yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleaning up websecurity and implementing it, migrates security stamp and session id validation for cookie auth

Browse Source
This commit is contained in:
Shannon
2020-06-02 13:28:30 +10:00
parent d85fc0d353
commit b75fba71f5
33 changed files with 489 additions and 756 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
View File

@@ -9,6 +9,7 @@ using Umbraco.Core.Serialization;
using Umbraco.Net;
using Umbraco.Web.BackOffice.Security;
using Umbraco.Web.Common.AspNetCore;
using Umbraco.Web.Common.Security;
namespace Umbraco.Extensions
{
@@ -25,8 +26,9 @@ namespace Umbraco.Extensions
services
.AddAuthentication(Constants.Security.BackOfficeAuthenticationType)
.AddCookie(Constants.Security.BackOfficeAuthenticationType);
// TODO: Need to add more cookie options, see https://github.com/dotnet/aspnetcore/blob/3.0/src/Identity/Core/src/IdentityServiceCollectionExtensions.cs#L45
services.ConfigureOptions<ConfigureUmbracoBackOfficeCookieOptions>();
services.ConfigureOptions<ConfigureBackOfficeCookieOptions>();
}
/// <summary>
@@ -47,8 +49,8 @@ namespace Umbraco.Extensions
.AddClaimsPrincipalFactory<BackOfficeClaimsPrincipalFactory<BackOfficeIdentityUser>>();
// Configure the options specifically for the UmbracoBackOfficeIdentityOptions instance
services.ConfigureOptions<ConfigureUmbracoBackOfficeIdentityOptions>();
//services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<BackOfficeIdentityUser>>();
services.ConfigureOptions<ConfigureBackOfficeIdentityOptions>();
services.ConfigureOptions<ConfigureBackOfficeSecurityStampValidatorOptions>();
}
private static IdentityBuilder BuildUmbracoBackOfficeIdentity(this IServiceCollection services)