federated portions of my web.config that are relevant. Again, federated authentication/authorization works, just the unauthorized redirect that isn't.
<system.web>
<customErrors mode="Off"/>
<authentication mode="None"/>
<authorization>
<deny users="?"/>
</authorization>
<membership defaultProvider="ADMembershipProvider">
<providers>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionProtection="Secure" attributeMapUsername="sAMAccountName" connectionStringName="ADConn" connectionUsername="UName" connectionPassword="Pass" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="ActiveDirectoryRoleProvider" cacheRolesInCookie="true" cookieName=".ADLibraryROLES" cookiePath="/" cookieTimeout="1440" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="true" cookieProtection="All">
<providers>
<clear />
<add name="ActiveDirectoryRoleProvider" connectionStringName="ADConn" connectionUsername="UName" connectionPassword="Pass" attributeMapUsername="sAMAccountName" type="MyApp.ActiveDirectoryRoleProvider" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://fed.example.com/"/>
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None"/>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://myfedservice.example.com/adfs/services/trust">
<keys>
<add thumbprint="mythumb"/>
</keys>
<validIssuers>
<add name="http://fed.example.com/adfs/services/trust"/>
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true"/>
<wsFederation passiveRedirectEnabled="true" issuer="https://fed.example.com/adfs/ls/" realm="https://fed.example.com/" reply="https://fed.example.com/" requireHttps="true" persistentCookiesOnPassiveRedirects="true"/>
</federationConfiguration>
</system.identityModel.services>
You can configure this in the wsFederation section, see MSDN for further details. By setting the “passiveRedirectEnabled” to true, the WSFederationAuthenticationModule will look at all outgoing responses, trying to find HTTP 401s. If it finds a 401, it will modify the response and turn it into a redirect to the STS. Please note that in production you want to change requireHttps to true.
<system.identityModel.services>
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true"
issuer="http://localhost:15839/wsFederationSTS/Issue"
realm="http://localhost:50969/" reply="http://localhost:50969/"
requireHttps="false"
signOutReply="http://localhost:50969/SignedOutPage.html"
signOutQueryString="Param1=value2&Param2=value2"
persistentCookiesOnPassiveRedirects="true" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
Please note that you also need to add these modules:
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
and the following config sections:
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
Got the following problem:
I've created simple mvc 5 project with individual user accounts authentication.
Everything works i can add users,roles,everything is stored in the database - all seems to be fine. Now i want to change authetication to organisational:
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="myUrl" />
</audienceUris>
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<add type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<samlSecurityTokenRequirement>
<nameClaimType value="myClaim"/>
</samlSecurityTokenRequirement>
</add>
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="mySts">
<keys>
<add thumbprint="myThumb" />
</keys>
<validIssuers>
<add name="mySts" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="mySTs" realm="myUrl" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
It works - i can authenticate,but when i want to add new user (based on User.Identity.Name to my existing database:
UserManager.CreateAsync(user);
I get weird error:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 50 - Local Database Runtime error occurred. Cannot create an automatic instance. See the Windows Application event log for error details.)
although i didn't change anything in connection,dbcontext and so on.
What could be a reason of such behavior?
Something seems to be missed in your web.config file. Try to add connectionStrings to your web.config by editing the code below according to your database and connection properties:
web.config:
<configuration>
<add name="DefaultConnection" providerName="System.Data.SqlClient" connectionString="Data Source=(localdb)\v11.0;
Initial Catalog=aspnet-YourDatabaseName; Integrated Security=SSPI; AttachDBFilename=|DataDirectory|\aspnet-YourDatabaseName.mdf" />
I'm getting this error in Visual Studio, when I use #Html.Sitecore:
'System.Web.Webpages.Html.Htmlhelper' does not contain a definition for 'Sitecore' and the best extension methods overload 'Sitecore.Mvc.HtmlHelperExtensions.Sitecore(System.Web.Mvc.HtmlHelper)' has some invalid arguments.`
However, once deployed it does run without any problems.
I'm using Sitecore 7.2 with MVC 5.1.
Articles that I've read that deal with similar error messages, talk about the system.web.webPages.razor section of the Views folder web.config file. This is how it appears in my solution.
<system.web.webPages.razor>
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<pages pageBaseType="System.Web.Mvc.WebViewPage">
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
</namespaces>
</pages>
Originally I thought I'd just need to restart VS, but that didn't work. Does anyone have any suggestions.
EDIT
This is the standard Sitecore 7.2 installation, and so has the following binding redirects:
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" xmlns="urn:schemas-microsoft-com:asm.v1"/>
<bindingRedirect oldVersion="1.0.0.0-5.0.0.0" newVersion="5.1.0.0" xmlns="urn:schemas-microsoft-com:asm.v1"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages.Razor" publicKeyToken="31bf3856ad364e35" xmlns="urn:schemas-microsoft-com:asm.v1"/>
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" xmlns="urn:schemas-microsoft-com:asm.v1"/>
</dependentAssembly>
Also when looking at the output from visual studio there is an additional error that I didn't spot before:
Instance argument: cannot convert from 'System.Web.WebPages.Html.HtmlHelper' to 'System.Web.Mvc.HtmlHelper'
EDIT 2
I no longer think this is a Sitecore MVC issue. I get a similar error with #Html.ActionLink("xxx", "xxx"). Other people have seen this issue in VS2012, but I'm using 2013.
EDIT 3
There are now quite a few answers to this question. I recommend trying each of them as it seems there are numerous reasons this error might occur.
I have the same problem a while ago. We found out that we are missing the web.config inside /views folder. we copy a web.config from my other projects' /views and it solved the issue.
Try This, then try to restart visual studio.
<system.web.webPages.razor>
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<pages pageBaseType="System.Web.Mvc.WebViewPage">
<namespaces>
<add namespace="Sitecore.Mvc" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
</namespaces>
</pages>
</system.web.webPages.razor>
You forgot to add <add namespace="Sitecore.Mvc" /> so that intellisense can pick it up in VS.
I have now resolved this issue. I simply had to install Update 2 of Visual Studio 2013. How frustrating.
Thanks to StriplingWarrior and Ahmed Okour for your useful advice.
I have used the below line at the top and the issue has been resolved.
#inherits System.Web.Mvc.WebViewPage
You say you're using MVC 5, but you're referencing version 3 in the code you provided. Here's what mine says:
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
Try checking through your entire web.config file (or all the web.config files if you have multiple Areas) and making sure that all the versions are set right. For MVC 5, System.Web.WebPages should be on version 2 and System.Web.WebPages.Razor should be on version 3.
<sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
<section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
</sectionGroup>
...
<assemblies>
<add assembly="System.Web.Mvc, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Helpers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
Sometimes its the silly things. Check you're not doing something like
#Html.Sitecore("placeholdername") // no method
or
#Html.Sitcore.Placeholder("placeholdername") // Missing parenthesis
when you should be doing
#Html.Sitecore().Placeholder("placeholdername") // this works
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Optimization"/>
<add namespace="System.Web.Routing" />
<add namespace="Kendo.Mvc.UI" />
<add namespace="Telerik.Reporting" />
</namespaces>
I have added Sitecore.Mvc dll in references with copy local to true and added below tag in view's web.config under namespaces tag, then my problem is resolved.