yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data

Browse Source
This commit is contained in:
Shannon
2015-02-06 16:13:02 +11:00
parent 48317d7e61
commit 927add6f44
10 changed files with 168 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs
View File

@@ -1,5 +1,7 @@
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
@@ -49,7 +51,7 @@ namespace Umbraco.Web.Security.Identity
/// </summary>
/// <param name="app"></param>
/// <returns></returns>
public static IAppBuilder UseUmbracoBackAuthentication(this IAppBuilder app)
public static IAppBuilder UseUmbracoBackOfficeCookieAuthentication(this IAppBuilder app)
{
if (app == null) throw new ArgumentNullException("app");
@@ -60,21 +62,30 @@ namespace Umbraco.Web.Security.Identity
GlobalSettings.UseSSL,
GlobalSettings.Path)
{
//Provider = new CookieAuthenticationProvider
//{
// // Enables the application to validate the security stamp when the user
// // logs in. This is a security feature which is used when you
// // change a password or add an external login to your account.
// OnValidateIdentity = SecurityStampValidator
// .OnValidateIdentity<UmbracoMembersUserManager<UmbracoApplicationUser>, UmbracoApplicationUser, int>(
// TimeSpan.FromMinutes(30),
// (manager, user) => user.GenerateUserIdentityAsync(manager),
// identity => identity.GetUserId<int>())
//}
Provider = new CookieAuthenticationProvider
{
//// Enables the application to validate the security stamp when the user
//// logs in. This is a security feature which is used when you
//// change a password or add an external login to your account.
//OnValidateIdentity = SecurityStampValidator
// .OnValidateIdentity<UmbracoMembersUserManager<UmbracoApplicationUser>, UmbracoApplicationUser, int>(
// TimeSpan.FromMinutes(30),
// (manager, user) => user.GenerateUserIdentityAsync(manager),
// identity => identity.GetUserId<int>())
}
});
return app;
}
public static IAppBuilder UseUmbracoBackOfficeExternalCookieAuthentication(this IAppBuilder app)
{
if (app == null) throw new ArgumentNullException("app");
app.UseExternalSignInCookie("UmbracoExternalCookie");
return app;
}
}
}

17
src/Umbraco.Web/Security/Identity/FormsAuthenticationSecureDataFormat.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Security.Claims;
using System.Web.Security;
using Microsoft.Owin.Security;
using Newtonsoft.Json;
@@ -12,16 +13,18 @@ namespace Umbraco.Web.Security.Identity
internal class FormsAuthenticationSecureDataFormat : ISecureDataFormat<AuthenticationTicket>
{
private readonly int _loginTimeoutMinutes;
private readonly string _cookiePath;
public FormsAuthenticationSecureDataFormat(int loginTimeoutMinutes)
public FormsAuthenticationSecureDataFormat(int loginTimeoutMinutes, string cookiePath)
{
_loginTimeoutMinutes = loginTimeoutMinutes;
_cookiePath = cookiePath;
}
public string Protect(AuthenticationTicket data)
{
//TODO: Where to get the user data?
//var userDataString = JsonConvert.SerializeObject(userdata);
var backofficeIdentity = (UmbracoBackOfficeIdentity)data.Identity;
var userDataString = JsonConvert.SerializeObject(backofficeIdentity.UserData);
var ticket = new FormsAuthenticationTicket(
5,
@@ -29,8 +32,8 @@ namespace Umbraco.Web.Security.Identity
data.Properties.IssuedUtc.HasValue ? data.Properties.IssuedUtc.Value.LocalDateTime : DateTime.Now,
data.Properties.ExpiresUtc.HasValue ? data.Properties.ExpiresUtc.Value.LocalDateTime : DateTime.Now.AddMinutes(_loginTimeoutMinutes),
data.Properties.IsPersistent,
"", //User data here!! This will come from the identity
"/"
userDataString,
_cookiePath
);
return FormsAuthentication.Encrypt(ticket);
@@ -51,12 +54,14 @@ namespace Umbraco.Web.Security.Identity
var identity = new UmbracoBackOfficeIdentity(decrypt);
return new AuthenticationTicket(identity, new AuthenticationProperties
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties
{
ExpiresUtc = decrypt.Expiration.ToUniversalTime(),
IssuedUtc = decrypt.IssueDate.ToUniversalTime(),
IsPersistent = decrypt.IsPersistent
});
return ticket;
}
}
}

6
src/Umbraco.Web/Security/Identity/UmbracoBackOfficeCookieAuthenticationOptions.cs
View File

@@ -22,7 +22,7 @@ namespace Umbraco.Web.Security.Identity
ISecuritySection securitySection,
int loginTimeoutMinutes,
bool forceSsl,
string umbracoPath,
string cookiePath,
bool useLegacyFormsAuthDataFormat = true)
{
AuthenticationType = "UmbracoBackOffice";
@@ -30,7 +30,7 @@ namespace Umbraco.Web.Security.Identity
if (useLegacyFormsAuthDataFormat)
{
//If this is not explicitly set it will fall back to the default automatically
TicketDataFormat = new FormsAuthenticationSecureDataFormat(loginTimeoutMinutes);
TicketDataFormat = new FormsAuthenticationSecureDataFormat(loginTimeoutMinutes, cookiePath);
}
CookieDomain = securitySection.AuthCookieDomain;
@@ -39,7 +39,7 @@ namespace Umbraco.Web.Security.Identity
CookieSecure = forceSsl ? CookieSecureOption.Always : CookieSecureOption.SameAsRequest;
//Ensure the cookie path is set so that it isn't transmitted for anything apart from requests to the back office
CookiePath = umbracoPath.EnsureStartsWith('/');
CookiePath = cookiePath.EnsureStartsWith('/');
}
}