Custom authentication problem - UnifiedPrincipal identity goes missing

Vote:
 
For a project we're working on we've written a fairly basic custom authentication provider - the basic principal of the code is shown below. The Application_Start in Global.asax has been modified to add this provider to the authentication chain. Using this, a user can successfully log in (we're using EPiServer.Util.LoginBase.HandleFormsLogin(emailAddress, textBoxPassword.Text, false) for the log in code) and view protected content in the site. When logged in the UnifiedPrincipal.Current.Identity.Name value is as you'd expect. However, after approximately 1 to 2 minutes the UnifiedPrincipal object reverts back to the anonymous user and the user is required to log in again. I can't work out if I've missed something simple or if there's an EPiServer problem. It's almost as if the log in times out after a short period of time. I've checked the standard Session object and this is still valid even after the UnifiedPrincipal object has reverted back to the anonymous user. Has anyone come across this before or can anyone shed any light on this - I'm at a loss to explain the behaviour. Thanks in advance. Justin public static void CustomAuthenticate(object sender, AuthenticationEventArgs e) { string connectionString = ...................; if (e.IsHandled) { return; } if (LoginStatus.Success == XXXXXX.ValidateLogin(connectionString, e.Username, e.Password)) { ........ UnifiedPrincipal up = new UnifiedPrincipal( new GenericPrincipal( new GenericIdentity(e.Username, "CustomType"), new string[] { "GroupName....." } ) ); up.Password = e.Password; up.UserData.Email = e.Username; up.AddToCache(); e.Principal = up; } else { e.IsDenied = true; return; } }
#12788
Mar 25, 2008 18:35
Vote:
 
Is your website hosted on load balanced servers? We had a similar problem to this, but it was only from certain ISP's (AOL !!!) To fix it we had to add a line to the web.config file like this: Regards, Steve.
#14903
Mar 25, 2008 18:46
Vote:
 
Hi Steve Ludlow I was wondering if you could give a more detailed explanation of your solution, im not so familiar with validationKey for web.config files. thx
#14904
Mar 25, 2008 18:46
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.