yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
27d94f1ca661af03a4ff6dfe63abcd4e5d856227
Umbraco-CMS/src/Umbraco.Web/Security/AppBuilderExtensions.cs

447 lines
23 KiB
C#
Raw Normal View History

Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
using System;
Fix thread CultureInfo issue breaking PetaPoco
2015-10-30 15:17:58 +01:00
using System.Threading;
Gets custom OAuth errors working
2020-08-11 16:06:37 +10:00
using System.Web;
Start adding support for better error handling during external login processing
2020-06-19 11:24:03 +10:00
using System.Web.Mvc;
Gets custom OAuth errors working
2020-08-11 16:06:37 +10:00
using System.Web.SessionState;
Implements IUserSecurityStore and ensures there is a security stamp token in place, have updated the repository layer to manual update this if ASPNet Identity APIs are not used to update users.
2015-03-25 10:57:10 +11:00
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
using Microsoft.Owin;
using Microsoft.Owin.Extensions;
Updates the UmbracoBackOfficeIdentity to have better support for claims and adds unit tests for it. Creates OwinLogger's and methods to apply them. Updates security methods to ensure that a UmbracoBackOfficeIdentity is returned even from a normal ClaimsIdentity which will be the case with bearer tokens. Updates the angular anti-forgery checker to be ignore if the auth type is not cookie based. Adds a simple token server provider that people can use if they want. Now token authentication is working.
2015-04-10 14:22:09 +10:00
using Microsoft.Owin.Logging;
Gets external cookies working with a custom auth type (so we don't interfere with the 'default')
2015-02-19 16:36:39 +01:00
using Microsoft.Owin.Security;
massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.
2015-02-06 14:05:29 +11:00
using Microsoft.Owin.Security.Cookies;
Removes FormsAuthentication cookie format and replaces with standard aspnet identity format, removes a bunch of old obsolete and unused code, fixes the culture setting issue, simplifies the UmbracoBackOfficeIdentity since it no longer needs to be a FormsIdentity and just a straight forward ClaimsIdentity
2018-04-05 23:10:51 +10:00
using Microsoft.Owin.Security.DataHandler;
using Microsoft.Owin.Security.DataProtection;
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
using Owin;
using Umbraco.Core;
using Umbraco.Core.Configuration;
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
using Umbraco.Core.Configuration.UmbracoSettings;
Cleanup, reduce AutoMapper exposure
2019-03-19 19:16:24 +01:00
using Umbraco.Core.Mapping;
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
using Umbraco.Core.Models.Identity;
using Umbraco.Core.Security;
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
using Umbraco.Core.Services;
Move Web.Current to Composing
2017-05-30 18:13:11 +02:00
using Umbraco.Web.Composing;
Implements IUserSecurityStore and ensures there is a security stamp token in place, have updated the repository layer to manual update this if ASPNet Identity APIs are not used to update users.
2015-03-25 10:57:10 +11:00
using Constants = Umbraco.Core.Constants;
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
Some refactoring to decouple web based assemblies from Umbraco.Core and move whatever we can to Umbraco.Web where web based assemblies are used. Decouples System.Drawing entirely from Umbraco.Core and removes the Active Directory dependency from Umbraco.core.
2018-08-29 01:15:46 +10:00
namespace Umbraco.Web.Security
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
{
Cleanup SignalR
2016-10-19 11:16:33 +02:00
/// <summary>
/// Provides security/identity extension methods to IAppBuilder.
/// </summary>
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
public static class AppBuilderExtensions
{
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
/// <summary>
adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)
2015-03-24 13:36:52 +11:00
/// Configure Default Identity User Manager for Umbraco
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
/// </summary>
/// <param name="app"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="services"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="contentSettings"></param>
/// <param name="globalSettings"></param>
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
/// <param name="userMembershipProvider"></param>
Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation
2015-06-18 19:16:49 +02:00
public static void ConfigureUserManagerForUmbracoBackOffice(this IAppBuilder app,
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
ServiceContext services,
Rename mapper stuff
2019-04-03 10:39:49 +02:00
UmbracoMapper mapper,
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
IContentSection contentSettings,
IGlobalSettings globalSettings,
removes the BackOfficeRoleManager since we don't use roles in the back office (sections i suppose) and we can't dynamically just create them, that doesn't make sense.
2015-03-24 13:16:32 +11:00
MembershipProviderBase userMembershipProvider)
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
{
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
if (services == null) throw new ArgumentNullException(nameof(services));
if (userMembershipProvider == null) throw new ArgumentNullException(nameof(userMembershipProvider));
Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.
2015-03-26 17:43:22 +11:00
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
//Configure Umbraco user manager to be created per request
app.CreatePerOwinContext<BackOfficeUserManager>(
(options, owinContext) => BackOfficeUserManager.Create(
Updates OwinStartup and split the methods into an extension methods file complete with documentation on how to implement the providers. Tested the microsoft provider. Now to clean things up: remove the 3rd party package installs to be ready for shipping, ensure that the user parts are extensible enough for people to plugin their own interfaces.
2015-03-24 12:50:31 +11:00
options,
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
services.UserService,
services.MemberTypeService,
Port 7.7 - WIP
2017-09-12 16:22:16 +02:00
services.EntityService,
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
services.ExternalLoginService,
Port 7.7 - WIP
2017-09-19 15:51:47 +02:00
userMembershipProvider,
Cleanup, reduce AutoMapper exposure
2019-03-19 19:16:24 +01:00
mapper,
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
contentSettings,
globalSettings));
Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager
2016-08-12 12:20:00 +02:00
app.SetBackOfficeUserManagerType<BackOfficeUserManager, BackOfficeIdentityUser>();
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs.
2015-07-01 17:07:29 +02:00
//Create a sign in manager per request
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
app.CreatePerOwinContext<BackOfficeSignInManager>((options, context) => BackOfficeSignInManager.Create(options, context, globalSettings, app.CreateLogger<BackOfficeSignInManager>()));
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
}
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)
2015-03-24 13:36:52 +11:00
/// <summary>
/// Configure a custom UserStore with the Identity User Manager for Umbraco
/// </summary>
/// <param name="app"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="globalSettings"></param>
adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)
2015-03-24 13:36:52 +11:00
/// <param name="userMembershipProvider"></param>
/// <param name="customUserStore"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="contentSettings"></param>
adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)
2015-03-24 13:36:52 +11:00
public static void ConfigureUserManagerForUmbracoBackOffice(this IAppBuilder app,
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
IRuntimeState runtimeState,
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
IContentSection contentSettings,
IGlobalSettings globalSettings,
adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)
2015-03-24 13:36:52 +11:00
MembershipProviderBase userMembershipProvider,
BackOfficeUserStore customUserStore)
{
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
if (userMembershipProvider == null) throw new ArgumentNullException(nameof(userMembershipProvider));
if (customUserStore == null) throw new ArgumentNullException(nameof(customUserStore));
Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.
2015-03-26 17:43:22 +11:00
adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)
2015-03-24 13:36:52 +11:00
//Configure Umbraco user manager to be created per request
app.CreatePerOwinContext<BackOfficeUserManager>(
(options, owinContext) => BackOfficeUserManager.Create(
options,
customUserStore,
Port 7.7 - WIP
2017-09-19 15:51:47 +02:00
userMembershipProvider,
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
contentSettings));
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs.
2015-07-01 17:07:29 +02:00
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager
2016-08-12 12:20:00 +02:00
app.SetBackOfficeUserManagerType<BackOfficeUserManager, BackOfficeIdentityUser>();
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs.
2015-07-01 17:07:29 +02:00
//Create a sign in manager per request
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
app.CreatePerOwinContext<BackOfficeSignInManager>((options, context) => BackOfficeSignInManager.Create(options, context, globalSettings, app.CreateLogger(typeof(BackOfficeSignInManager).FullName)));
adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...)
2015-03-24 13:36:52 +11:00
}
Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.
2015-03-26 17:43:22 +11:00
/// <summary>
/// Configure a custom BackOfficeUserManager for Umbraco
/// </summary>
/// <param name="app"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="globalSettings"></param>
Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.
2015-03-26 17:43:22 +11:00
/// <param name="userManager"></param>
public static void ConfigureUserManagerForUmbracoBackOffice<TManager, TUser>(this IAppBuilder app,
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
IRuntimeState runtimeState,
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
IGlobalSettings globalSettings,
Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.
2015-03-26 17:43:22 +11:00
Func<IdentityFactoryOptions<TManager>, IOwinContext, TManager> userManager)
Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation
2015-06-18 19:16:49 +02:00
where TManager : BackOfficeUserManager<TUser>
Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.
2015-03-26 17:43:22 +11:00
where TUser : BackOfficeIdentityUser
{
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
if (userManager == null) throw new ArgumentNullException(nameof(userManager));
Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.
2015-03-26 17:43:22 +11:00
//Configure Umbraco user manager to be created per request
app.CreatePerOwinContext<TManager>(userManager);
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs.
2015-07-01 17:07:29 +02:00
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager
2016-08-12 12:20:00 +02:00
app.SetBackOfficeUserManagerType<TManager, TUser>();
Implements SignInManager, implements lock out policy for user manager, allows for better implementation of 2 factor auth for developers. Updates to latest owin libs.
2015-07-01 17:07:29 +02:00
//Create a sign in manager per request
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager
2016-08-12 12:20:00 +02:00
app.CreatePerOwinContext<BackOfficeSignInManager>(
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
(options, context) => BackOfficeSignInManager.Create(options, context, globalSettings, app.CreateLogger(typeof(BackOfficeSignInManager).FullName)));
Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't.
2015-03-26 17:43:22 +11:00
}
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
/// <summary>
/// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
/// </summary>
/// <param name="app"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="umbracoContextAccessor"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="userService"></param>
/// <param name="globalSettings"></param>
/// <param name="securitySection"></param>
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
/// <returns></returns>
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
/// <remarks>
/// By default this will be configured to execute on PipelineStage.Authenticate
/// </remarks>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app, IUmbracoContextAccessor umbracoContextAccessor, IRuntimeState runtimeState,IUserService userService, IGlobalSettings globalSettings, ISecuritySection securitySection)
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
{
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
return app.UseUmbracoBackOfficeCookieAuthentication(umbracoContextAccessor, runtimeState, userService, globalSettings, securitySection, PipelineStage.Authenticate);
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
}
/// <summary>
/// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
/// </summary>
/// <param name="app"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="umbracoContextAccessor"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="userService"></param>
/// <param name="globalSettings"></param>
/// <param name="securitySection"></param>
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
/// <param name="stage">
/// Configurable pipeline stage
/// </param>
/// <returns></returns>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app, IUmbracoContextAccessor umbracoContextAccessor, IRuntimeState runtimeState, IUserService userService, IGlobalSettings globalSettings, ISecuritySection securitySection, PipelineStage stage)
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
{
Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required.
2016-07-18 10:09:46 +02:00
//Create the default options and provider
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
var authOptions = app.CreateUmbracoCookieAuthOptions(umbracoContextAccessor, globalSettings, runtimeState, securitySection);
U4-7538 GetRemainingTimeoutSeconds is double setting the cookie in 7.4
2015-12-15 16:44:03 +01:00
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
authOptions.Provider = new BackOfficeCookieAuthenticationProvider(userService, runtimeState, globalSettings)
U4-7538 GetRemainingTimeoutSeconds is double setting the cookie in 7.4
2015-12-15 16:44:03 +01:00
{
Cleanup - UmbracoContext and injection
2016-06-09 11:57:13 +02:00
// Enables the application to validate the security stamp when the user
// logs in. This is a security feature which is used when you
// change a password or add an external login to your account.
Keep custom claims that are flowed from autolinking When auto linking with callbacks such as OnExternalLogin, custom claims can be added to the user which are flowed to the auth ticket/identity. However, when the security stamp validator executes, the identity is re-created manually without any knowledge of those custom claims so they are lost. This ensures that those custom claims flow through to the re-generated identity during the security stamp validation phase.
2021-02-23 10:41:00 +11:00
OnValidateIdentity = context =>
{
var identity = context.Identity;
return SecurityStampValidator
.OnValidateIdentity<BackOfficeUserManager, BackOfficeIdentityUser, int>(
removes testing timeout so it stays as it was
2021-02-23 11:25:27 +11:00
TimeSpan.FromMinutes(30),
Keep custom claims that are flowed from autolinking When auto linking with callbacks such as OnExternalLogin, custom claims can be added to the user which are flowed to the auth ticket/identity. However, when the security stamp validator executes, the identity is re-created manually without any knowledge of those custom claims so they are lost. This ensures that those custom claims flow through to the re-generated identity during the security stamp validation phase.
2021-02-23 10:41:00 +11:00
async (manager, user) =>
{
var regenerated = await manager.GenerateUserIdentityAsync(user);
// Keep any custom claims from the original identity
regenerated.MergeClaimsFromBackOfficeIdentity(identity);
return regenerated;
},
identity => identity.GetUserId<int>())(context);
}
Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required.
2016-07-18 10:09:46 +02:00
U4-7538 GetRemainingTimeoutSeconds is double setting the cookie in 7.4
2015-12-15 16:44:03 +01:00
};
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
return app.UseUmbracoBackOfficeCookieAuthentication(umbracoContextAccessor, runtimeState, globalSettings, securitySection, authOptions, stage);
Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required.
2016-07-18 10:09:46 +02:00
}
U4-7538 GetRemainingTimeoutSeconds is double setting the cookie in 7.4
2015-12-15 16:44:03 +01:00
Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required.
2016-07-18 10:09:46 +02:00
/// <summary>
/// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
/// </summary>
/// <param name="app"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="umbracoContextAccessor"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="globalSettings"></param>
/// <param name="securitySection"></param>
Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required.
2016-07-18 10:09:46 +02:00
/// <param name="cookieOptions">Custom auth cookie options can be specified to have more control over the cookie authentication logic</param>
/// <param name="stage">
/// Configurable pipeline stage
/// </param>
/// <returns></returns>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app, IUmbracoContextAccessor umbracoContextAccessor, IRuntimeState runtimeState, IGlobalSettings globalSettings, ISecuritySection securitySection, CookieAuthenticationOptions cookieOptions, PipelineStage stage)
Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required.
2016-07-18 10:09:46 +02:00
{
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
if (app == null) throw new ArgumentNullException(nameof(app));
if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
if (cookieOptions == null) throw new ArgumentNullException(nameof(cookieOptions));
if (cookieOptions.Provider == null)
throw new ArgumentNullException("cookieOptions.Provider cannot be null.", nameof(cookieOptions));
if (cookieOptions.Provider is BackOfficeCookieAuthenticationProvider == false)
throw new ArgumentException($"cookieOptions.Provider must be of type {typeof(BackOfficeCookieAuthenticationProvider)}.", nameof(cookieOptions));
app.UseUmbracoBackOfficeCookieAuthenticationInternal(cookieOptions, runtimeState, stage);
Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation
2015-06-18 19:16:49 +02:00
Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required.
2016-07-18 10:09:46 +02:00
//don't apply if app is not ready
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
if (runtimeState.Level != RuntimeLevel.Upgrade && runtimeState.Level != RuntimeLevel.Run) return app;
Removes FormsAuthentication cookie format and replaces with standard aspnet identity format, removes a bunch of old obsolete and unused code, fixes the culture setting issue, simplifies the UmbracoBackOfficeIdentity since it no longer needs to be a FormsIdentity and just a straight forward ClaimsIdentity
2018-04-05 23:10:51 +10:00
var cookieAuthOptions = app.CreateUmbracoCookieAuthOptions(
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
umbracoContextAccessor, globalSettings, runtimeState, securitySection,
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
//This defines the explicit path read cookies from for this middleware
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
new[] {$"{globalSettings.Path}/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds"});
Removes FormsAuthentication cookie format and replaces with standard aspnet identity format, removes a bunch of old obsolete and unused code, fixes the culture setting issue, simplifies the UmbracoBackOfficeIdentity since it no longer needs to be a FormsIdentity and just a straight forward ClaimsIdentity
2018-04-05 23:10:51 +10:00
cookieAuthOptions.Provider = cookieOptions.Provider;
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
//This is a custom middleware, we need to return the user's remaining logged in seconds
app.Use<GetUserSecondsMiddleWare>(
Removes FormsAuthentication cookie format and replaces with standard aspnet identity format, removes a bunch of old obsolete and unused code, fixes the culture setting issue, simplifies the UmbracoBackOfficeIdentity since it no longer needs to be a FormsIdentity and just a straight forward ClaimsIdentity
2018-04-05 23:10:51 +10:00
cookieAuthOptions,
Refactor configuration for DI
2019-01-07 10:43:28 +01:00
Current.Configs.Global(),
Current.Configs.Settings().Security,
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
app.CreateLogger<GetUserSecondsMiddleWare>());
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
Removes FormsAuthentication cookie format and replaces with standard aspnet identity format, removes a bunch of old obsolete and unused code, fixes the culture setting issue, simplifies the UmbracoBackOfficeIdentity since it no longer needs to be a FormsIdentity and just a straight forward ClaimsIdentity
2018-04-05 23:10:51 +10:00
//This is required so that we can read the auth ticket format outside of this pipeline
app.CreatePerOwinContext<UmbracoAuthTicketDataProtector>(
(options, context) => new UmbracoAuthTicketDataProtector(cookieOptions.TicketDataFormat));
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
return app;
}
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager
2016-08-12 12:20:00 +02:00
private static bool _markerSet = false;
/// <summary>
/// This registers the exact type of the user manager in owin so we can extract it
/// when required in order to extract the user manager instance
/// </summary>
/// <typeparam name="TManager"></typeparam>
/// <typeparam name="TUser"></typeparam>
/// <param name="app"></param>
/// <remarks>
/// This is required because a developer can specify a custom user manager and due to generic types the key name will registered
/// differently in the owin context
Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
/// </remarks>
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager
2016-08-12 12:20:00 +02:00
private static void SetBackOfficeUserManagerType<TManager, TUser>(this IAppBuilder app)
where TManager : BackOfficeUserManager<TUser>
where TUser : BackOfficeIdentityUser
{
if (_markerSet) throw new InvalidOperationException("The back office user manager marker has already been set, only one back office user manager can be configured");
Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
//on each request set the user manager getter -
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager
2016-08-12 12:20:00 +02:00
// this is required purely because Microsoft.Owin.IOwinContext is super inflexible with it's Get since it can only be
// a generic strongly typed instance
app.Use((context, func) =>
{
context.Set(BackOfficeUserManager.OwinMarkerKey, new BackOfficeUserManagerMarker<TManager, TUser>());
return func();
Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
});
U4-8850 Configuring a custom BackOfficeUserManager type will not work if the type is not specifically BackOfficeUserManager
2016-08-12 12:20:00 +02:00
}
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
private static void UseUmbracoBackOfficeCookieAuthenticationInternal(this IAppBuilder app, CookieAuthenticationOptions options, IRuntimeState runtimeState, PipelineStage stage)
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
{
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
if (app == null) throw new ArgumentNullException(nameof(app));
if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
//First the normal cookie middleware
app.Use(typeof(CookieAuthenticationMiddleware), app, options);
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
//don't apply if app is not ready
if (runtimeState.Level == RuntimeLevel.Upgrade || runtimeState.Level == RuntimeLevel.Run)
Fixes: U4-7467 Umbraco 7.3.2 Clean install, OWIN error after database creation and bumps version
2015-11-27 21:23:24 +01:00
{
//Then our custom middlewares
Cleanup - UmbracoContext and injection
2016-06-09 11:57:13 +02:00
app.Use(typeof(ForceRenewalCookieAuthenticationMiddleware), app, options, Current.UmbracoContextAccessor);
Start adding support for better error handling during external login processing
2020-06-19 11:24:03 +10:00
app.Use(typeof(FixWindowsAuthMiddlware));
Fixes: U4-7467 Umbraco 7.3.2 Clean install, OWIN error after database creation and bumps version
2015-11-27 21:23:24 +01:00
}
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
//Marks all of the above middlewares to execute on Authenticate
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
app.UseStageMarker(stage);
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
}
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
Starts stubbing out role manager code
2015-02-22 15:10:14 +01:00
/// <summary>
/// Ensures that the cookie middleware for validating external logins is assigned to the pipeline with the correct
/// Umbraco back office configuration
/// </summary>
/// <param name="app"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="umbracoContextAccessor"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="globalSettings"></param>
Starts stubbing out role manager code
2015-02-22 15:10:14 +01:00
/// <returns></returns>
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
/// <remarks>
/// By default this will be configured to execute on PipelineStage.Authenticate
/// </remarks>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
public static IAppBuilder UseUmbracoBackOfficeExternalCookieAuthentication(this IAppBuilder app, IUmbracoContextAccessor umbracoContextAccessor, IRuntimeState runtimeState,IGlobalSettings globalSettings)
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
{
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
return app.UseUmbracoBackOfficeExternalCookieAuthentication(umbracoContextAccessor, runtimeState, globalSettings, PipelineStage.Authenticate);
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
}
/// <summary>
/// Ensures that the cookie middleware for validating external logins is assigned to the pipeline with the correct
/// Umbraco back office configuration
/// </summary>
/// <param name="app"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="umbracoContextAccessor"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="globalSettings"></param>
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
/// <param name="stage"></param>
/// <returns></returns>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
public static IAppBuilder UseUmbracoBackOfficeExternalCookieAuthentication(this IAppBuilder app,
IUmbracoContextAccessor umbracoContextAccessor, IRuntimeState runtimeState,
IGlobalSettings globalSettings, PipelineStage stage)
Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data
2015-02-06 16:13:02 +11:00
{
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
if (app == null) throw new ArgumentNullException(nameof(app));
if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
Ensures that during install that we don't enable the identity user manager or cookie auth since no db tables exist, fixes the IsUpgrading check to check for actual valid tables
2015-06-09 12:17:45 +02:00
Gets external cookies working with a custom auth type (so we don't interfere with the 'default')
2015-02-19 16:36:39 +01:00
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
AuthenticationMode = AuthenticationMode.Passive,
Updates the back office external cookie name to be consistently cased with the other back office cookie names
2015-03-25 12:21:41 +11:00
CookieName = Constants.Security.BackOfficeExternalCookieName,
Gets external cookies working with a custom auth type (so we don't interfere with the 'default')
2015-02-19 16:36:39 +01:00
ExpireTimeSpan = TimeSpan.FromMinutes(5),
//Custom cookie manager so we can filter requests
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
CookieManager = new BackOfficeCookieManager(umbracoContextAccessor, runtimeState, globalSettings),
Gets external cookies working with a custom auth type (so we don't interfere with the 'default')
2015-02-19 16:36:39 +01:00
CookiePath = "/",
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
CookieSecure = globalSettings.UseHttps ? CookieSecureOption.Always : CookieSecureOption.SameAsRequest,
Gets external cookies working with a custom auth type (so we don't interfere with the 'default')
2015-02-19 16:36:39 +01:00
CookieHttpOnly = true,
Refactor configuration for DI
2019-01-07 10:43:28 +01:00
CookieDomain = Current.Configs.Settings().Security.AuthCookieDomain
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
}, stage);
Gets external cookies working with a custom auth type (so we don't interfere with the 'default')
2015-02-19 16:36:39 +01:00
Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data
2015-02-06 16:13:02 +11:00
return app;
Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation
2015-06-18 19:16:49 +02:00
}
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
/// <summary>
/// In order for preview to work this needs to be called
/// </summary>
/// <param name="app"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="umbracoContextAccessor"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="globalSettings"></param>
/// <param name="securitySettings"></param>
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
/// <returns></returns>
/// <remarks>
/// This ensures that during a preview request that the back office use is also Authenticated and that the back office Identity
/// is added as a secondary identity to the current IPrincipal so it can be used to Authorize the previewed document.
/// </remarks>
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
/// <remarks>
/// By default this will be configured to execute on PipelineStage.PostAuthenticate
/// </remarks>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
public static IAppBuilder UseUmbracoPreviewAuthentication(this IAppBuilder app, IUmbracoContextAccessor umbracoContextAccessor, IRuntimeState runtimeState, IGlobalSettings globalSettings, ISecuritySection securitySettings)
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
{
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
return app.UseUmbracoPreviewAuthentication(umbracoContextAccessor, runtimeState, globalSettings, securitySettings, PipelineStage.PostAuthenticate);
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
}
/// <summary>
/// In order for preview to work this needs to be called
/// </summary>
/// <param name="app"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="umbracoContextAccessor"></param>
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
/// <param name="runtimeState"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="globalSettings"></param>
/// <param name="securitySettings"></param>
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
/// <param name="stage"></param>
/// <returns></returns>
/// <remarks>
/// This ensures that during a preview request that the back office use is also Authenticated and that the back office Identity
/// is added as a secondary identity to the current IPrincipal so it can be used to Authorize the previewed document.
/// </remarks>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
public static IAppBuilder UseUmbracoPreviewAuthentication(this IAppBuilder app, IUmbracoContextAccessor umbracoContextAccessor, IRuntimeState runtimeState, IGlobalSettings globalSettings, ISecuritySection securitySettings, PipelineStage stage)
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
{
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
if (runtimeState.Level != RuntimeLevel.Run) return app;
udpates ext method to specify an explicit marker stage, updates UmbracoDefaultOwinStartup to be more flexible with the methods to override.
2016-03-09 19:37:37 +01:00
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
var authOptions = app.CreateUmbracoCookieAuthOptions(umbracoContextAccessor, globalSettings, runtimeState, securitySettings);
Refactor configuration for DI
2019-01-07 10:43:28 +01:00
app.Use(typeof(PreviewAuthenticationMiddleware), authOptions, Current.Configs.Global());
Cleanup - UmbracoContext and injection
2016-06-09 11:57:13 +02:00
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
// This middleware must execute at least on PostAuthentication, by default it is on Authorize
// The middleware needs to execute after the RoleManagerModule executes which is during PostAuthenticate,
// currently I've had 100% success with ensuring this fires after RoleManagerModule even if this is set
// to PostAuthenticate though not sure if that's always a guarantee so by default it's Authorize.
if (stage < PipelineStage.PostAuthenticate)
throw new InvalidOperationException("The stage specified for UseUmbracoPreviewAuthentication must be greater than or equal to " + PipelineStage.PostAuthenticate);
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
Resvolution - Components, Runtime & Booting
2016-09-01 19:06:08 +02:00
app.UseStageMarker(stage);
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
return app;
}
Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data
2015-02-06 16:13:02 +11:00
Start adding support for better error handling during external login processing
2020-06-19 11:24:03 +10:00
/// <summary>
/// Enable the back office to detect and handle errors registered with external login providers
/// </summary>
/// <param name="app"></param>
/// <param name="stage"></param>
/// <returns></returns>
public static IAppBuilder UseUmbracoBackOfficeExternalLoginErrors(this IAppBuilder app, PipelineStage stage = PipelineStage.Authorize)
Gets custom OAuth errors working
2020-08-11 16:06:37 +10:00
{
Start adding support for better error handling during external login processing
2020-06-19 11:24:03 +10:00
app.Use(typeof(BackOfficeExternalLoginProviderErrorMiddlware));
app.UseStageMarker(stage);
return app;
}
Fix thread CultureInfo issue breaking PetaPoco
2015-10-30 15:17:58 +01:00
public static void SanitizeThreadCulture(this IAppBuilder app)
{
Fix CultureInfo leak in UmbracoApplicationBase too.
2015-11-17 16:53:56 +01:00
Thread.CurrentThread.SanitizeThreadCulture();
Fix thread CultureInfo issue breaking PetaPoco
2015-10-30 15:17:58 +01:00
}
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
/// <summary>
/// Create the default umb cookie auth options
/// </summary>
Updates public APIs to enable umbraco cookie auth so devs can specify their own cookie options if required.
2016-07-18 10:09:46 +02:00
/// <param name="app"></param>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
/// <param name="umbracoContextAccessor"></param>
/// <param name="globalSettings"></param>
/// <param name="runtimeState"></param>
/// <param name="securitySettings"></param>
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
/// <param name="explicitPaths"></param>
/// <returns></returns>
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
public static UmbracoBackOfficeCookieAuthOptions CreateUmbracoCookieAuthOptions(this IAppBuilder app,
Move UmbracoConfig singleton to Current
2018-12-12 17:49:24 +01:00
IUmbracoContextAccessor umbracoContextAccessor,
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
IGlobalSettings globalSettings, IRuntimeState runtimeState, ISecuritySection securitySettings, string[] explicitPaths = null)
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
{
Removes FormsAuthentication cookie format and replaces with standard aspnet identity format, removes a bunch of old obsolete and unused code, fixes the culture setting issue, simplifies the UmbracoBackOfficeIdentity since it no longer needs to be a FormsIdentity and just a straight forward ClaimsIdentity
2018-04-05 23:10:51 +10:00
//this is how aspnet wires up the default AuthenticationTicket protector so we'll use the same code
var ticketDataFormat = new TicketDataFormat(
app.CreateDataProtector(typeof (CookieAuthenticationMiddleware).FullName,
Constants.Security.BackOfficeAuthenticationType,
"v1"));
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
var authOptions = new UmbracoBackOfficeCookieAuthOptions(
explicitPaths,
U4-8861 Extract GlobalSettings to an interface and expose on the standard UmbracoConfig.For settings singleton including a bunch of cleanup, getting the installer and steps to be DI
2018-04-06 13:51:54 +10:00
umbracoContextAccessor,
securitySettings,
globalSettings,
runtimeState,
Removes FormsAuthentication cookie format and replaces with standard aspnet identity format, removes a bunch of old obsolete and unused code, fixes the culture setting issue, simplifies the UmbracoBackOfficeIdentity since it no longer needs to be a FormsIdentity and just a straight forward ClaimsIdentity
2018-04-05 23:10:51 +10:00
ticketDataFormat);
U4-4219 Can't Preview protected pages
2016-03-09 17:35:50 +01:00
return authOptions;
}
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
}
Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
}
Reference in New Issue Copy Permalink