Gets external cookies working with a custom auth type (so we don't interfere with the 'default')

src/Umbraco.Core/Constants-Web.cs

@@ -23,6 +23,7 @@
 	    {
 
             public const string BackOfficeAuthenticationType = "UmbracoBackOffice";
+	        public const string BackOfficeExternalAuthenticationType = "UmbracoExternalCookie";
 
 	        public const string StartContentNodeIdClaimType = "http://umbraco.org/2015/02/identity/claims/backoffice/startcontentnode";
             public const string StartMediaNodeIdClaimType = "http://umbraco.org/2015/02/identity/claims/backoffice/startmedianode";

src/Umbraco.Web/Editors/BackOfficeController.cs

@@ -39,6 +39,7 @@ using Microsoft.AspNet.Identity.Owin;
 using Umbraco.Core.Models.Identity;
 using Umbraco.Core.Security;
 using Task = System.Threading.Tasks.Task;
+using Umbraco.Web.Security.Identity;
 
 namespace Umbraco.Web.Editors
 {
@@ -70,7 +71,9 @@ namespace Umbraco.Web.Editors
             ViewBag.UmbracoPath = GlobalSettings.UmbracoMvcArea;
 
             //First check if there's external login info, if there's not proceed as normal
-            var loginInfo = await OwinContext.Authentication.GetExternalLoginInfoAsync();
+            var loginInfo = await OwinContext.Authentication.GetExternalLoginInfoAsync(
+                Core.Constants.Security.BackOfficeExternalAuthenticationType);
+            
             if (loginInfo == null)
             {
                 return View(GlobalSettings.Path.EnsureEndsWith('/') + "Views/Default.cshtml");

src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs

@@ -1,12 +1,9 @@
 using System;
 using System.Collections.Generic;
-using System.Security.Claims;
-using System.Threading.Tasks;
 using System.Web;
-using Microsoft.AspNet.Identity;
-using Microsoft.AspNet.Identity.Owin;
 using Microsoft.Owin;
 using Microsoft.Owin.Extensions;
+using Microsoft.Owin.Security;
 using Microsoft.Owin.Security.Cookies;
 using Owin;
 using Umbraco.Core;
@@ -81,7 +78,25 @@ namespace Umbraco.Web.Security.Identity
 
             //app.UseExternalSignInCookie("UmbracoExternalCookie");
 
-            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
+            app.SetDefaultSignInAsAuthenticationType("UmbracoExternalCookie");
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
+            {
+                AuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
+                AuthenticationMode = AuthenticationMode.Passive,
+                CookieName = Constants.Security.BackOfficeExternalAuthenticationType,
+                ExpireTimeSpan = TimeSpan.FromMinutes(5),
+                //Custom cookie manager so we can filter requests
+                CookieManager = new BackOfficeCookieManager(new SingletonUmbracoContextAccessor()),
+                CookiePath = "/",
+                CookieSecure = GlobalSettings.UseSSL ? CookieSecureOption.Always : CookieSecureOption.SameAsRequest,
+                CookieHttpOnly = true,
+                CookieDomain = UmbracoConfig.For.UmbracoSettings().Security.AuthCookieDomain
+            });
+
+
+            //NOTE: This works, but this is just the default implementation which we don't want because other devs
+            //might want to use this... right?
+            //app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
 
             return app;
         }

src/Umbraco.Web/Security/Identity/AuthenticationManagerExtensions.cs

@@ -0,0 +1,54 @@
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Identity;
+using Microsoft.AspNet.Identity.Owin;
+using Microsoft.Owin.Security;
+
+namespace Umbraco.Web.Security.Identity
+{
+    public static class AuthenticationManagerExtensions
+    {
+        private static ExternalLoginInfo GetExternalLoginInfo(AuthenticateResult result)
+        {
+            if (result == null || result.Identity == null)
+            {
+                return null;
+            }
+            var idClaim = result.Identity.FindFirst(ClaimTypes.NameIdentifier);
+            if (idClaim == null)
+            {
+                return null;
+            }
+            // By default we don't allow spaces in user names
+            var name = result.Identity.Name;
+            if (name != null)
+            {
+                name = name.Replace(" ", "");
+            }
+            var email = result.Identity.FindFirstValue(ClaimTypes.Email);
+            return new ExternalLoginInfo
+            {
+                ExternalIdentity = result.Identity,
+                Login = new UserLoginInfo(idClaim.Issuer, idClaim.Value),
+                DefaultUserName = name,
+                Email = email
+            };
+        }
+
+        /// <summary>
+        ///     Extracts login info out of an external identity
+        /// </summary>
+        /// <param name="manager"></param>
+        /// <param name="authenticationType"></param>
+        /// <returns></returns>
+        public static async Task<ExternalLoginInfo> GetExternalLoginInfoAsync(this IAuthenticationManager manager, string authenticationType)
+        {
+            if (manager == null)
+            {
+                throw new ArgumentNullException("manager");
+            }
+            return GetExternalLoginInfo(await manager.AuthenticateAsync(authenticationType));
+        }
+    }
+}

src/Umbraco.Web/Umbraco.Web.csproj

@@ -549,6 +549,7 @@
     <Compile Include="Scheduling\ILatchedBackgroundTask.cs" />
     <Compile Include="Scheduling\RecurringTaskBase.cs" />
     <Compile Include="Security\Identity\AppBuilderExtensions.cs" />
+    <Compile Include="Security\Identity\AuthenticationManagerExtensions.cs" />
     <Compile Include="Security\Identity\BackOfficeCookieManager.cs" />
     <Compile Include="Security\Identity\FormsAuthenticationSecureDataFormat.cs" />
     <Compile Include="Security\Identity\OwinExtensions.cs" />