From 88ae95150edcd36231e68e0a5cbb8cde6cf26ea0 Mon Sep 17 00:00:00 2001 From: Shannon Date: Thu, 5 Mar 2015 16:36:06 +1100 Subject: [PATCH] Fixes: U4-6342 UmbracoEnsuredPage doesn't work in 7.2.2 --- .../UI/Pages/UmbracoEnsuredPage.cs | 15 +++++++++++++ .../BasePages/UmbracoEnsuredPage.cs | 21 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs b/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs index 6adcb6cf2b..c09fd0fa0c 100644 --- a/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs +++ b/src/Umbraco.Web/UI/Pages/UmbracoEnsuredPage.cs @@ -8,6 +8,7 @@ using umbraco; using umbraco.BusinessLogic; using umbraco.businesslogic.Exceptions; using Umbraco.Core; +using Umbraco.Core.Security; namespace Umbraco.Web.UI.Pages { @@ -37,10 +38,24 @@ namespace Umbraco.Web.UI.Pages /// Authorizes the user /// /// + /// + /// Checks if the page exists outside of the /umbraco route, in which case the request will not have been authenticated for the back office + /// so we'll force authentication. + /// protected override void OnPreInit(EventArgs e) { base.OnPreInit(e); + //If this is not a back office request, then the module won't have authenticated it, in this case we + // need to do the auth manually and since this is an UmbracoEnsuredPage, this is the anticipated behavior + // TODO: When we implement Identity, this process might not work anymore, will be an interesting challenge + if (Context.Request.Url.IsBackOfficeRequest(HttpRuntime.AppDomainAppVirtualPath) == false) + { + var http = new HttpContextWrapper(Context); + var ticket = http.GetUmbracoAuthTicket(); + http.AuthenticateCurrentRequest(ticket, true); + } + try { Security.ValidateCurrentUser(true); diff --git a/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs b/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs index af2d9bf5aa..58362d50f2 100644 --- a/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs +++ b/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs @@ -1,11 +1,13 @@ using System; using Umbraco.Core.Logging; using System.Linq; +using System.Web; using Umbraco.Core; using Umbraco.Core.IO; using Umbraco.Core.Logging; using umbraco.BusinessLogic; using umbraco.businesslogic.Exceptions; +using Umbraco.Core.Security; namespace umbraco.BasePages { @@ -15,6 +17,25 @@ namespace umbraco.BasePages [Obsolete("This class has been superceded by Umbraco.Web.UI.Pages.UmbracoEnsuredPage")] public class UmbracoEnsuredPage : BasePage { + /// + /// Checks if the page exists outside of the /umbraco route, in which case the request will not have been authenticated for the back office + /// so we'll force authentication. + /// + /// + protected override void OnPreInit(EventArgs e) + { + base.OnPreInit(e); + + //If this is not a back office request, then the module won't have authenticated it, in this case we + // need to do the auth manually and since this is an UmbracoEnsuredPage, this is the anticipated behavior + // TODO: When we implement Identity, this process might not work anymore, will be an interesting challenge + if (Context.Request.Url.IsBackOfficeRequest(HttpRuntime.AppDomainAppVirtualPath) == false) + { + var http = new HttpContextWrapper(Context); + var ticket = http.GetUmbracoAuthTicket(); + http.AuthenticateCurrentRequest(ticket, true); + } + } /// /// Gets/sets the app for which this page belongs to so that we can validate the current user's security against it