src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs

using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Umbraco.Core;
using Umbraco.Core.BackOffice;
using Umbraco.Core.Configuration;
using Umbraco.Core.Security;
using Umbraco.Core.Serialization;
using Umbraco.Net;
using Umbraco.Web.BackOffice.Security;
using Umbraco.Web.Common.AspNetCore;
using Umbraco.Web.Common.Security;

namespace Umbraco.Extensions
{
    public static class UmbracoBackOfficeServiceCollectionExtensions
    {
        /// <summary>
        /// Adds the services required for running the Umbraco back office
        /// </summary>
        /// <param name="services"></param>
        public static void AddUmbracoBackOffice(this IServiceCollection services)
        {
            services.AddAntiforgery();

            services
                .AddAuthentication(Constants.Security.BackOfficeAuthenticationType)
                .AddCookie(Constants.Security.BackOfficeAuthenticationType);
            // TODO: Need to add more cookie options, see https://github.com/dotnet/aspnetcore/blob/3.0/src/Identity/Core/src/IdentityServiceCollectionExtensions.cs#L45

            services.ConfigureOptions<ConfigureBackOfficeCookieOptions>();
        }

        /// <summary>
        /// Adds the services required for using Umbraco back office Identity
        /// </summary>
        /// <param name="services"></param>        
        public static void AddUmbracoBackOfficeIdentity(this IServiceCollection services)
        {
            services.AddDataProtection();

            services.TryAddScoped<IIpResolver, AspNetCoreIpResolver>();

            services.BuildUmbracoBackOfficeIdentity()
                .AddDefaultTokenProviders()
                .AddUserStore<BackOfficeUserStore>()
                .AddUserManager<BackOfficeUserManager>()
                .AddSignInManager<BackOfficeSignInManager>()
                .AddClaimsPrincipalFactory<BackOfficeClaimsPrincipalFactory<BackOfficeIdentityUser>>();

            // Configure the options specifically for the UmbracoBackOfficeIdentityOptions instance
            services.ConfigureOptions<ConfigureBackOfficeIdentityOptions>();
            services.ConfigureOptions<ConfigureBackOfficeSecurityStampValidatorOptions>();
        }

        private static IdentityBuilder BuildUmbracoBackOfficeIdentity(this IServiceCollection services)
        {
            // Borrowed from https://github.com/dotnet/aspnetcore/blob/master/src/Identity/Extensions.Core/src/IdentityServiceCollectionExtensions.cs#L33
            // The reason we need our own is because the Identity system doesn't cater easily for multiple identity systems and particularly being
            // able to configure IdentityOptions to a specific provider since there is no named options. So we have strongly typed options
            // and strongly typed ILookupNormalizer and IdentityErrorDescriber since those are 'global' and we need to be unintrusive. 

            // TODO: Could move all of this to BackOfficeComposer?

            // Services used by identity
            services.TryAddScoped<IUserValidator<BackOfficeIdentityUser>, UserValidator<BackOfficeIdentityUser>>();
            services.TryAddScoped<IPasswordValidator<BackOfficeIdentityUser>, PasswordValidator<BackOfficeIdentityUser>>();
            services.TryAddScoped<IPasswordHasher<BackOfficeIdentityUser>>(
                services => new BackOfficePasswordHasher(
                    new LegacyPasswordSecurity(services.GetRequiredService<IUserPasswordConfiguration>()),
                    services.GetRequiredService<IJsonSerializer>()));
            services.TryAddScoped<IUserConfirmation<BackOfficeIdentityUser>, DefaultUserConfirmation<BackOfficeIdentityUser>>();
            services.TryAddScoped<IUserClaimsPrincipalFactory<BackOfficeIdentityUser>, UserClaimsPrincipalFactory<BackOfficeIdentityUser>>();
            services.TryAddScoped<UserManager<BackOfficeIdentityUser>>();

            // CUSTOM:            
            services.TryAddScoped<BackOfficeLookupNormalizer>();
            services.TryAddScoped<BackOfficeIdentityErrorDescriber>();

            return new IdentityBuilder(typeof(BackOfficeIdentityUser), services);
        }
    }
}
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								using Microsoft.AspNetCore.Identity;
-												Initial DI attempt


											
										
										
											2020-05-15 15:21:15 +01:00
+								using Microsoft.Extensions.DependencyInjection;
-												Reduced duplicated code


											
										
										
											2020-05-18 08:21:34 +01:00
+								using Microsoft.Extensions.DependencyInjection.Extensions;
-												Resolvable user manager. Removed password configuration and generation for now


											
										
										
											2020-05-17 07:56:59 +01:00
+								using Umbraco.Core;
-												Moved .NET standard back office identity code into infrastructure (lowest common dependency)


											
										
										
											2020-05-17 08:48:36 +01:00
+								using Umbraco.Core.BackOffice;
-												Gettting password formats and hashing sorted, ensuring the password format on the user is used

											
										
										
											2020-05-27 13:48:26 +10:00
+								using Umbraco.Core.Configuration;
 								using Umbraco.Core.Security;
 								using Umbraco.Core.Serialization;
-												Resolvable user manager. Removed password configuration and generation for now


											
										
										
											2020-05-17 07:56:59 +01:00
+								using Umbraco.Net;
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								using Umbraco.Web.BackOffice.Security;
-												Resolvable user manager. Removed password configuration and generation for now


											
										
										
											2020-05-17 07:56:59 +01:00
+								using Umbraco.Web.Common.AspNetCore;
-												Cleaning up websecurity and implementing it, migrates security stamp and session id validation for cookie auth

											
										
										
											2020-06-02 13:28:30 +10:00
+								using Umbraco.Web.Common.Security;
-												Initial DI attempt


											
										
										
											2020-05-15 15:21:15 +01:00
 								namespace Umbraco.Extensions
 								{
 								    public static class UmbracoBackOfficeServiceCollectionExtensions
 								    {
-												gets anti-forgery working (needs more testing)

											
										
										
											2020-05-26 22:21:22 +10:00
+								        /// <summary>
 								        /// Adds the services required for running the Umbraco back office
 								        /// </summary>
 								        /// <param name="services"></param>
 								        public static void AddUmbracoBackOffice(this IServiceCollection services)
 								        {
 								            services.AddAntiforgery();
-												More signinmanager, signin now works and we set the user principal in the correct place on login

											
										
										
											2020-05-27 18:27:49 +10:00
 								            services
 								                .AddAuthentication(Constants.Security.BackOfficeAuthenticationType)
 								                .AddCookie(Constants.Security.BackOfficeAuthenticationType);
-												Cleaning up websecurity and implementing it, migrates security stamp and session id validation for cookie auth

											
										
										
											2020-06-02 13:28:30 +10:00
+								            // TODO: Need to add more cookie options, see https://github.com/dotnet/aspnetcore/blob/3.0/src/Identity/Core/src/IdentityServiceCollectionExtensions.cs#L45
-												More signinmanager, signin now works and we set the user principal in the correct place on login

											
										
										
											2020-05-27 18:27:49 +10:00
-												Cleaning up websecurity and implementing it, migrates security stamp and session id validation for cookie auth

											
										
										
											2020-06-02 13:28:30 +10:00
+								            services.ConfigureOptions<ConfigureBackOfficeCookieOptions>();
-												gets anti-forgery working (needs more testing)

											
										
										
											2020-05-26 22:21:22 +10:00
+								        }
 								        /// <summary>
 								        /// Adds the services required for using Umbraco back office Identity
 								        /// </summary>
 								        /// <param name="services"></param>
-												Working installation. Use of Thread.CurrentPrincipal removed for now


											
										
										
											2020-05-17 10:39:30 +01:00
+								        public static void AddUmbracoBackOfficeIdentity(this IServiceCollection services)
-												Initial DI attempt


											
										
										
											2020-05-15 15:21:15 +01:00
+								        {
-												Reduced duplicated code


											
										
										
											2020-05-18 08:21:34 +01:00
+								            services.AddDataProtection();
-												Added IdentityExtensions


											
										
										
											2020-05-18 13:00:32 +01:00
+								            services.TryAddScoped<IIpResolver, AspNetCoreIpResolver>();
-												Resolvable user manager. Removed password configuration and generation for now


											
										
										
											2020-05-17 07:56:59 +01:00
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								            services.BuildUmbracoBackOfficeIdentity()
-												Initial DI attempt


											
										
										
											2020-05-15 15:21:15 +01:00
+								                .AddDefaultTokenProviders()
-												Resolvable user manager. Removed password configuration and generation for now


											
										
										
											2020-05-17 07:56:59 +01:00
+								                .AddUserStore<BackOfficeUserStore>()
-												Reduced duplicated code


											
										
										
											2020-05-18 08:21:34 +01:00
+								                .AddUserManager<BackOfficeUserManager>()
-												Gettting password formats and hashing sorted, ensuring the password format on the user is used

											
										
										
											2020-05-27 13:48:26 +10:00
+								                .AddSignInManager<BackOfficeSignInManager>()
-												Reduced duplicated code


											
										
										
											2020-05-18 08:21:34 +01:00
+								                .AddClaimsPrincipalFactory<BackOfficeClaimsPrincipalFactory<BackOfficeIdentityUser>>();
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								            // Configure the options specifically for the UmbracoBackOfficeIdentityOptions instance
-												Cleaning up websecurity and implementing it, migrates security stamp and session id validation for cookie auth

											
										
										
											2020-06-02 13:28:30 +10:00
+								            services.ConfigureOptions<ConfigureBackOfficeIdentityOptions>();
 								            services.ConfigureOptions<ConfigureBackOfficeSecurityStampValidatorOptions>();
-												Initial DI attempt


											
										
										
											2020-05-15 15:21:15 +01:00
+								        }
-												Moves what is possible for identity back office to Core, configures backoffice identity with IOptions and our password settings

											
										
										
											2020-05-20 15:25:42 +10:00
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								        private static IdentityBuilder BuildUmbracoBackOfficeIdentity(this IServiceCollection services)
-												Moves what is possible for identity back office to Core, configures backoffice identity with IOptions and our password settings

											
										
										
											2020-05-20 15:25:42 +10:00
+								        {
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								            // Borrowed from https://github.com/dotnet/aspnetcore/blob/master/src/Identity/Extensions.Core/src/IdentityServiceCollectionExtensions.cs#L33
 								            // The reason we need our own is because the Identity system doesn't cater easily for multiple identity systems and particularly being
 								            // able to configure IdentityOptions to a specific provider since there is no named options. So we have strongly typed options
 								            // and strongly typed ILookupNormalizer and IdentityErrorDescriber since those are 'global' and we need to be unintrusive.
-												Gettting password formats and hashing sorted, ensuring the password format on the user is used

											
										
										
											2020-05-27 13:48:26 +10:00
+								            // TODO: Could move all of this to BackOfficeComposer?
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								            // Services used by identity
 								            services.TryAddScoped<IUserValidator<BackOfficeIdentityUser>, UserValidator<BackOfficeIdentityUser>>();
 								            services.TryAddScoped<IPasswordValidator<BackOfficeIdentityUser>, PasswordValidator<BackOfficeIdentityUser>>();
-												Gettting password formats and hashing sorted, ensuring the password format on the user is used

											
										
										
											2020-05-27 13:48:26 +10:00
+								            services.TryAddScoped<IPasswordHasher<BackOfficeIdentityUser>>(
 								                services => new BackOfficePasswordHasher(
-												renames to LegacyPasswordSecurity

											
										
										
											2020-05-28 23:24:32 +10:00
+								                    new LegacyPasswordSecurity(services.GetRequiredService<IUserPasswordConfiguration>()),
-												Gettting password formats and hashing sorted, ensuring the password format on the user is used

											
										
										
											2020-05-27 13:48:26 +10:00
+								                    services.GetRequiredService<IJsonSerializer>()));
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								            services.TryAddScoped<IUserConfirmation<BackOfficeIdentityUser>, DefaultUserConfirmation<BackOfficeIdentityUser>>();
 								            services.TryAddScoped<IUserClaimsPrincipalFactory<BackOfficeIdentityUser>, UserClaimsPrincipalFactory<BackOfficeIdentityUser>>();
 								            services.TryAddScoped<UserManager<BackOfficeIdentityUser>>();
-												Gettting password formats and hashing sorted, ensuring the password format on the user is used

											
										
										
											2020-05-27 13:48:26 +10:00
+								            // CUSTOM:
-												Implements more of identity and makes it more specific to the back office (less intrusive), starts adding cookie auth

											
										
										
											2020-05-21 15:43:33 +10:00
+								            services.TryAddScoped<BackOfficeLookupNormalizer>();
 								            services.TryAddScoped<BackOfficeIdentityErrorDescriber>();
 								            return new IdentityBuilder(typeof(BackOfficeIdentityUser), services);
-												Moves what is possible for identity back office to Core, configures backoffice identity with IOptions and our password settings

											
										
										
											2020-05-20 15:25:42 +10:00
+								        }
-												Initial DI attempt


											
										
										
											2020-05-15 15:21:15 +01:00
+								    }
 								}