yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Starts adding asp.net identity

Browse Source
This commit is contained in:
Shannon
2015-02-04 19:24:59 +11:00
parent 39a4f141d7
commit 028ddfe290
10 changed files with 312 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Umbraco.Web.UI.Client/src/common/services/user.service.js
View File

@@ -56,7 +56,7 @@ angular.module('umbraco.services')
/**
Method to count down the current user's timeout seconds,
this will continually count down their current remaining seconds every 2 seconds until
this will continually count down their current remaining seconds every 5 seconds until
there are no more seconds remaining.
*/
function countdownUserTimeout() {
@@ -64,8 +64,8 @@ angular.module('umbraco.services')
$timeout(function () {
if (currentUser) {
//countdown by 2 seconds since that is how long our timer is for.
currentUser.remainingAuthSeconds -= 2;
//countdown by 5 seconds since that is how long our timer is for.
currentUser.remainingAuthSeconds -= 5;
//if there are more than 30 remaining seconds, recurse!
if (currentUser.remainingAuthSeconds > 30) {
@@ -128,7 +128,7 @@ angular.module('umbraco.services')
}
}
}
}, 2000, //every 2 seconds
}, 5000, //every 5 seconds
false); //false = do NOT execute a digest for every iteration
}

27
src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
View File

@@ -151,7 +151,29 @@
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Lucene.Net.2.9.4.1\lib\net40\Lucene.Net.dll</HintPath>
</Reference>
<Reference Include="Microsoft.AspNet.Identity.Core">
<HintPath>..\packages\Microsoft.AspNet.Identity.Core.2.1.0\lib\net45\Microsoft.AspNet.Identity.Core.dll</HintPath>
</Reference>
<Reference Include="Microsoft.AspNet.Identity.Owin">
<HintPath>..\packages\Microsoft.AspNet.Identity.Owin.2.1.0\lib\net45\Microsoft.AspNet.Identity.Owin.dll</HintPath>
</Reference>
<Reference Include="Microsoft.CSharp" />
<Reference Include="Microsoft.Owin, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Host.SystemWeb">
<HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.3.0.0\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Security">
<HintPath>..\packages\Microsoft.Owin.Security.2.1.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Security.Cookies">
<HintPath>..\packages\Microsoft.Owin.Security.Cookies.2.1.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Security.OAuth">
<HintPath>..\packages\Microsoft.Owin.Security.OAuth.2.1.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Threading.Tasks">
<HintPath>..\packages\Microsoft.Bcl.Async.1.0.165\lib\net45\Microsoft.Threading.Tasks.dll</HintPath>
</Reference>
@@ -178,6 +200,9 @@
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Newtonsoft.Json.6.0.4\lib\net45\Newtonsoft.Json.dll</HintPath>
</Reference>
<Reference Include="Owin">
<HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
</Reference>
<Reference Include="System">
<Name>System</Name>
</Reference>
@@ -324,6 +349,7 @@
<Compile Include="..\SolutionInfo.cs">
<Link>Properties\SolutionInfo.cs</Link>
</Compile>
<Content Include="App_Code\OwinStartup.cs" />
<Compile Include="Umbraco\Install\Legacy\LoadStarterKits.ascx.cs">
<DependentUpon>loadStarterKits.ascx</DependentUpon>
<SubType>ASPXCodeBehind</SubType>
@@ -2518,7 +2544,6 @@
<Content Include="Xslt\Web.config" />
</ItemGroup>
<ItemGroup>
<Folder Include="App_Code\" />
<Folder Include="App_Data\" />
<Folder Include="App_Plugins\" />
<Folder Include="Css\" />

8
src/Umbraco.Web.UI/packages.config
View File

@@ -9,6 +9,8 @@
<package id="ImageProcessor.Web" version="3.3.1.0" targetFramework="net45" />
<package id="log4net-mediumtrust" version="2.0.0" targetFramework="net40" />
<package id="Lucene.Net" version="2.9.4.1" targetFramework="net45" />
<package id="Microsoft.AspNet.Identity.Core" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Identity.Owin" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Mvc" version="4.0.30506.0" targetFramework="net40" />
<package id="Microsoft.AspNet.Mvc.FixedDisplayModes" version="1.0.1" targetFramework="net40" />
<package id="Microsoft.AspNet.Razor" version="2.0.30506.0" targetFramework="net40" />
@@ -21,10 +23,16 @@
<package id="Microsoft.Bcl.Async" version="1.0.165" targetFramework="net45" />
<package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net45" />
<package id="Microsoft.Net.Http" version="2.2.28" targetFramework="net45" />
<package id="Microsoft.Owin" version="3.0.0" targetFramework="net45" />
<package id="Microsoft.Owin.Host.SystemWeb" version="3.0.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security.Cookies" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security.OAuth" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
<package id="MiniProfiler" version="2.1.0" targetFramework="net45" />
<package id="MySql.Data" version="6.6.5" targetFramework="net40" />
<package id="Newtonsoft.Json" version="6.0.4" targetFramework="net45" />
<package id="Owin" version="1.0" targetFramework="net45" />
<package id="SharpZipLib" version="0.86.0" targetFramework="net45" />
<package id="SqlServerCE" version="4.0.0.0" targetFramework="net40" />
<package id="UrlRewritingNet.UrlRewriter" version="2.0.60829.1" targetFramework="net40" />

91
src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs Normal file
View File

@@ -0,0 +1,91 @@
using System;
using System.Collections.Generic;
using System.Web;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Extensions;
using Owin;
using Umbraco.Core;
using Umbraco.Core.Configuration;
namespace Umbraco.Web.Security.Identity
{
public static class AppBuilderExtensions
{
///// <summary>
///// Configure Identity User Manager for Umbraco
///// </summary>
///// <typeparam name="T"></typeparam>
///// <param name="app"></param>
///// <param name="appContext"></param>
//public static void ConfigureUserManagerForUmbraco<T>(this IAppBuilder app, ApplicationContext appContext)
// where T : UmbracoIdentityUser, new()
//{
// //Don't proceed if the app is not ready
// if (appContext.IsConfigured == false
// || appContext.DatabaseContext == null
// || appContext.DatabaseContext.IsDatabaseConfigured == false) return;
// //Configure Umbraco user manager to be created per request
// app.CreatePerOwinContext<UmbracoMembersUserManager<T>>(
// (o, c) => UmbracoMembersUserManager<T>.Create(
// o, c, ApplicationContext.Current.Services.MemberService));
// //Configure Umbraco member event handler to be created per request - this will ensure that the
// // external logins are kept in sync if members are deleted from Umbraco
// app.CreatePerOwinContext<MembersEventHandler<T>>((options, context) => new MembersEventHandler<T>(context));
// //TODO: This is just for the mem leak fix
// app.CreatePerOwinContext<OwinContextDisposal<MembersEventHandler<T>, UmbracoMembersUserManager<T>>>(
// (o, c) => new OwinContextDisposal<MembersEventHandler<T>, UmbracoMembersUserManager<T>>(c));
//}
/// <summary>
/// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
/// </summary>
/// <param name="app"></param>
/// <returns></returns>
public static IAppBuilder UseUmbracoBackAuthentication(this IAppBuilder app)
{
if (app == null) throw new ArgumentNullException("app");
app.Use(typeof (UmbracoBackOfficeAuthenticationMiddleware),
//ctor params
app, new UmbracoBackOfficeAuthenticationOptions(), UmbracoConfig.For.UmbracoSettings().Security);
app.UseStageMarker(PipelineStage.Authenticate);
return app;
}
//This is a fix for OWIN mem leak!
//http://stackoverflow.com/questions/24378856/memory-leak-in-owin-appbuilderextensions/24819543#24819543
private class OwinContextDisposal<T1, T2> : IDisposable
where T1 : IDisposable
where T2 : IDisposable
{
private readonly List<IDisposable> _disposables = new List<IDisposable>();
private bool _disposed = false;
public OwinContextDisposal(IOwinContext owinContext)
{
if (HttpContext.Current == null) return;
_disposables.Add(owinContext.Get<T1>());
_disposables.Add(owinContext.Get<T2>());
HttpContext.Current.DisposeOnPipelineCompleted(this);
}
public void Dispose()
{
if (_disposed) return;
foreach (var disposable in _disposables)
{
disposable.Dispose();
}
_disposed = true;
}
}
}
}

19
src/Umbraco.Web/Security/Identity/OwinExtensions.cs Normal file
View File

@@ -0,0 +1,19 @@
using System.Web;
using Microsoft.Owin;
namespace Umbraco.Web.Security.Identity
{
internal static class OwinExtensions
{
/// <summary>
/// Nasty little hack to get httpcontextbase from an owin context
/// </summary>
/// <param name="owinContext"></param>
/// <returns></returns>
public static HttpContextBase HttpContextFromOwinContext(this IOwinContext owinContext)
{
return owinContext.Get<HttpContextBase>(typeof(HttpContextBase).FullName);
}
}
}

87
src/Umbraco.Web/Security/Identity/UmbracoBackOfficeAuthenticationHandler.cs Normal file
View File

@@ -0,0 +1,87 @@
using System;
using System.Reflection;
using System.Threading.Tasks;
using System.Web.Security;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Infrastructure;
using Umbraco.Core.Configuration.UmbracoSettings;
using Umbraco.Core.Security;
using Umbraco.Core;
namespace Umbraco.Web.Security.Identity
{
/// <summary>
/// Used to allow normal Umbraco back office authentication to work
/// </summary>
public class UmbracoBackOfficeAuthenticationHandler : AuthenticationHandler<UmbracoBackOfficeAuthenticationOptions>
{
private readonly ISecuritySection _securitySection;
public UmbracoBackOfficeAuthenticationHandler(ISecuritySection securitySection)
{
_securitySection = securitySection;
}
/// <summary>
/// Checks if we should authentication the request (i.e. is back office) and if so gets the forms auth ticket in the request
/// and returns an AuthenticationTicket based on that.
/// </summary>
/// <returns></returns>
/// <remarks>
/// It's worth noting that the UmbracoModule still executes and performs the authentication, however this also needs to execute
/// so that it assigns the new Principal object on the OWIN request:
/// http://brockallen.com/2013/10/27/host-authentication-and-web-api-with-owin-and-active-vs-passive-authentication-middleware/
/// </remarks>
protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
{
if (ShouldAuthRequest())
{
var authTicket = GetAuthTicket(Request, _securitySection.AuthCookieName);
if (authTicket != null)
{
return Task.FromResult(new AuthenticationTicket(new UmbracoBackOfficeIdentity(authTicket), new AuthenticationProperties()));
}
}
return Task.FromResult<AuthenticationTicket>(null);
}
private bool ShouldAuthRequest()
{
var httpContext = Context.HttpContextFromOwinContext();
// do not process if client-side request
if (httpContext.Request.Url.IsClientSideRequest())
return false;
return UmbracoModule.ShouldAuthenticateRequest(httpContext.Request, Request.Uri);
}
/// <summary>
/// Returns the current FormsAuth ticket in the request
/// </summary>
/// <param name="request"></param>
/// <param name="cookieName"></param>
/// <returns></returns>
private static FormsAuthenticationTicket GetAuthTicket(IOwinRequest request, string cookieName)
{
if (request == null) throw new ArgumentNullException("request");
var formsCookie = request.Cookies[cookieName];
if (formsCookie == null)
{
return null;
}
//get the ticket
try
{
return FormsAuthentication.Decrypt(formsCookie);
}
catch (Exception)
{
return null;
}
}
}
}

26
src/Umbraco.Web/Security/Identity/UmbracoBackOfficeAuthenticationMiddleware.cs Normal file
View File

@@ -0,0 +1,26 @@
using Microsoft.Owin;
using Microsoft.Owin.Security.Infrastructure;
using Owin;
using Umbraco.Core.Configuration.UmbracoSettings;
namespace Umbraco.Web.Security.Identity
{
/// <summary>
/// Used to enable the normal Umbraco back office authentication to operate
/// </summary>
public class UmbracoBackOfficeAuthenticationMiddleware : AuthenticationMiddleware<UmbracoBackOfficeAuthenticationOptions>
{
private readonly ISecuritySection _securitySection;
public UmbracoBackOfficeAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, UmbracoBackOfficeAuthenticationOptions options, ISecuritySection securitySection)
: base(next, options)
{
_securitySection = securitySection;
}
protected override AuthenticationHandler<UmbracoBackOfficeAuthenticationOptions> CreateHandler()
{
return new UmbracoBackOfficeAuthenticationHandler(_securitySection);
}
}
}

18
src/Umbraco.Web/Security/Identity/UmbracoBackOfficeAuthenticationOptions.cs Normal file
View File

@@ -0,0 +1,18 @@
using Microsoft.Owin.Security;
namespace Umbraco.Web.Security.Identity
{
/// <summary>
/// Umbraco auth options - really just ensures that it is operating in Active mode
/// </summary>
public sealed class UmbracoBackOfficeAuthenticationOptions : AuthenticationOptions
{
public UmbracoBackOfficeAuthenticationOptions()
: base("UmbracoBackOffice")
{
//Must be active, this needs to look at each request to determine if it should execute,
// if set to passive this will not be the case
AuthenticationMode = AuthenticationMode.Active;
}
}
}

26
src/Umbraco.Web/Umbraco.Web.csproj
View File

@@ -131,7 +131,25 @@
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Lucene.Net.2.9.4.1\lib\net40\Lucene.Net.dll</HintPath>
</Reference>
<Reference Include="Microsoft.AspNet.Identity.Core">
<HintPath>..\packages\Microsoft.AspNet.Identity.Core.2.1.0\lib\net45\Microsoft.AspNet.Identity.Core.dll</HintPath>
</Reference>
<Reference Include="Microsoft.AspNet.Identity.Owin">
<HintPath>..\packages\Microsoft.AspNet.Identity.Owin.2.1.0\lib\net45\Microsoft.AspNet.Identity.Owin.dll</HintPath>
</Reference>
<Reference Include="Microsoft.CSharp" />
<Reference Include="Microsoft.Owin">
<HintPath>..\packages\Microsoft.Owin.2.1.0\lib\net45\Microsoft.Owin.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Security">
<HintPath>..\packages\Microsoft.Owin.Security.2.1.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Security.Cookies">
<HintPath>..\packages\Microsoft.Owin.Security.Cookies.2.1.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Security.OAuth">
<HintPath>..\packages\Microsoft.Owin.Security.OAuth.2.1.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<Private>True</Private>
<HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath>
@@ -148,6 +166,9 @@
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Newtonsoft.Json.6.0.4\lib\net45\Newtonsoft.Json.dll</HintPath>
</Reference>
<Reference Include="Owin">
<HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
</Reference>
<Reference Include="System">
<Name>System</Name>
</Reference>
@@ -518,6 +539,11 @@
<Compile Include="Scheduling\IBackgroundTaskRunner.cs" />
<Compile Include="Scheduling\ILatchedBackgroundTask.cs" />
<Compile Include="Scheduling\RecurringTaskBase.cs" />
<Compile Include="Security\Identity\AppBuilderExtensions.cs" />
<Compile Include="Security\Identity\OwinExtensions.cs" />
<Compile Include="Security\Identity\UmbracoBackOfficeAuthenticationHandler.cs" />
<Compile Include="Security\Identity\UmbracoBackOfficeAuthenticationMiddleware.cs" />
<Compile Include="Security\Identity\UmbracoBackOfficeAuthenticationOptions.cs" />
<Compile Include="Scheduling\TaskAndFactoryExtensions.cs" />
<Compile Include="Strategies\Migrations\ClearCsrfCookiesAfterUpgrade.cs" />
<Compile Include="Strategies\Migrations\ClearMediaXmlCacheForDeletedItemsAfterUpgrade.cs" />

7
src/Umbraco.Web/packages.config
View File

@@ -6,6 +6,8 @@
<package id="Examine" version="0.1.61.2941" targetFramework="net45" />
<package id="HtmlAgilityPack" version="1.4.6" targetFramework="net40" />
<package id="Lucene.Net" version="2.9.4.1" targetFramework="net45" />
<package id="Microsoft.AspNet.Identity.Core" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Identity.Owin" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Mvc" version="4.0.30506.0" targetFramework="net40" />
<package id="Microsoft.AspNet.Mvc.FixedDisplayModes" version="1.0.1" targetFramework="net40" />
<package id="Microsoft.AspNet.Razor" version="2.0.30506.0" targetFramework="net40" />
@@ -17,9 +19,14 @@
<package id="Microsoft.Bcl" version="1.1.9" targetFramework="net45" />
<package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net45" />
<package id="Microsoft.Net.Http" version="2.2.28" targetFramework="net45" />
<package id="Microsoft.Owin" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security.Cookies" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Owin.Security.OAuth" version="2.1.0" targetFramework="net45" />
<package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
<package id="MiniProfiler" version="2.1.0" targetFramework="net45" />
<package id="Newtonsoft.Json" version="6.0.4" targetFramework="net45" />
<package id="Owin" version="1.0" targetFramework="net45" />
<package id="SharpZipLib" version="0.86.0" targetFramework="net45" />
<package id="UrlRewritingNet.UrlRewriter" version="2.0.60829.1" targetFramework="net40" />
<package id="xmlrpcnet" version="2.5.0" targetFramework="net40" />