Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Brad Wickett 16 posts 76 karma points
    Mar 07, 2018 @ 22:33
    Brad Wickett
    0

    Has anyone else had timeout issues since upgrade to version 7.8.0 or later? Up through 7.7.9 things were working fine, but after upgrading to 7.8.0 and recently to 7.9.2 the backoffice seems to timeout after just a minute or so. We do use a custom "owin:Startup" authentication module to authenticate via LDAP to our Active Directory, so I'm not sure if anything has changed with the owin authentication models.

  • Brad Wickett 16 posts 76 karma points
    Mar 09, 2018 @ 21:11
    Brad Wickett
    0

    I've done some more testing with a fresh install and I can confirm that this is related to using our custom owin:appStartup authentication provider. This has been working up until version 7.8.0. Did something change with overriding authentication to use AD authentication that I need to update. I haven't seen anything in any of the upgrade notes in any version since 7.7.9 that would indicate why this broke.

  • Brad Wickett 16 posts 76 karma points
    Mar 09, 2018 @ 21:47
    Brad Wickett
    0

    Our current code is at the end of this post. However, the BackOfficeUserManager.Create method now is obsolete and says "Use the overload specifying all dependencies instead". If you have a newer code example of how to do that I would appreciate it.

    Current Code:

    using Microsoft.Owin; using System; using Owin; using Umbraco.Core; using Umbraco.Core.Models.Identity; using Umbraco.Core.Security; using Umbraco.Web.Security.Identity; using System.Threading.Tasks; using System.DirectoryServices; using UmbracoOWINLDAP_Authentication;

    [assembly: OwinStartup("UmbracoOwinLdapStartup", typeof(UmbracoOwinLdapStartup))] namespace UmbracoOWINLDAP_Authentication { public class UmbracoOwinLdapStartup { public void Configuration(IAppBuilder app) { var applicationContext = ApplicationContext.Current; app.UseUmbracoBackOfficeCookieAuthentication(applicationContext); app.UseUmbracoBackOfficeExternalCookieAuthentication(applicationContext); app.UseUmbracoPreviewAuthentication(applicationContext);

            app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
                applicationContext,
                (options, context) =>
                {
                    var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
    
                    var userManager = BackOfficeUserManager.Create(
                        options,
                        applicationContext.Services.UserService,
                        applicationContext.Services.ExternalLoginService,
                        membershipProvider);
    
    
                    userManager.BackOfficeUserPasswordChecker = new LdapPasswordChecker();
                    return userManager;
                });
        }
    }
    
    public class LdapPasswordChecker : IBackOfficeUserPasswordChecker
    {
        public Task<BackOfficeUserPasswordCheckerResult> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
        {
            // By default, we will fall back to the default checker if things fail here
            var result = BackOfficeUserPasswordCheckerResult.FallbackToDefaultChecker;
    
            // Never try and perform an LDAP authentication against the ADMIN user
            string Username = user.UserName.ToLower();
            if (Username != "admin") {
                bool ValidLogin = ldapAuth(Username, password);
                if (ValidLogin) {
                    result = BackOfficeUserPasswordCheckerResult.ValidCredentials;
                }
            }
            return Task.FromResult(result);
        }
    
        private bool ldapAuth(string Username, string Password)
        {
            bool output = false;
            try {
                string ldapRoot = string.Empty;
                try {
                    ldapRoot += System.Configuration.ConfigurationManager.AppSettings["UmbracoOwinLdapRoot"];
                } catch { } // Unable to read the UmbracoOwinLdapRoot setting from web.config
    
                if (!String.IsNullOrWhiteSpace(ldapRoot)) {
                    string domainAndUsername = ldapRoot + @"\" + Username;
                    DirectoryEntry entry = new DirectoryEntry("LDAP://" + ldapRoot, domainAndUsername, Password);
                    try {
                        DirectorySearcher search = new DirectorySearcher(entry);
                        search.Filter = "(SAMAccountName=" + Username + ")";
                        search.PropertiesToLoad.Add("cn");
                        System.DirectoryServices.SearchResult result = search.FindOne();
                        if (result != null) {
                            output = true; // Login was successful
                        }
                    } catch { } // Unable to query LDAP
                }
            } catch { } // Unable to create DirectoryEntry for LDAP query
            return output;
        }
    }
    

    }

  • Brad Wickett 16 posts 76 karma points
    Mar 13, 2018 @ 22:40
    Brad Wickett
    0

    Any ideas here? We've had to roll back to 7.7.9 and I need to get this working with the newer versions.

  • Dave Woestenborghs 2768 posts 8424 karma points MVP 3x admin c-trib
    Mar 14, 2018 @ 10:22
    Dave Woestenborghs
    0

    Hi Brad,

    I think it's best to create a issue on : http://issues.umbraco.org/issues

    Because 7.8.0 release doesn't list any breaking changes in regards to OWIN : https://our.umbraco.org/download/releases/780/

    Dave

  • Brad Wickett 16 posts 76 karma points
    Mar 14, 2018 @ 20:31
    Brad Wickett
    0

    OK, I have created an issue and included the entire code sample we are using.

  • Brad Wickett 16 posts 76 karma points
    Apr 10, 2018 @ 18:17
    Brad Wickett
    0

    Dave,

    Any update on this? I put in a bug request a month ago and I've heard nothing. I hate to turn off our ability to use AD authentication against our local AD using LDAP, but at this point I'm getting uncomfortable on how many versions behind we are getting.

    Thanks,

    Brad

Please Sign in or register to post replies

Write your reply to:

Draft