Added a cookie path claim on user login, so that we can validate requests for xsrf token

2019-12-11 14:33:21 +01:00
parent f02c46bc5d
commit 35d021237e
1 changed files with 3 additions and 0 deletions
--- a/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs
+++ b/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs
@@ -41,6 +41,9 @@ namespace Umbraco.Web.Security
                    : Guid.NewGuid();

                backOfficeIdentity.SessionId = session.ToString();
+
+                //since it is a cookie-based authentication add that claim
+                backOfficeIdentity.AddClaim(new Claim(ClaimTypes.CookiePath, "/", ClaimValueTypes.String, UmbracoBackOfficeIdentity.Issuer, UmbracoBackOfficeIdentity.Issuer, backOfficeIdentity));
            }

            base.ResponseSignIn(context);