As you may have read previously I just got Sitecore Xpress running as my new website. This was all fine and I have even configured it to use my own SSO solution (which I will discuss in another post), but suddenly I encountered a strange problem.
I suddenly started experiencing issues when both my wife and I wanted to edit content at the same time. I had set up my login routine to use my SSO solution and then build a virtual user and login this virtual user to Sitecore and all was fine.
I used the following snippet to login my virtual user
Sitecore.Security.Accounts.User virtualUser =
Sitecore.Security.Authentication.AuthenticationManager.BuildVirtualUser("sitecore\\" + user.Username, true);
virtualUser.RuntimeSettings.IsAdministrator = user.IsAdministrator;
Sitecore.Security.UserProfile profile = virtualUser.Profile;
profile.FullName = user.Username;
profile.IsAdministrator = virtualUser.RuntimeSettings.IsAdministrator;
where the user object is my user gained from SSO.
But what we suddenly experienced was a continous loop from the login page to /sitecore back to the login page, which returned to /sitecore and so forth untill the browser eventually gave up.
I started debugging and could see that my user was logged in correctly and was a Sitecore administrator, but still the redirect occurred. So I didn't know what was happening and it all seemed very strange. I tried to remove my SSO solution and used the regular Sitecore login page, and suddenly it became clear what the problem was.
My Sitecore Xpress license is limited to only 1 Sitecore editor, so once I attempted to login another user (even just another browser), this user was just sent back to the login page. Here I just checked to see if the user was logged in (which he was) and then returned to /Sitecore, which then did a license verification to see if the content editor was accessible.
So after having spent some hours trying to figure out what was going on, I then added the following lines to my login page
and suddenly everything made more sense. Now if my wife was logged on I was sent to a page where I could log her off and then afterwards login correctly. (Thanks to http://istern.dk/blog/2010/6/7/usersessions-in-sitecore-(logout-users-from-backend).aspx for showing me where to look in the Sitecore API for this information)
So this is a small gotcha when working with Virtual users, since you go around the regular Sitecore login there are some things that you still need to test for, and that you need to verify on your own.
So the lesson to be learned here, is that if your Sitecore login is not working, first check out your license restrictions before you do anything else.
As a small curiosity this license check seemed to be easy to circumvent using a little bit of reflection and setting of private fields, but that would not be the ethical way to go, so instead I will appreciate my solution giving me the option to see why I cannot login and then logout my wife if she is no longer editing in Sitecore.