Merge pull request #13404 from sean-p-m/temp-13402

13402 - Update PreviewAuthenticationMiddleware to support chunked aut…
2022-11-23 11:36:15 +01:00
parent b392ac78b3 c365c64bea
commit aeb52ed94e
1 changed files with 15 additions and 9 deletions
--- a/src/Umbraco.Web.Common/Middleware/PreviewAuthenticationMiddleware.cs
+++ b/src/Umbraco.Web.Common/Middleware/PreviewAuthenticationMiddleware.cs
@@ -51,17 +51,23 @@ public class PreviewAuthenticationMiddleware : IMiddleware
                // If we've gotten this far it means a preview cookie has been set and a front-end umbraco document request is executing.
                // In this case, authentication will not have occurred for an Umbraco back office User, however we need to perform the authentication
                // for the user here so that the preview capability can be authorized otherwise only the non-preview page will be rendered.
-                if (cookieOptions.Cookie.Name is not null &&
-                    request.Cookies.TryGetValue(cookieOptions.Cookie.Name, out var cookie))
+                if (cookieOptions.Cookie.Name != null)
                {
-                    AuthenticationTicket? unprotected = cookieOptions.TicketDataFormat.Unprotect(cookie);
-                    ClaimsIdentity? backOfficeIdentity = unprotected?.Principal.GetUmbracoIdentity();
-                    if (backOfficeIdentity != null)
+                    var chunkingCookieManager = new ChunkingCookieManager();
+                    var cookie = chunkingCookieManager.GetRequestCookie(context, cookieOptions.Cookie.Name);
+
+                    if (!string.IsNullOrEmpty(cookie))
                    {
-                        // Ok, we've got a real ticket, now we can add this ticket's identity to the current
-                        // Principal, this means we'll have 2 identities assigned to the principal which we can
-                        // use to authorize the preview and allow for a back office User.
-                        context.User.AddIdentity(backOfficeIdentity);
+                        AuthenticationTicket? unprotected = cookieOptions.TicketDataFormat.Unprotect(cookie);
+                        ClaimsIdentity? backOfficeIdentity = unprotected?.Principal.GetUmbracoIdentity();
+
+                        if (backOfficeIdentity != null)
+                        {
+                            // Ok, we've got a real ticket, now we can add this ticket's identity to the current
+                            // Principal, this means we'll have 2 identities assigned to the principal which we can
+                            // use to authorize the preview and allow for a back office User.
+                            context.User.AddIdentity(backOfficeIdentity);
+                        }
                    }
                }
            }