src/Umbraco.Web/Security/Identity/FormsAuthenticationSecureDataFormat.cs

using System;
using System.Security.Claims;
using System.Web.Security;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Newtonsoft.Json;
using Owin;
using Umbraco.Core.Security;

namespace Umbraco.Web.Security.Identity
{

    /// <summary>
    /// Custom secure format that uses the old FormsAuthentication format
    /// </summary>
    internal class FormsAuthenticationSecureDataFormat : ISecureDataFormat<AuthenticationTicket>
    {
        private readonly int _loginTimeoutMinutes;

        public FormsAuthenticationSecureDataFormat(int loginTimeoutMinutes)
        {
            _loginTimeoutMinutes = loginTimeoutMinutes;
        }

        public string Protect(AuthenticationTicket data)
        {
            var backofficeIdentity = (UmbracoBackOfficeIdentity)data.Identity;
            var userDataString = JsonConvert.SerializeObject(backofficeIdentity.UserData);
            
            var ticket = new FormsAuthenticationTicket(
                5,
                data.Identity.Name,
                data.Properties.IssuedUtc.HasValue 
                    ? data.Properties.IssuedUtc.Value.LocalDateTime 
                    : DateTime.Now,
                data.Properties.ExpiresUtc.HasValue 
                    ? data.Properties.ExpiresUtc.Value.LocalDateTime 
                    : DateTime.Now.AddMinutes(_loginTimeoutMinutes),
                data.Properties.IsPersistent,
                userDataString,
                "/"
                );

            return FormsAuthentication.Encrypt(ticket);
        }

        /// <summary>
        /// Unprotects the cookie
        /// </summary>
        /// <param name="protectedText"></param>
        /// <returns></returns>
        public AuthenticationTicket Unprotect(string protectedText)
        {
            FormsAuthenticationTicket decrypt;
            try
            {
                decrypt = FormsAuthentication.Decrypt(protectedText);
                if (decrypt == null) return null;
            }
            catch (Exception)
            {
                return null;
            }

            var identity = new UmbracoBackOfficeIdentity(decrypt);

            var ticket = new AuthenticationTicket(identity, new AuthenticationProperties
            {
                ExpiresUtc = decrypt.Expiration.ToUniversalTime(),
                IssuedUtc = decrypt.IssueDate.ToUniversalTime(),
                IsPersistent = decrypt.IsPersistent,
                AllowRefresh = true
            });

            return ticket;
        }
    }
}
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								using System;
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
+								using System.Security.Claims;
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								using System.Web.Security;
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								using Microsoft.Owin;
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								using Microsoft.Owin.Security;
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								using Microsoft.Owin.Security.Cookies;
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								using Newtonsoft.Json;
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								using Owin;
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								using Umbraco.Core.Security;
 								namespace Umbraco.Web.Security.Identity
 								{
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								    /// <summary>
 								    /// Custom secure format that uses the old FormsAuthentication format
 								    /// </summary>
 								    internal class FormsAuthenticationSecureDataFormat : ISecureDataFormat<AuthenticationTicket>
 								    {
 								        private readonly int _loginTimeoutMinutes;
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								        public FormsAuthenticationSecureDataFormat(int loginTimeoutMinutes)
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								        {
 								            _loginTimeoutMinutes = loginTimeoutMinutes;
 								        }
 								        public string Protect(AuthenticationTicket data)
 								        {
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
+								            var backofficeIdentity = (UmbracoBackOfficeIdentity)data.Identity;
 								            var userDataString = JsonConvert.SerializeObject(backofficeIdentity.UserData);
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								            var ticket = new FormsAuthenticationTicket(
 ,
 								                data.Identity.Name,
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								                data.Properties.IssuedUtc.HasValue
 								                    ? data.Properties.IssuedUtc.Value.LocalDateTime
 								                    : DateTime.Now,
 								                data.Properties.ExpiresUtc.HasValue
 								                    ? data.Properties.ExpiresUtc.Value.LocalDateTime
 								                    : DateTime.Now.AddMinutes(_loginTimeoutMinutes),
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								                data.Properties.IsPersistent,
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
+								                userDataString,
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								                "/"
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								                );
 								            return FormsAuthentication.Encrypt(ticket);
 								        }
-												Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely.

											
										
										
											2015-02-09 17:37:21 +11:00
+								        /// <summary>
 								        /// Unprotects the cookie
 								        /// </summary>
 								        /// <param name="protectedText"></param>
 								        /// <returns></returns>
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								        public AuthenticationTicket Unprotect(string protectedText)
 								        {
 								            FormsAuthenticationTicket decrypt;
 								            try
 								            {
 								                decrypt = FormsAuthentication.Decrypt(protectedText);
 								                if (decrypt == null) return null;
 								            }
 								            catch (Exception)
 								            {
 								                return null;
 								            }
 								            var identity = new UmbracoBackOfficeIdentity(decrypt);
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
+								            var ticket = new AuthenticationTicket(identity, new AuthenticationProperties
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								            {
 								                ExpiresUtc = decrypt.Expiration.ToUniversalTime(),
 								                IssuedUtc = decrypt.IssueDate.ToUniversalTime(),
-												Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation

											
										
										
											2015-06-18 19:16:49 +02:00
+								                IsPersistent = decrypt.IsPersistent,
 								                AllowRefresh = true
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								            });
-												Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

											
										
										
											2015-02-06 16:13:02 +11:00
 								            return ticket;
-												Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up.

											
										
										
											2015-02-06 13:47:00 +11:00
+								        }
 								    }
 								}