yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates OwinStartup and split the methods into an extension methods file complete with documentation on how to implement the providers. Tested the microsoft provider. Now to clean things up: remove the 3rd party package installs to be ready for shipping, ensure that the user parts are extensible enough for people to plugin their own interfaces.

Browse Source
This commit is contained in:
Shannon
2015-03-24 12:50:31 +11:00
parent 7dc50fda26
commit 2d72a66879
10 changed files with 122 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
src/Umbraco.Web.UI.Client/src/less/login.less
View File

@@ -2,46 +2,72 @@
// -------------------------
.login-overlay {
width: 100%;
height: 100%;
background: @blackLight url(../img/application/logo.png) no-repeat 25px 30px fixed !important;
background-size: 30px 30px !important;
color: @white;
position: absolute;
z-index: 2000;
top: 0px;
left: 0px;
margin: 0 !Important;
padding: 0;
border-radius: 0
width: 100%;
height: 100%;
background: @blackLight url(../img/application/logo.png) no-repeat 25px 30px fixed !important;
background-size: 30px 30px !important;
color: @white;
position: absolute;
z-index: 2000;
top: 0px;
left: 0px;
margin: 0 !Important;
padding: 0;
border-radius: 0;
}
.login-overlay .umb-modalcolumn{
background: none;
border: none;
.login-overlay .umb-modalcolumn {
background: none;
border: none;
}
.login-overlay .form {
display: block;
padding-top: 100px;
padding-left: 165px;
width: 370px;
text-align: right
display: block;
padding-top: 100px;
padding-left: 165px;
width: 370px;
text-align: right;
}
.login-overlay h1 {
display: block;
text-align: right;
color: @white;
font-size: 18px;
font-weight: normal
display: block;
text-align: right;
color: @white;
font-size: 18px;
font-weight: normal;
}
.login-overlay .alert.alert-error{
.login-overlay .alert.alert-error {
display: inline-block;
width: 270px;
padding-right: 6px;
padding-left: 6px;
margin-top: 10px;
text-align: center;
}
}
#hrOr {
height: 30px;
text-align: center;
position: relative;
padding-top: 20px;
}
#hrOr hr {
margin: 0px;
border: none;
background-color: @gray;
height: 1px;
}
#hrOr div {
background-color: black;
position: relative;
top: -16px;
border: 1px solid @gray;
padding: 4px;
border-radius: 50%;
width: 20px;
height: 20px;
margin: auto;
color: @grayLight;
}

4
src/Umbraco.Web.UI.Client/src/less/panel.less
View File

@@ -282,9 +282,9 @@
.umb-panel a.text-success:hover,
.umb-panel a.text-success:focus { color: darken(@formSuccessText, 10%); }
.umb-user-panel .external-logins form {
.external-logins form {
margin:0;
}
.umb-user-panel .external-logins button {
.external-logins button {
margin:5px;
}

50
src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
View File

@@ -7,6 +7,33 @@
<span ng-show="dialogData.isTimedOut"><localize key="login_timeout">Log in below</localize>.</span>
<localize key="login_instruction">Log in below</localize>
</p>
<div class="external-logins" ng-if="externalLoginProviders.length > 0">
<div class="alert alert-error" ng-repeat="error in externalLoginInfo.errors">
<span>{{error}}</span>
</div>
<form method="POST" name="externalLoginForm" action="{{externalLoginFormAction}}">
<div ng-repeat="login in externalLoginProviders">
<button type="submit" class="btn btn-block btn-social"
ng-class="login.properties.SocialStyle"
id="{{login.authType}}" name="provider" value="{{login.authType}}"
title="Log in using your {{login.caption}} account">
<i class="fa" ng-class="login.properties.SocialIcon"></i>
Sign in with {{login.caption}}
</button>
</div>
</form>
<div id="hrOr">
<hr/><div>Or</div>
</div>
</div>
<form method="POST" name="loginForm" ng-submit="loginSubmit(login, password)">
<div class="control-group" ng-class="{error: loginForm.username.$invalid}">
@@ -24,27 +51,6 @@
</div>
</form>
<hr />
<p>External login providers</p>
<div class="alert alert-error" ng-repeat="error in externalLoginInfo.errors">
<span>{{error}}</span>
</div>
<form method="POST" name="externalLoginForm" action="{{externalLoginFormAction}}">
<div ng-repeat="login in externalLoginProviders">
<button type="submit" class="btn btn-block btn-large btn-social"
ng-class="login.properties.SocialStyle"
id="{{login.authType}}" name="provider" value="{{login.authType}}"
title="Log in using your {{login.caption}} account">
<i class="fa" ng-class="login.properties.SocialIcon"></i>
Sign in with {{login.caption}}
</button>
</div>
</form>
</div>
</div>
</div>

208
src/Umbraco.Web.UI/App_Code/OwinStartup.cs
View File

@@ -1,12 +1,4 @@
using System;
using System.Globalization;
using System.Net.Http;
using System.Threading.Tasks;
using System.Web;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Owin;
using Microsoft.Owin.Security.Google;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin;
using Owin;
using Umbraco.Core;
using Umbraco.Core.Security;
@@ -19,193 +11,47 @@ namespace Umbraco.Web.UI
{
/// <summary>
/// Summary description for Startup
/// Default OWIN startup class
/// </summary>
public class OwinStartup
{
public async Task DoStuff()
{
var client = new HttpClient();
using (var request = await client.PostAsJsonAsync("", "123"))
{
}
}
public void Configuration(IAppBuilder app)
{
//Single method to configure the Identity user manager for use with Umbraco
//Single method to configure the Identity user manager for use with Umbraco Back office
app.ConfigureUserManagerForUmbracoBackOffice(
ApplicationContext.Current,
Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider());
//// Enable the application to use a cookie to store information for the
//// signed in user and to use a cookie to temporarily store information
//// about a user logging in with a third party login provider
//// Configure the sign in cookie
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
// Provider = new CookieAuthenticationProvider
// {
// // Enables the application to validate the security stamp when the user
// // logs in. This is a security feature which is used when you
// // change a password or add an external login to your account.
// OnValidateIdentity = SecurityStampValidator
// .OnValidateIdentity<UmbracoMembersUserManager<UmbracoApplicationUser>, UmbracoApplicationUser, int>(
// TimeSpan.FromMinutes(30),
// (manager, user) => user.GenerateUserIdentityAsync(manager),
// identity => identity.GetUserId<int>())
// }
//});
//Ensure owin is configured for Umbraco back office authentication - this must
// be configured AFTER the standard UseCookieConfiguration above.
//Ensure owin is configured for Umbraco back office authentication. If you have any front-end OWIN
// cookie configuration, this must be declared after it.
app
.UseUmbracoBackOfficeCookieAuthentication()
.UseUmbracoBackOfficeExternalCookieAuthentication();
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
//app.UseGoogleAuthentication(
// clientId: "1072120697051-07jlhgrd5hodsfe7dgqimdie8qc1omet.apps.googleusercontent.com",
// clientSecret: "Ue9swN0lEX9rwxzQz1Y_tFzg");
/*
* Configure external logins:
*
* Depending on the authentication sources you would like to enable, you will need to install
* certain Nuget packages.
*
* For Google auth: Install-Package Microsoft.Owin.Security.Google
* For Facebook auth: Install-Package Microsoft.Owin.Security.Facebook
* For Microsoft auth: Install-Package Microsoft.Owin.Security.MicrosoftAccount
*
* There are many more providers such as Twitter, Yahoo, ActiveDirectory, etc... most information can
* be found here: http://www.asp.net/web-api/overview/security/external-authentication-services
*
* The source for these methods is located in ~/App_Code/IdentityAuthExtensions.cs, you will need to un-comment
* the methods that you would like to use. Each method contains documentation and links to
* documentation for reference. You can also tweak the code in those extension
* methods to suit your needs.
*/
var googleOptions = new GoogleOAuth2AuthenticationOptions
{
};
googleOptions.Description.Properties["SocialStyle"] = "btn-google-plus";
googleOptions.Description.Properties["SocialIcon"] = "fa-google-plus";
googleOptions.Caption = "Google";
app.UseGoogleAuthentication(googleOptions);
//AD docs are here:
// https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
var authority = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
var adOptions = new OpenIdConnectAuthenticationOptions
{
//NOTE: This by default is 'OpenIdConnect' but that doesn't match what identity actually stores in the
// loginProvider field in the database which is something like: https://sts.windows.net/1234....
// which is something based on your AD setup. This value needs to match in order for accounts to detected as linked/un-linked
// in the back office.
AuthenticationType = "https://sts.windows.net/3bb0b4c5-364f-4394-ad36-0f29f95e5ddd/",
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLoginRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
var credential = new ClientCredential(clientId, appKey);
var userObjectId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var authContext = new AuthenticationContext(authority, new NaiveSessionCache(userObjectId));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code,
//NOTE: This URL needs to match EXACTLY the same path that is configured in the AD
// configuration.
new Uri(
HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Authority) +
HttpContext.Current.Request.RawUrl.EnsureStartsWith('/').EnsureEndsWith('/')),
credential,
graphResourceId);
return Task.FromResult(0);
}
}
};
adOptions.Description.Properties["SocialStyle"] = "btn-microsoft";
adOptions.Description.Properties["SocialIcon"] = "fa-windows";
adOptions.Caption = "Active Directory";
app.UseOpenIdConnectAuthentication(adOptions);
}
}
//NOTE: Not sure exactly what this is for but it is found in the AD source demo:
// https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet/blob/master/TodoListWebApp/Utils/NaiveSessionCache.cs
public class NaiveSessionCache : TokenCache
{
private static readonly object FileLock = new object();
readonly string _userObjectId = string.Empty;
readonly string _cacheId = string.Empty;
public NaiveSessionCache(string userId)
{
_userObjectId = userId;
_cacheId = _userObjectId + "_TokenCache";
this.AfterAccess = AfterAccessNotification;
this.BeforeAccess = BeforeAccessNotification;
Load();
}
public void Load()
{
lock (FileLock)
{
this.Deserialize((byte[])HttpContext.Current.Session[_cacheId]);
}
}
public void Persist()
{
lock (FileLock)
{
// reflect changes in the persistent store
HttpContext.Current.Session[_cacheId] = this.Serialize();
// once the write operation took place, restore the HasStateChanged bit to false
this.HasStateChanged = false;
}
}
// Empties the persistent store.
public override void Clear()
{
base.Clear();
System.Web.HttpContext.Current.Session.Remove(_cacheId);
}
public override void DeleteItem(TokenCacheItem item)
{
base.DeleteItem(item);
Persist();
}
// Triggered right before ADAL needs to access the cache.
// Reload the cache from the persistent store in case it changed since the last access.
void BeforeAccessNotification(TokenCacheNotificationArgs args)
{
Load();
}
// Triggered right after ADAL accessed the cache.
void AfterAccessNotification(TokenCacheNotificationArgs args)
{
// if the access operation resulted in a cache update
if (this.HasStateChanged)
{
Persist();
}
//app.ConfigureGoogleAuth("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET");
//app.ConfigureFacebookAuth("YOUR_APP_ID", "YOUR_APP_SECRET");
//app.ConfigureMicrosoftAuth("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET");
//app.ConfigureActiveDirectory("YOUR_TENANT", "YOUR_CLIENT_ID", "YOUR_POST_LOGIN_REDIRECT_URL", "YOUR_APP_KEY", "YOUR_AUTH_TYPE");
}
}
}

4
src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
View File

@@ -191,6 +191,9 @@
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Microsoft.Owin.Security.Google.3.0.1\lib\net45\Microsoft.Owin.Security.Google.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Security.MicrosoftAccount">
<HintPath>..\packages\Microsoft.Owin.Security.MicrosoftAccount.3.0.1\lib\net45\Microsoft.Owin.Security.MicrosoftAccount.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin.Security.OAuth, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Microsoft.Owin.Security.OAuth.3.0.1\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
@@ -380,6 +383,7 @@
<Link>Properties\SolutionInfo.cs</Link>
</Compile>
<Content Include="App_Code\OwinStartup.cs" />
<Content Include="App_Code\IdentityAuthExtensions.cs" />
<Compile Include="Umbraco\Install\Legacy\LoadStarterKits.ascx.cs">
<DependentUpon>loadStarterKits.ascx</DependentUpon>
<SubType>ASPXCodeBehind</SubType>

1
src/Umbraco.Web.UI/packages.config
View File

@@ -31,6 +31,7 @@
<package id="Microsoft.Owin.Security.Cookies" version="3.0.1" targetFramework="net45" />
<package id="Microsoft.Owin.Security.Facebook" version="3.0.1" targetFramework="net45" />
<package id="Microsoft.Owin.Security.Google" version="3.0.1" targetFramework="net45" />
<package id="Microsoft.Owin.Security.MicrosoftAccount" version="3.0.1" targetFramework="net45" />
<package id="Microsoft.Owin.Security.OAuth" version="3.0.1" targetFramework="net45" />
<package id="Microsoft.Owin.Security.OpenIdConnect" version="3.0.1" targetFramework="net45" />
<package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />

10
src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs
View File

@@ -16,6 +16,7 @@ namespace Umbraco.Web.Security.Identity
{
public static class AppBuilderExtensions
{
#region Backoffice
/// <summary>
/// Configure Identity User Manager for Umbraco
/// </summary>
@@ -32,8 +33,8 @@ namespace Umbraco.Web.Security.Identity
//Configure Umbraco user manager to be created per request
app.CreatePerOwinContext<BackOfficeUserManager>(
(options, owinContext) => BackOfficeUserManager.Create(
options,
owinContext,
options,
owinContext,
appContext.Services.UserService,
appContext.Services.ExternalLoginService,
userMembershipProvider));
@@ -58,7 +59,7 @@ namespace Umbraco.Web.Security.Identity
GlobalSettings.UseSSL)
{
Provider = new CookieAuthenticationProvider
{
{
//// Enables the application to validate the security stamp when the user
//// logs in. This is a security feature which is used when you
//// change a password or add an external login to your account.
@@ -99,7 +100,8 @@ namespace Umbraco.Web.Security.Identity
});
return app;
}
}
#endregion
}
}

84
src/Umbraco.Web/Security/Identity/NaiveSessionCache.cs
View File

@@ -1,84 +0,0 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace Umbraco.Web.Security.Identity
{
//NOTE: Not sure exactly what this is for but it is found in the AD source demo:
// https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet/blob/master/TodoListWebApp/Utils/NaiveSessionCache.cs
// apparently it is needed for AD auth, so we'll put it here for people to use.
// It would appear that this is better for whatever reason: https://github.com/OfficeDev/O365-WebApp-SingleTenant/blob/master/O365-WebApp-SingleTenant/Models/ADALTokenCache.cs
// and please note that that link came from finding this thread: https://twitter.com/chakkaradeep/status/544962341528285184
/// <summary>
/// This is required to initialize the AD Identity provider on startup
/// </summary>
public class NaiveSessionCache : TokenCache
{
private static readonly object FileLock = new object();
readonly string _userObjectId = string.Empty;
readonly string _cacheId = string.Empty;
public NaiveSessionCache(string userId)
{
_userObjectId = userId;
_cacheId = _userObjectId + "_TokenCache";
this.AfterAccess = AfterAccessNotification;
this.BeforeAccess = BeforeAccessNotification;
Load();
}
public void Load()
{
lock (FileLock)
{
this.Deserialize((byte[])HttpContext.Current.Session[_cacheId]);
}
}
public void Persist()
{
lock (FileLock)
{
// reflect changes in the persistent store
HttpContext.Current.Session[_cacheId] = this.Serialize();
// once the write operation took place, restore the HasStateChanged bit to false
this.HasStateChanged = false;
}
}
// Empties the persistent store.
public override void Clear()
{
base.Clear();
System.Web.HttpContext.Current.Session.Remove(_cacheId);
}
public override void DeleteItem(TokenCacheItem item)
{
base.DeleteItem(item);
Persist();
}
// Triggered right before ADAL needs to access the cache.
// Reload the cache from the persistent store in case it changed since the last access.
void BeforeAccessNotification(TokenCacheNotificationArgs args)
{
Load();
}
// Triggered right after ADAL accessed the cache.
void AfterAccessNotification(TokenCacheNotificationArgs args)
{
// if the access operation resulted in a cache update
if (this.HasStateChanged)
{
Persist();
}
}
}
}

7
src/Umbraco.Web/Umbraco.Web.csproj
View File

@@ -138,12 +138,6 @@
<HintPath>..\packages\Microsoft.AspNet.Identity.Owin.2.1.0\lib\net45\Microsoft.AspNet.Identity.Owin.dll</HintPath>
</Reference>
<Reference Include="Microsoft.CSharp" />
<Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory">
<HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.2.14.201151115\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll</HintPath>
</Reference>
<Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms">
<HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.2.14.201151115\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll</HintPath>
</Reference>
<Reference Include="Microsoft.Owin, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll</HintPath>
@@ -560,7 +554,6 @@
<Compile Include="Security\Identity\AuthenticationManagerExtensions.cs" />
<Compile Include="Security\Identity\BackOfficeCookieManager.cs" />
<Compile Include="Security\Identity\FormsAuthenticationSecureDataFormat.cs" />
<Compile Include="Security\Identity\NaiveSessionCache.cs" />
<Compile Include="Security\Identity\OwinExtensions.cs" />
<Compile Include="Security\Identity\UmbracoBackOfficeCookieAuthenticationOptions.cs" />
<Compile Include="Scheduling\TaskAndFactoryExtensions.cs" />

1
src/Umbraco.Web/packages.config
View File

@@ -18,7 +18,6 @@
<package id="Microsoft.AspNet.WebPages" version="2.0.30506.0" targetFramework="net40" />
<package id="Microsoft.Bcl" version="1.1.9" targetFramework="net45" />
<package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net45" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="2.14.201151115" targetFramework="net45" />
<package id="Microsoft.Net.Http" version="2.2.28" targetFramework="net45" />
<package id="Microsoft.Owin" version="3.0.1" targetFramework="net45" />
<package id="Microsoft.Owin.Host.SystemWeb" version="3.0.1" targetFramework="net45" />