Fixes: U4-6342 UmbracoEnsuredPage doesn't work in 7.2.2

2015-03-05 16:36:06 +11:00
parent 9a042fbbdf
commit 88ae95150e
2 changed files with 36 additions and 0 deletions
--- a/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs
+++ b/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs
@@ -8,6 +8,7 @@ using umbraco;
 using umbraco.BusinessLogic;
 using umbraco.businesslogic.Exceptions;
 using Umbraco.Core;
+using Umbraco.Core.Security;

 namespace Umbraco.Web.UI.Pages
 {
@@ -37,10 +38,24 @@ namespace Umbraco.Web.UI.Pages
        /// Authorizes the user
        /// </summary>
        /// <param name="e"></param>
+        /// <remarks>
+        /// Checks if the page exists outside of the /umbraco route, in which case the request will not have been authenticated for the back office 
+        /// so we'll force authentication.
+        /// </remarks>
        protected override void OnPreInit(EventArgs e)
        {
            base.OnPreInit(e);

+            //If this is not a back office request, then the module won't have authenticated it, in this case we
+            // need to do the auth manually and since this is an UmbracoEnsuredPage, this is the anticipated behavior
+            // TODO: When we implement Identity, this process might not work anymore, will be an interesting challenge
+            if (Context.Request.Url.IsBackOfficeRequest(HttpRuntime.AppDomainAppVirtualPath) == false)
+            {
+                var http = new HttpContextWrapper(Context);
+                var ticket = http.GetUmbracoAuthTicket();
+                http.AuthenticateCurrentRequest(ticket, true);
+            }
+
            try
            {
                Security.ValidateCurrentUser(true);
--- a/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs
+++ b/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs
@@ -1,11 +1,13 @@
 using System;
 using Umbraco.Core.Logging;
 using System.Linq;
+using System.Web;
 using Umbraco.Core;
 using Umbraco.Core.IO;
 using Umbraco.Core.Logging;
 using umbraco.BusinessLogic;
 using umbraco.businesslogic.Exceptions;
+using Umbraco.Core.Security;

 namespace umbraco.BasePages
 {
@@ -15,6 +17,25 @@ namespace umbraco.BasePages
    [Obsolete("This class has been superceded by Umbraco.Web.UI.Pages.UmbracoEnsuredPage")]
    public class UmbracoEnsuredPage : BasePage
    {
+        /// <summary>
+        /// Checks if the page exists outside of the /umbraco route, in which case the request will not have been authenticated for the back office 
+        /// so we'll force authentication.
+        /// </summary>
+        /// <param name="e"></param>
+        protected override void OnPreInit(EventArgs e)
+        {
+            base.OnPreInit(e);
+
+            //If this is not a back office request, then the module won't have authenticated it, in this case we
+            // need to do the auth manually and since this is an UmbracoEnsuredPage, this is the anticipated behavior
+            // TODO: When we implement Identity, this process might not work anymore, will be an interesting challenge
+            if (Context.Request.Url.IsBackOfficeRequest(HttpRuntime.AppDomainAppVirtualPath) == false)
+            {
+                var http = new HttpContextWrapper(Context);
+                var ticket = http.GetUmbracoAuthTicket();
+                http.AuthenticateCurrentRequest(ticket, true);
+            }
+        }

        /// <summary>
        /// Gets/sets the app for which this page belongs to so that we can validate the current user's security against it