yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e73029cf4fb486318dc0b6510cb2cc2115298137
Umbraco-CMS/src/Umbraco.Web/Security/WebAuthExtensions.cs

65 lines
2.4 KiB
C#
Raw Normal View History

Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
using System.Net.Http;
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
using System.Security.Claims;
using System.Security.Principal;
using System.ServiceModel.Channels;
using System.Threading;
using System.Web;
using AutoMapper;
using Umbraco.Core.Models.Membership;
using Umbraco.Core.Security;
using Umbraco.Web.WebApi;
namespace Umbraco.Web.Security
{
internal static class WebAuthExtensions
{
/// <summary>
Port v7@2aa0dfb2c5 - WIP
2018-03-27 10:51:41 +02:00
/// This will set a an authenticated IPrincipal to the current request for webforms & webapi
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
/// </summary>
/// <param name="request"></param>
Port v7@2aa0dfb2c5 - WIP
2018-03-27 10:51:41 +02:00
/// <param name="principal"></param>
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
/// <returns></returns>
Port v7@2aa0dfb2c5 - WIP
2018-03-27 10:51:41 +02:00
internal static IPrincipal SetPrincipalForRequest(this HttpRequestMessage request, IPrincipal principal)
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
{
//It is actually not good enough to set this on the current app Context and the thread, it also needs
Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
// to be set explicitly on the HttpContext.Current !! This is a strange web api thing that is actually
Temp8 - Fixing spelling / typos etc in Umbraco.Web (#4148)
2019-01-26 10:52:19 -05:00
// an underlying fault of asp.net not propagating the User correctly.
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
var http = request.TryGetHttpContext();
if (http)
{
http.Result.User = principal;
}
Thread.CurrentPrincipal = principal;
//For WebAPI
request.SetUserPrincipal(principal);
return principal;
}
/// <summary>
/// This will set a an authenticated IPrincipal to the current request given the IUser object
/// </summary>
/// <param name="httpContext"></param>
Port v7@2aa0dfb2c5 - WIP
2018-03-27 10:51:41 +02:00
/// <param name="principal"></param>
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
/// <returns></returns>
Port v7@2aa0dfb2c5 - WIP
2018-03-27 10:51:41 +02:00
internal static IPrincipal SetPrincipalForRequest(this HttpContextBase httpContext, IPrincipal principal)
{
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
//It is actually not good enough to set this on the current app Context and the thread, it also needs
Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
// to be set explicitly on the HttpContext.Current !! This is a strange web api thing that is actually
Temp8 - Fixing spelling / typos etc in Umbraco.Web (#4148)
2019-01-26 10:52:19 -05:00
// an underlying fault of asp.net not propagating the User correctly.
Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out.
2015-11-19 18:12:21 +01:00
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
httpContext.User = principal;
Thread.CurrentPrincipal = principal;
return principal;
}
}
Normalize cr/lf/tab
2017-07-20 11:21:28 +02:00
}
Reference in New Issue Copy Permalink