Separate authentications

Member since: 2007

I want to use separate login for our public extranet users and our webadmins, therefor i changed the loginurl in the web.config to a redirectpage, based on ReturnUrl i let the users come to my custom login OR the EpiServer (/util/login.aspx). But when i do that the EpiServer login don't work anymore, it looks like it should and it autenticate but i do not redirect to the CMS admin page. When i manualy write the admin URI i am authenticated.

WHY?

Many thanks!

#56871 Feb 14, 2012 14:28
  • Member since: 2007

    ReturnUrl is specified to /util/login.aspx

    #56872 Feb 14, 2012 14:46
  • Member since: 2008

    The EPiServer login form uses the ReturnUrl to specify where the page should be redirected to after the form submission.

    What I think is happening is that your user is being authenticated but you are being redirected back to the same login page.The EPiServer login page doesn't redirect you itself - so it is possible to view that page whilst authenticated.

    You need to make sure that your custom redirect page also passes through the ReturnUrl of the first request - so that if you redirect to the Episerver login page you see a url of the form /util/login.aspx?ReturnUrl=ui/edit (or whevere your edit / admin mode is bound)

    #56876 Feb 14, 2012 15:43
  • Member since: 2007

    Sorry i wasn't totaly clear, it does look like you describe, util/login.aspx?ReturnUrl=ui/edit, thats why it is weird it is not working. Any other idea? 

    #56878 Feb 14, 2012 16:20
  • Member since: 2008
    Ok - this does sound a little strange. So your Login URL contains the correct ReturnUrl - and when you log in you don't get redirected, but don't see any message informing you that your login was incorrect. Does the user account you are logging in a member of the correct group/role to have access to edit mode? That would give the same behaviour, as you would correctly authenticate but still see the log in screen as you aren't in the right role.
    #56923 Feb 16, 2012 9:33
  • Member since: 2007

    Yes that is correct.

    Yes the user has the right roles. I can log in from my custom login page.

    The only thing that is changed is the loginUrl in web.config. Nevertheless this approach should work, doesn't it?

    #56925 Feb 16, 2012 10:46
  • Member since: 2007

    Strange, i did solve it by making a new custom default login page. /util/login.aspx didn't work anymore.

    #57061 Feb 23, 2012 12:24
  • Member since: 2007

    Hi. I am having the exact same problem. The user gets authenticated in the Util/Login.aspx page, but doesn't get redirected to the ReturnUrl. util/login.aspx?ReturnUrl=%2fui%2fCMS%2fedit%2fdefault.aspx

    Any ideas?

    #64733 Jan 08, 2013 13:50
  • Member since: 2007

    Okay, this seems to be the problem. instead of using:

    <forms name=".EPiServerLogin" loginUrl="Util/login.aspx" timeout="120" />

        

     

    I'm using a generic handler, redirecting the user to different login pages:

    <forms name=".EPiServerLogin" loginUrl="LoginHandler.ashx" timeout="120" />

        

    By doing this I apparently disable the automatic use of ReturnUrl if using an ASP.NET Login control (which is used in the EPiServer Login.aspx). So I guess the only way to get this to work is to create a new custom login page and deal with the ReturnUrl yourself.

    #64735 Jan 08, 2013 14:46
  • Member since: 2007

    I guess so, we solved it that way. Good luck.

    #64736 Jan 08, 2013 14:48
This topic is locked because the last reply was posted more than 6 months ago. Please contact epw@episerver.com to unlock it.