yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,452 Commits 4 Branches 7 Tags
dec7ef8f3fe2e184cd214f6df34bb2f802fe0032
Commit Graph

20 Commits

Author SHA1 Message Date
Shannon
6efd14eff3 Updates the startup auth code extension methods to better support extensibility so people could override the default user store or manager in order to implement some interfaces that we currently don't. 2015-04-01 13:42:31 +11:00
Shannon
e468492064 Updates back office ext methods to include the CallbackPath which is key to make multi-tenanted work and ensures that the back office providers are linked with the umbraco back office external cookie provider. Adds some docs about it too. Updates the web.config templates to ensure the correct assembly redirects. 2015-04-01 13:42:29 +11:00
Shannon
880c9cf679 Updates back office extensions to use AuthenticationDescriptionOptionsExtension to configure the options for umb back office 2015-04-01 13:42:19 +11:00
Shannon
bf59510c68 Removes setting the default sign in auth type - this is a user setting, we cannot modify that. 2015-04-01 13:42:16 +11:00
Shannon
86833aa8bf Updates the back office external cookie name to be consistently cased with the other back office cookie names 2015-04-01 13:42:11 +11:00
Shannon
4dcc4807ed Implements IUserSecurityStore and ensures there is a security stamp token in place, have updated the repository layer to manual update this if ASPNet Identity APIs are not used to update users. 2015-04-01 13:42:09 +11:00
Shannon
90b562a0a1 Update the PostLogin method to write the auth ticket the way that webapi is supposed to, not sure how this was actually working before because writing cookies directly with HttpContext and then also using WebApi normally doesn't work (maybe in very specific circumstances), so now the cookie writing is done consistently and it is working, prior to this i was getting lots of issues with the xsrf tokens. Updated some user model mappings for convenience and update naming conventions for some properties of the BackOfficeIdentityUser for consistency. 2015-04-01 13:42:07 +11:00
Shannon
5a88ff774c adds overload to specify custom backoffice user store for custom implementations (i.e. 2 factor auth, etc...) 2015-04-01 13:41:57 +11:00
Shannon
b269760b21 removes the BackOfficeRoleManager since we don't use roles in the back office (sections i suppose) and we can't dynamically just create them, that doesn't make sense. 2015-04-01 13:41:55 +11:00
Shannon
2d72a66879 Updates OwinStartup and split the methods into an extension methods file complete with documentation on how to implement the providers. Tested the microsoft provider. Now to clean things up: remove the 3rd party package installs to be ready for shipping, ensure that the user parts are extensible enough for people to plugin their own interfaces. 2015-04-01 13:41:50 +11:00
Shannon
7dc50fda26 moves NaiveSessionCache to web proj 2015-04-01 13:41:48 +11:00
Shannon
4b156ba27e Starts stubbing out role manager code 2015-04-01 13:41:43 +11:00
Shannon
52c4d80cfc more identity awesome 2015-04-01 13:41:33 +11:00
Shannon
5d4d209030 Gets external cookies working with a custom auth type (so we don't interfere with the 'default') 2015-04-01 13:41:31 +11:00
Shannon
d9f453d860 Gets the user store up to date with the correct queries. 2015-04-01 13:41:28 +11:00
Shannon
8c51e8bad8 Implements IExternalLoginService and the db table, implements more logic to start enabling this to work in the back office, need to implement the rest of the userstore and then implement a way once logged in to the back office to allow users to link their accounts with external logins. Currently if an external login is detected during startup and it has not been linked we'll throw an exception. Very very close to making this all work nicely. 2015-04-01 13:41:26 +11:00
Shannon
927add6f44 Updates UmbracoBackOfficeIdentity to add claims and adds a new ctor so people can create an identity manually - this is really the key, by doing this we'd already be able to have 3rd party authentication happening. Ensures our custom secure data format persists the user data 2015-04-01 13:41:21 +11:00
Shannon
48317d7e61 massively simplifies the cookie handling, we don't use our own and just use the defaults, the trick to not validating everything is to use the cookie path. This does mean that each clientside request will also be validated but there's no way to override this behavior in identity currently, the cookie handler is internal so unless we copy/paste all of it's code can't do much about that. 2015-04-01 13:41:18 +11:00
Shannon
93df2edec2 Initial install which now uses Identity middleware to perform the back office auth (no longer done in our module). Created custom data secure classes that use the legacy Forms auth logic for backwards compat. This means that the cookie can still be written the old way and still auth the new way if required. Now need to clean a lot of this up. 2015-04-01 13:41:16 +11:00
Shannon
028ddfe290 Starts adding asp.net identity 2015-04-01 13:41:13 +11:00