src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs

using System;
using System.Collections.Generic;
using System.Web;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Extensions;
using Microsoft.Owin.Logging;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Owin;
using Umbraco.Core;
using Umbraco.Core.Configuration;
using Umbraco.Core.IO;
using Umbraco.Core.Logging;
using Umbraco.Core.Models.Identity;
using Umbraco.Core.Security;
using Constants = Umbraco.Core.Constants;

namespace Umbraco.Web.Security.Identity
{
    public static class AppBuilderExtensions
    {
        /// <summary>
        /// Sets the OWIN logger to use Umbraco's logging system
        /// </summary>
        /// <param name="app"></param>
        public static void SetUmbracoLoggerFactory(this IAppBuilder app)
        {
            app.SetLoggerFactory(new OwinLoggerFactory());
        }

        #region Backoffice

        /// <summary>
        /// Configure Default Identity User Manager for Umbraco
        /// </summary>
        /// <param name="app"></param>
        /// <param name="appContext"></param>
        /// <param name="userMembershipProvider"></param>
        public static void ConfigureUserManagerForUmbracoBackOffice(this IAppBuilder app,
            ApplicationContext appContext,
            MembershipProviderBase userMembershipProvider)
        {
            if (appContext == null) throw new ArgumentNullException("appContext");
            if (userMembershipProvider == null) throw new ArgumentNullException("userMembershipProvider");

            //Don't proceed if the app is not ready
            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return;

            //Configure Umbraco user manager to be created per request
            app.CreatePerOwinContext<BackOfficeUserManager>(
                (options, owinContext) => BackOfficeUserManager.Create(
                    options,
                    appContext.Services.UserService,
                    appContext.Services.ExternalLoginService,
                    userMembershipProvider));

            //Create a sign in manager per request
            app.CreatePerOwinContext<BackOfficeSignInManager>((options, context) => BackOfficeSignInManager.Create(options, context, app.CreateLogger<BackOfficeSignInManager>()));
        }

        /// <summary>
        /// Configure a custom UserStore with the Identity User Manager for Umbraco
        /// </summary>
        /// <param name="app"></param>
        /// <param name="appContext"></param>
        /// <param name="userMembershipProvider"></param>
        /// <param name="customUserStore"></param>
        public static void ConfigureUserManagerForUmbracoBackOffice(this IAppBuilder app,
            ApplicationContext appContext,
            MembershipProviderBase userMembershipProvider,
            BackOfficeUserStore customUserStore)
        {
            if (appContext == null) throw new ArgumentNullException("appContext");
            if (userMembershipProvider == null) throw new ArgumentNullException("userMembershipProvider");
            if (customUserStore == null) throw new ArgumentNullException("customUserStore");

            //Don't proceed if the app is not ready
            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return;

            //Configure Umbraco user manager to be created per request
            app.CreatePerOwinContext<BackOfficeUserManager>(
                (options, owinContext) => BackOfficeUserManager.Create(
                    options,
                    customUserStore,
                    userMembershipProvider));

            //Create a sign in manager per request
            app.CreatePerOwinContext<BackOfficeSignInManager>((options, context) => BackOfficeSignInManager.Create(options, context, app.CreateLogger(typeof(BackOfficeSignInManager).FullName)));
        }

        /// <summary>
        /// Configure a custom BackOfficeUserManager for Umbraco
        /// </summary>
        /// <param name="app"></param>
        /// <param name="appContext"></param>
        /// <param name="userManager"></param>
        public static void ConfigureUserManagerForUmbracoBackOffice<TManager, TUser>(this IAppBuilder app,
            ApplicationContext appContext,
            Func<IdentityFactoryOptions<TManager>, IOwinContext, TManager> userManager)
            where TManager : BackOfficeUserManager<TUser>
            where TUser : BackOfficeIdentityUser
        {
            if (appContext == null) throw new ArgumentNullException("appContext");
            if (userManager == null) throw new ArgumentNullException("userManager");

            //Don't proceed if the app is not ready
            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return;

            //Configure Umbraco user manager to be created per request
            app.CreatePerOwinContext<TManager>(userManager);

            //Create a sign in manager per request
            app.CreatePerOwinContext<BackOfficeSignInManager>((options, context) => BackOfficeSignInManager.Create(options, context, app.CreateLogger(typeof(BackOfficeSignInManager).FullName)));
        }

        /// <summary>
        /// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
        /// </summary>
        /// <param name="app"></param>
        /// <param name="appContext"></param>
        /// <returns></returns>
        public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app, ApplicationContext appContext)
        {
            if (app == null) throw new ArgumentNullException("app");
            if (appContext == null) throw new ArgumentNullException("appContext");

            //Don't proceed if the app is not ready
            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return app;

            var authOptions = new UmbracoBackOfficeCookieAuthOptions(
                UmbracoConfig.For.UmbracoSettings().Security,
                GlobalSettings.TimeOutInMinutes,
                GlobalSettings.UseSSL)
            {
                Provider = new BackOfficeCookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user 
                    // logs in. This is a security feature which is used when you 
                    // change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator
                        .OnValidateIdentity<BackOfficeUserManager, BackOfficeIdentityUser, int>(
                            TimeSpan.FromMinutes(30),
                            (manager, user) => user.GenerateUserIdentityAsync(manager),
                            identity => identity.GetUserId<int>()),                    
                }
            };

            //This is a custom middleware, we need to return the user's remaining logged in seconds
            app.Use<GetUserSecondsMiddleWare>(
                authOptions,
                UmbracoConfig.For.UmbracoSettings().Security,
                app.CreateLogger<GetUserSecondsMiddleWare>());

            app.UseCookieAuthentication(authOptions);

            return app;
        }

        /// <summary>
        /// Ensures that the cookie middleware for validating external logins is assigned to the pipeline with the correct
        /// Umbraco back office configuration
        /// </summary>
        /// <param name="app"></param>
        /// <param name="appContext"></param>
        /// <returns></returns>
        public static IAppBuilder UseUmbracoBackOfficeExternalCookieAuthentication(this IAppBuilder app, ApplicationContext appContext)
        {
            if (app == null) throw new ArgumentNullException("app");
            if (appContext == null) throw new ArgumentNullException("appContext");

            //Don't proceed if the app is not ready
            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return app;

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
                AuthenticationMode = AuthenticationMode.Passive,
                CookieName = Constants.Security.BackOfficeExternalCookieName,
                ExpireTimeSpan = TimeSpan.FromMinutes(5),
                //Custom cookie manager so we can filter requests
                CookieManager = new BackOfficeCookieManager(new SingletonUmbracoContextAccessor()),
                CookiePath = "/",
                CookieSecure = GlobalSettings.UseSSL ? CookieSecureOption.Always : CookieSecureOption.SameAsRequest,
                CookieHttpOnly = true,
                CookieDomain = UmbracoConfig.For.UmbracoSettings().Security.AuthCookieDomain
            });

            return app;
        }
        #endregion

    }
}
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
+								using System;
 								using System.Collections.Generic;
 								using System.Web;
-												Implements IUserSecurityStore and ensures there is a security stamp token in place, have updated the repository layer to manual update this if ASPNet Identity APIs are not used to update users.

											
										
										
											2015-03-25 10:57:10 +11:00
+								using Microsoft.AspNet.Identity;
 								using Microsoft.AspNet.Identity.Owin;
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
+								using Microsoft.Owin;
 								using Microsoft.Owin.Extensions;
-												Updates the UmbracoBackOfficeIdentity to have better support for claims and adds unit tests for it. Creates OwinLogger's and methods to apply them. Updates security methods to ensure that a UmbracoBackOfficeIdentity is returned even from a normal ClaimsIdentity which will be the case with bearer tokens. Updates the angular anti-forgery checker to be ignore if the auth type is not cookie based. Adds a simple token server provider that people can use if they want. Now token authentication is working.

											
										
										
											2015-04-10 14:22:09 +10:00
+								using Microsoft.Owin.Logging;
-												Gets external cookies working with a custom auth type (so we don't interfere with the 'default')

											
										
										
											2015-02-19 16:36:39 +01:00
+								using Microsoft.Owin.Security;
-												massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.

											
										
										
											2015-02-06 14:05:29 +11:00
+								using Microsoft.Owin.Security.Cookies;
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
+								using Owin;
 								using Umbraco.Core;
 								using Umbraco.Core.Configuration;
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								using Umbraco.Core.IO;
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								using Umbraco.Core.Logging;
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								using Umbraco.Core.Models.Identity;
 								using Umbraco.Core.Security;
-												Implements IUserSecurityStore and ensures there is a security stamp token in place, have updated the repository layer to manual update this if ASPNet Identity APIs are not used to update users.

											
										
										
											2015-03-25 10:57:10 +11:00
+								using Constants = Umbraco.Core.Constants;
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
 								namespace Umbraco.Web.Security.Identity
 								{
 								    public static class AppBuilderExtensions
 								    {
-												Updates the UmbracoBackOfficeIdentity to have better support for claims and adds unit tests for it. Creates OwinLogger's and methods to apply them. Updates security methods to ensure that a UmbracoBackOfficeIdentity is returned even from a normal ClaimsIdentity which will be the case with bearer tokens. Updates the angular anti-forgery checker to be ignore if the auth type is not cookie based. Adds a simple token server provider that people can use if they want. Now token authentication is working.

											
										
										
											2015-04-10 14:22:09 +10:00
+								        /// <summary>
 								        /// Sets the OWIN logger to use Umbraco's logging system
 								        /// </summary>
 								        /// <param name="app"></param>
 								        public static void SetUmbracoLoggerFactory(this IAppBuilder app)
 								        {
 								            app.SetLoggerFactory(new OwinLoggerFactory());
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								        }
-												Updates the UmbracoBackOfficeIdentity to have better support for claims and adds unit tests for it. Creates OwinLogger's and methods to apply them. Updates security methods to ensure that a UmbracoBackOfficeIdentity is returned even from a normal ClaimsIdentity which will be the case with bearer tokens. Updates the angular anti-forgery checker to be ignore if the auth type is not cookie based. Adds a simple token server provider that people can use if they want. Now token authentication is working.

											
										
										
											2015-04-10 14:22:09 +10:00
-												Updates OwinStartup and split the methods into an extension methods file complete with documentation on how to implement the providers. Tested the microsoft provider. Now to clean things up:  remove the 3rd party package installs to be ready for shipping, ensure that the user parts are extensible enough for people to plugin their own interfaces.

											
										
										
											2015-03-24 12:50:31 +11:00
+								        #region Backoffice
-												adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)

											
										
										
											2015-03-24 13:36:52 +11:00
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								        /// <summary>
-												adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)

											
										
										
											2015-03-24 13:36:52 +11:00
+								        /// Configure Default Identity User Manager for Umbraco
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								        /// </summary>
 								        /// <param name="app"></param>
 								        /// <param name="appContext"></param>
 								        /// <param name="userMembershipProvider"></param>
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								        public static void ConfigureUserManagerForUmbracoBackOffice(this IAppBuilder app,
 								            ApplicationContext appContext,
-												removes the BackOfficeRoleManager since we don't use roles in the back office (sections i suppose) and we can't dynamically just create them, that doesn't make sense.

											
										
										
											2015-03-24 13:16:32 +11:00
+								            MembershipProviderBase userMembershipProvider)
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								        {
-												Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.

											
										
										
											2015-03-26 17:43:22 +11:00
+								            if (appContext == null) throw new ArgumentNullException("appContext");
 								            if (userMembershipProvider == null) throw new ArgumentNullException("userMembershipProvider");
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								            //Don't proceed if the app is not ready
-												Adds IsUpgrading method to ApplicationContext and fixes AppBuilderExtensions checks since we need a user manager when upgrading

											
										
										
											2015-04-01 16:12:32 +11:00
+								            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return;
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								            //Configure Umbraco user manager to be created per request
 								            app.CreatePerOwinContext<BackOfficeUserManager>(
 								                (options, owinContext) => BackOfficeUserManager.Create(
-												Updates OwinStartup and split the methods into an extension methods file complete with documentation on how to implement the providers. Tested the microsoft provider. Now to clean things up:  remove the 3rd party package installs to be ready for shipping, ensure that the user parts are extensible enough for people to plugin their own interfaces.

											
										
										
											2015-03-24 12:50:31 +11:00
+								                    options,
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								                    appContext.Services.UserService,
 								                    appContext.Services.ExternalLoginService,
 								                    userMembershipProvider));
-												Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs.

											
										
										
											2015-07-01 17:07:29 +02:00
 								            //Create a sign in manager per request
-												Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff.

											
										
										
											2015-07-23 12:03:50 +02:00
+								            app.CreatePerOwinContext<BackOfficeSignInManager>((options, context) => BackOfficeSignInManager.Create(options, context, app.CreateLogger<BackOfficeSignInManager>()));
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								        }
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
-												adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)

											
										
										
											2015-03-24 13:36:52 +11:00
+								        /// <summary>
 								        /// Configure a custom UserStore with the Identity User Manager for Umbraco
 								        /// </summary>
 								        /// <param name="app"></param>
 								        /// <param name="appContext"></param>
 								        /// <param name="userMembershipProvider"></param>
 								        /// <param name="customUserStore"></param>
 								        public static void ConfigureUserManagerForUmbracoBackOffice(this IAppBuilder app,
 								            ApplicationContext appContext,
 								            MembershipProviderBase userMembershipProvider,
 								            BackOfficeUserStore customUserStore)
 								        {
-												Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.

											
										
										
											2015-03-26 17:43:22 +11:00
+								            if (appContext == null) throw new ArgumentNullException("appContext");
 								            if (userMembershipProvider == null) throw new ArgumentNullException("userMembershipProvider");
 								            if (customUserStore == null) throw new ArgumentNullException("customUserStore");
-												adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)

											
										
										
											2015-03-24 13:36:52 +11:00
+								            //Don't proceed if the app is not ready
-												Adds IsUpgrading method to ApplicationContext and fixes AppBuilderExtensions checks since we need a user manager when upgrading

											
										
										
											2015-04-01 16:12:32 +11:00
+								            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return;
-												adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)

											
										
										
											2015-03-24 13:36:52 +11:00
 								            //Configure Umbraco user manager to be created per request
 								            app.CreatePerOwinContext<BackOfficeUserManager>(
 								                (options, owinContext) => BackOfficeUserManager.Create(
 								                    options,
 								                    customUserStore,
 								                    userMembershipProvider));
-												Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs.

											
										
										
											2015-07-01 17:07:29 +02:00
 								            //Create a sign in manager per request
-												Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff.

											
										
										
											2015-07-23 12:03:50 +02:00
+								            app.CreatePerOwinContext<BackOfficeSignInManager>((options, context) => BackOfficeSignInManager.Create(options, context, app.CreateLogger(typeof(BackOfficeSignInManager).FullName)));
-												adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)

											
										
										
											2015-03-24 13:36:52 +11:00
+								        }
-												Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.

											
										
										
											2015-03-26 17:43:22 +11:00
+								        /// <summary>
 								        /// Configure a custom BackOfficeUserManager for Umbraco
 								        /// </summary>
 								        /// <param name="app"></param>
 								        /// <param name="appContext"></param>
 								        /// <param name="userManager"></param>
 								        public static void ConfigureUserManagerForUmbracoBackOffice<TManager, TUser>(this IAppBuilder app,
 								            ApplicationContext appContext,
 								            Func<IdentityFactoryOptions<TManager>, IOwinContext, TManager> userManager)
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								            where TManager : BackOfficeUserManager<TUser>
-												Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.

											
										
										
											2015-03-26 17:43:22 +11:00
+								            where TUser : BackOfficeIdentityUser
 								        {
 								            if (appContext == null) throw new ArgumentNullException("appContext");
 								            if (userManager == null) throw new ArgumentNullException("userManager");
 								            //Don't proceed if the app is not ready
-												Adds IsUpgrading method to ApplicationContext and fixes AppBuilderExtensions checks since we need a user manager when upgrading

											
										
										
											2015-04-01 16:12:32 +11:00
+								            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return;
-												Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.

											
										
										
											2015-03-26 17:43:22 +11:00
 								            //Configure Umbraco user manager to be created per request
 								            app.CreatePerOwinContext<TManager>(userManager);
-												Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs.

											
										
										
											2015-07-01 17:07:29 +02:00
 								            //Create a sign in manager per request
-												Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff.

											
										
										
											2015-07-23 12:03:50 +02:00
+								            app.CreatePerOwinContext<BackOfficeSignInManager>((options, context) => BackOfficeSignInManager.Create(options, context, app.CreateLogger(typeof(BackOfficeSignInManager).FullName)));
-												Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.

											
										
										
											2015-03-26 17:43:22 +11:00
+								        }
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
+								        /// <summary>
 								        /// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
 								        /// </summary>
 								        /// <param name="app"></param>
-												Ensures that during install that we don't enable the identity user manager or cookie auth since no db tables exist, fixes the IsUpgrading check to check for actual valid tables

											
										
										
											2015-06-09 12:17:45 +02:00
+								        /// <param name="appContext"></param>
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
+								        /// <returns></returns>
-												Ensures that during install that we don't enable the identity user manager or cookie auth since no db tables exist, fixes the IsUpgrading check to check for actual valid tables

											
										
										
											2015-06-09 12:17:45 +02:00
+								        public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app, ApplicationContext appContext)
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
+								        {
 								            if (app == null) throw new ArgumentNullException("app");
-												Ensures that during install that we don't enable the identity user manager or cookie auth since no db tables exist, fixes the IsUpgrading check to check for actual valid tables

											
										
										
											2015-06-09 12:17:45 +02:00
+								            if (appContext == null) throw new ArgumentNullException("appContext");
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
-												Ensures that during install that we don't enable the identity user manager or cookie auth since no db tables exist, fixes the IsUpgrading check to check for actual valid tables

											
										
										
											2015-06-09 12:17:45 +02:00
+								            //Don't proceed if the app is not ready
 								            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return app;
-												massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.

											
										
										
											2015-02-06 14:05:29 +11:00
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								            var authOptions = new UmbracoBackOfficeCookieAuthOptions(
 								                UmbracoConfig.For.UmbracoSettings().Security,
 								                GlobalSettings.TimeOutInMinutes,
 								                GlobalSettings.UseSSL)
-												massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.

											
										
										
											2015-02-06 14:05:29 +11:00
+								            {
-												Fixes: U4-6969 Property label localization in 7.3 always uses en-US locale

											
										
										
											2015-09-16 15:22:40 +02:00
+								                Provider = new BackOfficeCookieAuthenticationProvider
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								                {
-												Implements IUserSecurityStore and ensures there is a security stamp token in place, have updated the repository layer to manual update this if ASPNet Identity APIs are not used to update users.

											
										
										
											2015-03-25 10:57:10 +11:00
+								                    // Enables the application to validate the security stamp when the user
 								                    // logs in. This is a security feature which is used when you
 								                    // change a password or add an external login to your account.
 								                    OnValidateIdentity = SecurityStampValidator
 								                        .OnValidateIdentity<BackOfficeUserManager, BackOfficeIdentityUser, int>(
 								                            TimeSpan.FromMinutes(30),
 								                            (manager, user) => user.GenerateUserIdentityAsync(manager),
-												Fixes: U4-6969 Property label localization in 7.3 always uses en-US locale

											
										
										
											2015-09-16 15:22:40 +02:00
+								                            identity => identity.GetUserId<int>()),
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
+								                }
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								            };
 								            //This is a custom middleware, we need to return the user's remaining logged in seconds
-												Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff.

											
										
										
											2015-07-23 12:03:50 +02:00
+								            app.Use<GetUserSecondsMiddleWare>(
 								                authOptions,
 								                UmbracoConfig.For.UmbracoSettings().Security,
 								                app.CreateLogger<GetUserSecondsMiddleWare>());
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
 								            app.UseCookieAuthentication(authOptions);
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
 								            return app;
 								        }
-												Starts stubbing out role manager code

											
										
										
											2015-02-22 15:10:14 +01:00
+								        /// <summary>
 								        /// Ensures that the cookie middleware for validating external logins is assigned to the pipeline with the correct
 								        /// Umbraco back office configuration
 								        /// </summary>
 								        /// <param name="app"></param>
-												Ensures that during install that we don't enable the identity user manager or cookie auth since no db tables exist, fixes the IsUpgrading check to check for actual valid tables

											
										
										
											2015-06-09 12:17:45 +02:00
+								        /// <param name="appContext"></param>
-												Starts stubbing out role manager code

											
										
										
											2015-02-22 15:10:14 +01:00
+								        /// <returns></returns>
-												Ensures that during install that we don't enable the identity user manager or cookie auth since no db tables exist, fixes the IsUpgrading check to check for actual valid tables

											
										
										
											2015-06-09 12:17:45 +02:00
+								        public static IAppBuilder UseUmbracoBackOfficeExternalCookieAuthentication(this IAppBuilder app, ApplicationContext appContext)
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
+								        {
 								            if (app == null) throw new ArgumentNullException("app");
-												Ensures that during install that we don't enable the identity user manager or cookie auth since no db tables exist, fixes the IsUpgrading check to check for actual valid tables

											
										
										
											2015-06-09 12:17:45 +02:00
+								            if (appContext == null) throw new ArgumentNullException("appContext");
 								            //Don't proceed if the app is not ready
 								            if (appContext.IsUpgrading == false && appContext.IsConfigured == false) return app;
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
-												Gets external cookies working with a custom auth type (so we don't interfere with the 'default')

											
										
										
											2015-02-19 16:36:39 +01:00
+								            app.UseCookieAuthentication(new CookieAuthenticationOptions
 								            {
 								                AuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
 								                AuthenticationMode = AuthenticationMode.Passive,
-												Updates the back office external cookie name to be consistently cased with the other back office cookie names

											
										
										
											2015-03-25 12:21:41 +11:00
+								                CookieName = Constants.Security.BackOfficeExternalCookieName,
-												Gets external cookies working with a custom auth type (so we don't interfere with the 'default')

											
										
										
											2015-02-19 16:36:39 +01:00
+								                ExpireTimeSpan = TimeSpan.FromMinutes(5),
 								                //Custom cookie manager so we can filter requests
 								                CookieManager = new BackOfficeCookieManager(new SingletonUmbracoContextAccessor()),
 								                CookiePath = "/",
 								                CookieSecure = GlobalSettings.UseSSL ? CookieSecureOption.Always : CookieSecureOption.SameAsRequest,
 								                CookieHttpOnly = true,
 								                CookieDomain = UmbracoConfig.For.UmbracoSettings().Security.AuthCookieDomain
 								            });
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
+								            return app;
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								        }
-												Updates OwinStartup and split the methods into an extension methods file complete with documentation on how to implement the providers. Tested the microsoft provider. Now to clean things up:  remove the 3rd party package installs to be ready for shipping, ensure that the user parts are extensible enough for people to plugin their own interfaces.

											
										
										
											2015-03-24 12:50:31 +11:00
+								        #endregion
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
-												Starts adding asp.net identity

											
										
										
											2015-02-04 19:24:59 +11:00
+								    }
 								}