[BE V 2.5] Unable to login to child blogs

Topics: Business Logic Layer
May 17, 2012 at 12:35 AM
Edited May 17, 2012 at 12:38 AM

Hello All,

I have been tasked with upgrading the several installations of BE 1.6 we have on our production servers. 

All the migration has been fairly smooth, and I was able to setup each of our blogs using the multi-instance blogging feature recently introduced. 

However I am unable to login to child blog applications. The primary blog, set to the default root of ~/ works with no problem. Its a bit confusing because the process seems to authenticate successfully, but there is no update to the page upon returning to the returnurl parameter of the login page. If the return URL is a administration page ie(Dashboard, users, settings) it seems to work, but this is not ideal for our everyday users of the blog.

Here is what I do know about the issue, our integration environment functions as one would expect. Correctly refreshing the page to show administration controls after log on. That environment is running IIS 6.0, the problem servers are running IIS 7.5. That is the first difference I could find.

Debugging the project locally I was able to step into the Authentication code in BlogEngine.Core.Security. It appears that ValidateUser method always returns the instance of the primary blog. Regardless of which blog you are trying to login to child or parent.

With this in mind it would make sense that the authentication only works for the parent/primary blog application.

 /// <summary>
        /// Check username and password
        /// </summary>
        /// <param name="username">The name of the user to validate.</param>
        /// <param name="password">The password for the specified user.</param>
        /// <returns>The validate user.</returns>
        public override bool ValidateUser(string username, string password)
        {
            var validated = false;

            using (var conn = this.CreateConnection())
            {
                if (conn.HasConnection)
                {
                    using (var cmd = conn.CreateTextCommand(string.Format("SELECT password FROM {0}Users WHERE BlogID = {1}blogid AND UserName = {1}name", this.tablePrefix, this.parmPrefix)))
                    {
                        cmd.Parameters.Add(conn.CreateParameter(FormatParamName("blogid"), Blog.CurrentInstance.Id.ToString()));
                        cmd.Parameters.Add(conn.CreateParameter(FormatParamName("name"), username));

                        using (var rdr = cmd.ExecuteReader())
                        {
                            if (rdr.Read())
                            {
                                var storedPwd = rdr.GetString(0);

                                if (storedPwd == string.Empty)
                                {
                                    // This is a special case used for resetting.
                                    if (password.ToLower() == "admin")
                                    {
                                        validated = true;
                                    }
                                }
                                else
                                {
                                    if (this.passwordFormat == MembershipPasswordFormat.Hashed)
                                    {
                                        if (storedPwd == Utils.HashPassword(password))
                                        {
                                            validated = true;
                                        }
                                    }
                                    else if (storedPwd == password)
                                    {
                                        validated = true;
                                    }
                                }
                            }
                        }
                    }
                }
            }

            return validated;
        }

As far as I can tell the problem is caused by the Blog.CurrentInstance returning the incorrect instance. I may be misunderstanding the authentication flow for child applications. Has anyone run into this problem before?  

Any suggestions or insight would be much appreciated. Thank you.

 

 

May 17, 2012 at 1:26 AM

False alarm, all my themes were pointing to the parent login page. They were set to /parent/Account/login.aspx instead of /parent/child/Account/login.aspx.