diff --git a/src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs b/src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs
index 47352c1616..5b61b91c66 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs
@@ -26,7 +26,7 @@ namespace Umbraco.Web.BackOffice.Controllers
/// The API controller used for editing dictionary items
///
[PluginController("UmbracoApi")]
- // [UmbracoTreeAuthorize(Constants.Trees.Macros)]
+ [UmbracoTreeAuthorize(Constants.Trees.Macros)]
public class MacrosController : BackOfficeNotificationsController
{
private readonly ParameterEditorCollection _parameterEditorCollection;
diff --git a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
index 29816ab751..c3e1a71b86 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs
@@ -15,7 +15,7 @@ namespace Umbraco.Web.BackOffice.Controllers
///
[IsBackOffice]
//[UmbracoUserTimeoutFilter] //TODO reintroduce
- //[UmbracoAuthorize]
+ [UmbracoAuthorize]
[DisableBrowserCache]
[UmbracoWebApiRequireHttps]
//[CheckIfUserTicketDataIsStale] //TODO reintroduce
diff --git a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs
index 5d138884f2..6a68651a50 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs
@@ -12,7 +12,7 @@ namespace Umbraco.Web.BackOffice.Controllers
/// Inheriting from this controller means that ALL of your methods are JSON methods that are called by Angular,
/// methods that are not called by Angular or don't contain a valid csrf header will NOT work.
///
- //[TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
+ [TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
[TypeFilter(typeof(AngularJsonOnlyConfigurationAttribute))] // TODO: This could be applied with our Application Model conventions
public abstract class UmbracoAuthorizedJsonController : UmbracoAuthorizedApiController
{
diff --git a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
index a0704da14c..f3875a8f18 100644
--- a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
+++ b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
@@ -22,6 +22,10 @@ namespace Umbraco.Extensions
{
services.AddAntiforgery();
+ //We need to have runtime compilation of views when using backoffice. We could consider having only this when a specific config is set.
+ //But as far as I can see, there are still precompiled views, even when this is activated, so maybe it is okay.
+ services.AddControllersWithViews().AddRazorRuntimeCompilation();
+
services
.AddAuthentication(Constants.Security.BackOfficeAuthenticationType)
.AddCookie(Constants.Security.BackOfficeAuthenticationType);
@@ -32,7 +36,7 @@ namespace Umbraco.Extensions
///
/// Adds the services required for using Umbraco back office Identity
///
- ///
+ ///
public static void AddUmbracoBackOfficeIdentity(this IServiceCollection services)
{
services.AddDataProtection();
@@ -48,7 +52,7 @@ namespace Umbraco.Extensions
// Configure the options specifically for the UmbracoBackOfficeIdentityOptions instance
services.ConfigureOptions();
- //services.TryAddScoped>();
+ //services.TryAddScoped>();
}
private static IdentityBuilder BuildUmbracoBackOfficeIdentity(this IServiceCollection services)
@@ -56,7 +60,7 @@ namespace Umbraco.Extensions
// Borrowed from https://github.com/dotnet/aspnetcore/blob/master/src/Identity/Extensions.Core/src/IdentityServiceCollectionExtensions.cs#L33
// The reason we need our own is because the Identity system doesn't cater easily for multiple identity systems and particularly being
// able to configure IdentityOptions to a specific provider since there is no named options. So we have strongly typed options
- // and strongly typed ILookupNormalizer and IdentityErrorDescriber since those are 'global' and we need to be unintrusive.
+ // and strongly typed ILookupNormalizer and IdentityErrorDescriber since those are 'global' and we need to be unintrusive.
// TODO: Could move all of this to BackOfficeComposer?
@@ -71,7 +75,7 @@ namespace Umbraco.Extensions
services.TryAddScoped, UserClaimsPrincipalFactory>();
services.TryAddScoped>();
- // CUSTOM:
+ // CUSTOM:
services.TryAddScoped();
services.TryAddScoped();
diff --git a/src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj b/src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj
index f2b4e79ba0..0895fcdd1c 100644
--- a/src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj
+++ b/src/Umbraco.Web.BackOffice/Umbraco.Web.BackOffice.csproj
@@ -11,6 +11,7 @@
+
diff --git a/src/Umbraco.Web.UI.NetCore/Startup.cs b/src/Umbraco.Web.UI.NetCore/Startup.cs
index c8dd845546..3ff9d0cff2 100644
--- a/src/Umbraco.Web.UI.NetCore/Startup.cs
+++ b/src/Umbraco.Web.UI.NetCore/Startup.cs
@@ -47,9 +47,6 @@ namespace Umbraco.Web.UI.BackOffice
services.AddUmbracoRuntimeMinifier(_config);
services.AddUmbracoBackOffice();
services.AddUmbracoBackOfficeIdentity();
-
- services.AddMvc();
-
services.AddMiniProfiler(options =>
{
options.ShouldProfile = request => false; // WebProfiler determine and start profiling. We should not use the MiniProfilerMiddleware to also profile