search

Shazwazza / UmbracoIdentity

ASP.NET Identity implementation for Umbraco's native member data
MIT License
111 stars 58 forks source link

Media authentication controller with UmbracoIdentity #149

Open tonyhtp opened 2 years ago

tonyhtp commented 2 years ago

Thank you for your contribution to the community - great package :)

In an intranet project we've implemented both backoffice and member authentication with Azure AD. It seems to be working fine but we have problems getting the logged in member (to check access to file) in a basic controller hijacking media-files.

It seems we can get the logged in backend user by using GetUmbracoAuthTicket: var userTicket = umbracoContextReference.UmbracoContext.HttpContext.GetUmbracoAuthTicket(); currentUser = Current.Services.UserService.GetByUsername(userTicket.Identity.Name);

We've tried getting the logged in member from UmbracoContext, OwinContext, etc. but can't get it to work.

I've noticed that you in some other issue answered: "it could it be the request path that isn't activating authentication since only certain request paths are authenticated for front-end vs back office." Could this explain why we can't get the member in our controller (since the request path is /media/)?

In that case - can you change which request paths are authenticated for front-end members?

Or is there a simpler solution to this problem?

Shazwazza commented 2 years ago

Hi sorry for the delay. Yes, since back office and front-end authentication are cookie based, the actual authentication process will occur differently for each one. Typically you don't want to use GetUmbracoAuthTicket method to get the back office user, you should just use Umbraco's ASP.NET Identity implementation with the BackOfficeUserManager.

For the front-end - with this library - you would use the UmbracoIdentity ASP.NET Identity implementation with the UmbracoMembersUserManager.

Off the top of my head I cannot recall if the /media path is specifically checked. Here is the code that determines if this lib with cause cookie authentication to occur for a front-end request for members: https://github.com/Shazwazza/UmbracoIdentity/blob/master/src/UmbracoIdentity/FrontEndCookieManager.cs#L84

The code calls into Umbraco using reflection: https://github.com/Shazwazza/UmbracoIdentity/blob/master/src/UmbracoIdentity/FrontEndCookieManager.cs#L65

which is this code: https://github.com/umbraco/Umbraco-CMS/blob/v8/contrib/src/Umbraco.Core/UriExtensions.cs#L44

From what I can tell, the /media path isn't specifically checked so it should authenticate for a front-end member. If it's not, potentially its because the /media path is being handled by the static file handler first? I'm not really sure. Hopefully this leads you closer to a solution. Let me know what you find :)