Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Bharati 5 posts 85 karma points
    Feb 13, 2017 @ 04:56
    Bharati
    0

    Aspnet Identity (OWIN) - Front end authentication without impacting "backoffice"

    Hi

    This is my first post in this forum. Please excuse me if this is already asked by some one and answered.

    I want to have "custom authentication" for my website (just the front end) , I do not want to change the backend. The "front end" requires valid credentials (this is validated against an api) and if the "credentials" are valid, the required information such as user name and other fields is stored to cookie (aspnet identity).

    Code snippet: (The namespace XYZ is not my real namespace. For the purpose of this post, I replace my namespace with XYZ)

    Web.config:

       <add key="owin:appStartup" value="XYZ.Startup" />
    

    Startup.cs

    [assembly: OwinStartup(typeof(XYZ.Startup))] namespace XYZ { public partial class Startup : UmbracoDefaultOwinStartup { public override void Configuration(IAppBuilder app) { base.Configuration(app); ConfigureAuth(app); } } }

    Startup.Auth.cs:

    namespace XYZ { public partial class Startup { public void ConfigureAuth(IAppBuilder app) {

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/SignIn"),
                Provider = new CookieAuthenticationProvider
                {
                    OnApplyRedirect = ctx => { ctx.Response.Redirect(ctx.RedirectUri); }
                },
                ExpireTimeSpan = TimeSpan.FromMinutes(20),
                CookieName = "MyCookie" 
            });            
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    
        }
    }
    

    }

    Source code of "SignIn":

    var Identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier,"Id"), new Claim(ClaimTypes.Name,"Name"), new Claim("ClaimType","Value") }, DefaultAuthenticationTypes.ApplicationCookie);

            var ctx = Request.GetOwinContext();
    
            var authManager = ctx.Authentication;
    

    authManager.SignIn(new AuthenticationProperties() { AllowRefresh = true, IsPersistent = true, ExpiresUtc=DateTime.UtcNow.AddHours(1) }, Identity);

    The front end is working great. However it has an impact on the "Back office". After I enter the user name and password, the back office is trying to redirect to "signin" which is supposed to be used by front end only.

    Could you please advise what is wrong. If I remove "ConfigureAuth" the back office is working fine but not the "front end".

    (I will try to create an empty project and upload the code to GITHUB)

    Thanks Bharati.

  • Dave Woestenborghs 2384 posts 6724 karma points mvp c-trib
    Feb 14, 2017 @ 07:45
    Dave Woestenborghs
    100

    Hi Bharati

    We faced similar issues when using a ASP.NET identity with a custom store. Luckily we could solve it.

    This is how my owin startup looks.

    public class OwinStartup : UmbracoDefaultOwinStartup
    {
        /// <summary>
        /// Configures services to be created in the OWIN context (CreatePerOwinContext)
        /// </summary>
        /// <param name="app"></param>
        protected override void ConfigureServices(IAppBuilder app)
        {         
            base.ConfigureServices(app);            
        }
    
        /// <summary>Configures middleware to be used (i.e. app.Use...)</summary>
        /// <param name="app"></param>
        protected override void ConfigureMiddleware(IAppBuilder app)
        {
            base.ConfigureMiddleware(app);
    
            // TODO set correct login path
            app.UseCookieAuthentication(
                new FrontEndCookieAuthenticationOptions
                    {
                        LoginPath = new PathString("/nl/login"),
                        //Provider = new CookieAuthenticationProvider
                        //{
                        //    // Enables the application to validate the security stamp when the user logs in.
                        //    // This is a security feature which is used when you change a password or add an external login to your account.  
                        //    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<OypoUserManager, OypoUser>(
                        //       validateInterval: TimeSpan.FromMinutes(30),
                        //       regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                        //}
                    });
        }
    }
    

    This is the code for FrontEndCookieAuthenticationOptions.

    internal class FrontEndCookieAuthenticationOptions : CookieAuthenticationOptions
        {
            public FrontEndCookieAuthenticationOptions()
            {
                CookieManager = new FrontEndCookieManager();
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie;
            }
        }
    

    And this is the code for the FrontEndCookieManager

     internal class FrontEndCookieManager : ChunkingCookieManager, ICookieManager
        {
            /// <summary>
            /// Explicitly implement this so that we filter the request
            /// </summary>
            /// <param name="context"></param>
            /// <param name="key"></param>
            /// <returns></returns>
            string ICookieManager.GetRequestCookie(IOwinContext context, string key)
            {
                if (UmbracoContext.Current == null || IsClientSideRequest(context.Request.Uri))
                {
                    return null;
                }
    
                var authForBackOffice = ShouldAuthForBackOfficeRequest(context);
    
                return authForBackOffice
                           // Don't auth request since this is for the back office, don't return a cookie
                    ? null
                    // Return the default implementation
                    : base.GetRequestCookie(context, key);
            }
    
            private static bool IsClientSideRequest(Uri url)
            {
                var ext = Path.GetExtension(url.LocalPath);
                if (ext.IsNullOrWhiteSpace())
                {
                    return false;
                }
    
                var toInclude = new[] { ".aspx", ".ashx", ".asmx", ".axd", ".svc" };
                return toInclude.Any(ext.InvariantEquals) == false;
            }
    
            private static bool IsBackOfficeRequest(IOwinRequest request)
            {           
                return (bool)typeof(UriExtensions).CallStaticMethod("IsBackOfficeRequest", request.Uri, HttpRuntime.AppDomainAppVirtualPath);
            }
    
            private static bool IsInstallerRequest(IOwinRequest request)
            {
                return (bool)typeof(UriExtensions).CallStaticMethod("IsInstallerRequest", request.Uri);
            }
    
            /// <summary>
            /// Determines if the request should be authenticated for the back office
            /// </summary>
            /// <param name="ctx"></param>
            /// <returns></returns>
            /// <remarks>
            /// We auth the request when:
            /// * it is a back office request
            /// * it is an installer request
            /// * it is a preview request
            /// </remarks>
            private bool ShouldAuthForBackOfficeRequest(IOwinContext ctx)
            {
                var request = ctx.Request;
    
                if (//check back office
                    IsBackOfficeRequest(request)
                    //check installer
                    || IsInstallerRequest(request))
                {
                    return true;
                }
                return false;
            }
    
    
    
        }
    

    This solved our issues. We "borrowed" this code from https://github.com/Shazwazza/UmbracoIdentity

    Dave

  • Craig Mayers 140 posts 454 karma points
    Oct 24, 2017 @ 16:41
    Craig Mayers
    0

    Hi Dave,

    What namespace does CallStaticMethod() belong to?

    I am getting a build error, that I am missing a namespace.

    Any help would be greatly appreciated.

    Thanks

    Craig

  • Bharati 5 posts 85 karma points
    Feb 28, 2017 @ 02:16
    Bharati
    0

    Thanks so much. (I was on holiday hence couldn't respond)

  • Bharati 5 posts 85 karma points
    Mar 01, 2017 @ 00:51
    Bharati
    0

    Hi Dave, Another quick query please. Did you install the Umbraco Identity package and customize the code (or) is it just the normal way without installing Umbraco Identity package ?

  • Dave Woestenborghs 2384 posts 6724 karma points mvp c-trib
    Mar 01, 2017 @ 07:00
    Dave Woestenborghs
    0

    Hi Bhatari,

    I did not install the Umbraco Identity package because this is for Umbraco members. We needed to implement our own custom store.

    Dave

  • Bharati 5 posts 85 karma points
    Mar 05, 2017 @ 21:36
    Bharati
    0

    Thanks so much. I followed similar approach, didn't install Umbraco identity package and I have this working as I expect. The backend authentication still works as-is, I have my own custom authentication and authorization for front end.

    :-)

  • Mark Owen 6 posts 76 karma points
    Mar 15, 2017 @ 14:45
    Mark Owen
    0

    We have a similar setup too, but have found that it causes preview of an unpublished page to stop working.

    This appears to be because previewing an unpublished page requires you to have a User.Identity that is an UmbracoBackOfficeIdentity and when using this that is no longer true.

    Has anybody encountered this? Solved this? Or has any idea how we might do?

  • Bharati 5 posts 85 karma points
    Mar 20, 2017 @ 21:17
    Bharati
    0

    Hi Mark, I just tried this and you are right I can't see preview of an unpublished page.

    I get "Page not found" page when previewing a saved page.

    I am not sure if there is 'defect log' so we can post it there ?

  • Mark Owen 6 posts 76 karma points
    Mar 21, 2017 @ 08:50
    Mark Owen
    0

    Hi Bharati,

    I went to add a defect to Umbraco's issue tracker the same day I posted and ended up finding this issue that discusses this problem:

    http://issues.umbraco.org/issue/U4-4219

    Following the instructions in the description and this post I managed to get front end and back office authentication working without impacting each other with preview also working.

    Mark

  • Dmitry Gempler 1 post 71 karma points
    Jul 13, 2017 @ 01:16
    Dmitry Gempler
    0

    Hi Bharati and Mark,

    Could you please both post your solutions? I've been banging my head against the wall for the last couple of weeks trying to get through my authentication woes.

    You both say you have solutions similar's to Dave's, so I'm mainly curious what the differences are. Did you also follow the Config Updates recommended in https://github.com/Shazwazza/UmbracoIdentity ?

    My set up is Umbraco 7.4.3 in an Azure Web App, and I'm trying to add Azure Authorization / Authentication (aka Easy Auth) using ActiveDirectory.

    I've tried the solution posted by Dave above (modified slightly to work with Easy Auth) and it mostly works, but I'm running into issues with:

    1. Logging into backoffice after being authenticated on front end (exact error as mention here: https://github.com/Shazwazza/UmbracoIdentity/issues/28)
    2. The preview issue (and I've tried the instructions mentioned in http://issues.umbraco.org/issue/U4-4219)

    Any help would be appreciated.

    Thanks!

  • Mark Owen 6 posts 76 karma points
    Jul 14, 2017 @ 12:46
    Mark Owen
    0

    Hi Dmitry,

    It's been a while, but I think our solution was as above, but with this ConfigureMiddleware method instead

    protected override void ConfigureMiddleware(IAppBuilder app)
        {
            app.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext, PipelineStage.Authenticate);
            app.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext, PipelineStage.Authenticate);
    
            app.UseCookieAuthentication(new FrontEndCookieAuthenticationOptions
            {
                ...
            });
    
            app.UseUmbracoPreviewAuthentication(ApplicationContext, PipelineStage.PostAuthenticate);
        }
    

    Hope this helps,

    Mark

  • Viktor Ekholm 5 posts 94 karma points
    5 days ago
    Viktor Ekholm
    0

    I'm trying to do something similar, but cannot quite wrap my head around it. I have this existing Umbraco setup where I use the default forms authentication for logging into the back-office.

    How ever, I would like to protect some of the front-end controller actions via AuthorizeAttribute, requiring the users who try to execute these to logon via Azure AD B2C.

    I have an existing OWIN implementation for Azure AD B2C in a non-Umbraco web application using Microsoft.Owin.Security.OpenIdConnect. How to integrate this setup with this workaround?

Please Sign in or register to post replies

Write your reply to:

Draft