External login provider and impersonation issue

Thomas Larsen

Posted on 24/03/2021 10:12:34

When using an external login provider and after that impersonates another user the following cookie is added

Name: DW_ExtranetSessionCookie
Value: DWExternalLoginProviderId=1&AL=&DWExtranetImpersonateUserID=xwqtolpvMW8=

If the user don’t stop impersonation or signs out the following exception is thrown after session timeout.

[NullReferenceException: Object reference not set to an instance of an object.]
   Dynamicweb.Frontend.LogOnHandler.LogFailedFrontendLogin(String username) +19
   Dynamicweb.Frontend.LogOnHandler.LogOn(String username, String password, Boolean onlyActive, Boolean impersonateUser, Int32 impersonateUserId, Boolean skipPasswordCheck) +7952
   Dynamicweb.Frontend.LogOnHandler.CookieLogon() +323
   Dynamicweb.Frontend.SecurityHandler.ExtranetStart() +1560
   Dynamicweb.Frontend.LoginHandler.ExtranetStart(Int32 pageId) +46
   Dynamicweb.Frontend.PageView.Load() +2359
   Dynamicweb.Frontend.DynamicwebHttpHandler.ProcessRequest(HttpContext context) +176

Running on DW 9.9.1

BR
Thomas

Replies

Alexey Tanchenko

Posted on 25/03/2021 09:56:56

Hello Thomas.

I have tried to investigate described issue on several DW versions, but do not faced any exceptions.

There is a point that confuses me a bit - your cookie have this value - DWExternalLoginProviderId=1.
In DW 9.9.0 or even in latest hotfixes of DW 9.8 we had a related change. After the change, this value should alwas be cleaned out right after you redirected from external login website back to you DW website - DWExternalLoginProviderId=.
I guess it could be a reason why you get the exception, but I have to reproduce the issue at first to know if something needs a fix.

Probably you could provide some more details?

Nicolai Pedersen

Posted on 25/03/2021 11:02:19

Hi Thomas

We got it reproduced now. We will bug it and fix it.

Thanks, Nicolai

Thomas Larsen

Posted on 25/03/2021 13:15:07

Hi Nicolai,

Great :-)

In a 9.9 hotfix?

/Thomas

Kristian Kirkholt

Posted on 15/04/2021 13:03:29

Hi Thomas

The bugfix has been released in Dynamicweb version 9.10.7

You are able to download this from release section: https://doc.dynamicweb.com/downloads/releases

Please contact support@dynamicweb.dk if you need any help regarding the upgrade

Kind Regards
Dynamicweb Support
Kristian Kirkholt

Thomas Larsen

Posted on 23/04/2021 10:35:22

Hi Kristian,

We can't upgrade the solution to DW 9.10 right now.

Is it possible to get a DW 9.9 hotfix?

BR
Thomas

Nicolai Pedersen

Posted on 23/04/2021 11:07:28

Hi Thomas

Of course we can. I have asked for a 9.9 merge...

BR Nicolai

Alexey Tanchenko

Posted on 26/04/2021 07:39:27

Hi Thomas,

The fix is released in Dynamicweb 9.9.24

BR Alexey

Thomas Larsen

Posted on 27/04/2021 08:23:51

Hi Alexey,

Where do i find that release?

BR
Thomas

Nicolai Pedersen

Posted on 27/04/2021 09:41:47

Hi Thomas

You can find it on Nuget: https://www.nuget.org/packages/Dynamicweb/9.9.24

BR Nicolai

Thomas Larsen

Posted on 05/05/2021 10:41:11

Thanks,

After upgrading to version 9.9.24 we don't get the exception anymore on pageload anymore when the session is timed out

But the external login provider is not working until the DWExtranetImpersonateUserID information is removed from the DW_ExtranetSessionCookie?

BR
Thomas

Thomas Larsen

Posted on 21/05/2021 08:10:18

Anyone?

BR
Thomas

Alexey Tanchenko

Posted on 21/05/2021 08:16:22

Hi Thomas,

I will investigate the issue. Could you please provide more details?

BR, Alexey

Alexey Tanchenko

Posted on 25/05/2021 10:11:53

Hi Thomas,
I have tested several scenarios which I could come up with. But do not get any issues. Can you please specify any additional details: steps, logs, error text, etc.

BR, Alexey

You must be logged in to post in the forum

Developer forum

External login provider and impersonation issue

Replies