yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9cf9cee88dbf15e1657241210ae3c7a1a76b6fc
Umbraco-CMS/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs

105 lines
4.5 KiB
C#
Raw Normal View History

Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
using System;
using System.Collections.Generic;
using System.Web;
using Microsoft.Owin;
using Microsoft.Owin.Extensions;
Gets external cookies working with a custom auth type (so we don't interfere with the 'default')
2015-02-19 16:36:39 +01:00
using Microsoft.Owin.Security;
massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.
2015-02-06 14:05:29 +11:00
using Microsoft.Owin.Security.Cookies;
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
using Owin;
using Umbraco.Core;
using Umbraco.Core.Configuration;
Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.
2015-02-06 13:47:00 +11:00
using Umbraco.Core.Logging;
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
using Umbraco.Core.Models.Identity;
using Umbraco.Core.Security;
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
namespace Umbraco.Web.Security.Identity
{
public static class AppBuilderExtensions
{
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
/// <summary>
/// Configure Identity User Manager for Umbraco
/// </summary>
/// <param name="app"></param>
/// <param name="appContext"></param>
/// <param name="userMembershipProvider"></param>
public static void ConfigureUserManagerForUmbracoBackOffice(this IAppBuilder app, ApplicationContext appContext, MembershipProviderBase userMembershipProvider)
{
//Don't proceed if the app is not ready
if (appContext.IsConfigured == false
|| appContext.DatabaseContext == null
|| appContext.DatabaseContext.IsDatabaseConfigured == false) return;
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
//Configure Umbraco user manager to be created per request
app.CreatePerOwinContext<BackOfficeUserManager>(
(options, owinContext) => BackOfficeUserManager.Create(
options,
owinContext,
appContext.Services.UserService,
appContext.Services.ExternalLoginService,
userMembershipProvider));
}
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
/// <summary>
/// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
/// </summary>
/// <param name="app"></param>
/// <returns></returns>
Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data
2015-02-06 16:13:02 +11:00
public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app)
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
{
if (app == null) throw new ArgumentNullException("app");
massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.
2015-02-06 14:05:29 +11:00
app.UseCookieAuthentication(new UmbracoBackOfficeCookieAuthenticationOptions(
Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.
2015-02-06 13:47:00 +11:00
UmbracoConfig.For.UmbracoSettings().Security,
GlobalSettings.TimeOutInMinutes,
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
GlobalSettings.UseSSL)
massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.
2015-02-06 14:05:29 +11:00
{
Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data
2015-02-06 16:13:02 +11:00
Provider = new CookieAuthenticationProvider
{
//// Enables the application to validate the security stamp when the user
//// logs in. This is a security feature which is used when you
//// change a password or add an external login to your account.
//OnValidateIdentity = SecurityStampValidator
// .OnValidateIdentity<UmbracoMembersUserManager<UmbracoApplicationUser>, UmbracoApplicationUser, int>(
// TimeSpan.FromMinutes(30),
// (manager, user) => user.GenerateUserIdentityAsync(manager),
// identity => identity.GetUserId<int>())
}
massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that.
2015-02-06 14:05:29 +11:00
});
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
return app;
}
Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data
2015-02-06 16:13:02 +11:00
public static IAppBuilder UseUmbracoBackOfficeExternalCookieAuthentication(this IAppBuilder app)
{
if (app == null) throw new ArgumentNullException("app");
Gets the user store up to date with the correct queries.
2015-02-19 16:06:07 +01:00
//TODO: Figure out why this isn't working and is only working with the default one, must be a reference somewhere
Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.
2015-02-09 17:37:21 +11:00
//app.UseExternalSignInCookie("UmbracoExternalCookie");
Gets external cookies working with a custom auth type (so we don't interfere with the 'default')
2015-02-19 16:36:39 +01:00
app.SetDefaultSignInAsAuthenticationType("UmbracoExternalCookie");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
AuthenticationMode = AuthenticationMode.Passive,
CookieName = Constants.Security.BackOfficeExternalAuthenticationType,
ExpireTimeSpan = TimeSpan.FromMinutes(5),
//Custom cookie manager so we can filter requests
CookieManager = new BackOfficeCookieManager(new SingletonUmbracoContextAccessor()),
CookiePath = "/",
CookieSecure = GlobalSettings.UseSSL ? CookieSecureOption.Always : CookieSecureOption.SameAsRequest,
CookieHttpOnly = true,
CookieDomain = UmbracoConfig.For.UmbracoSettings().Security.AuthCookieDomain
});
//NOTE: This works, but this is just the default implementation which we don't want because other devs
//might want to use this... right?
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data
2015-02-06 16:13:02 +11:00
return app;
}
Starts adding asp.net identity
2015-02-04 19:24:59 +11:00
}
}
Reference in New Issue Copy Permalink