From cbd980357b24d882d05f666730228c2cd862ffab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Asbj=C3=B8rn=20Riis-Knudsen?= Date: Tue, 13 Sep 2016 22:36:14 +0200 Subject: [PATCH] Fix U4-8968: Add missing check for backoffice session in ClaimsIdentity (like the comment says) --- src/Umbraco.Core/Security/AuthenticationExtensions.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Umbraco.Core/Security/AuthenticationExtensions.cs b/src/Umbraco.Core/Security/AuthenticationExtensions.cs index 9007c45946..3c88c07edf 100644 --- a/src/Umbraco.Core/Security/AuthenticationExtensions.cs +++ b/src/Umbraco.Core/Security/AuthenticationExtensions.cs @@ -113,8 +113,8 @@ namespace Umbraco.Core.Security //Otherwise convert to a UmbracoBackOfficeIdentity if it's auth'd and has the back office session var claimsIdentity = http.User.Identity as ClaimsIdentity; - if (claimsIdentity != null && claimsIdentity.IsAuthenticated) - { + if (claimsIdentity != null && claimsIdentity.IsAuthenticated && claimsIdentity.HasClaim(x => x.Type == Constants.Security.SessionIdClaimType)) + { try { return UmbracoBackOfficeIdentity.FromClaimsIdentity(claimsIdentity);