View Source

Class AuthenticationController

The API controller used for editing content

Inheritance

System.Object

UmbracoApiControllerBase

UmbracoApiController

Namespace: Umbraco.Web.Editors

Assembly: Umbraco.Web.dll

Syntax

[PluginController("UmbracoApi")]
public class AuthenticationController : UmbracoApiController, IDiscoverable

Constructors

AuthenticationController(IGlobalSettings, IUmbracoContextAccessor, ISqlContext, ServiceContext, AppCaches, IProfilingLogger, IRuntimeState, UmbracoHelper, IUmbracoSettingsSection)

Declaration

public AuthenticationController(IGlobalSettings globalSettings, IUmbracoContextAccessor umbracoContextAccessor, ISqlContext sqlContext, ServiceContext services, AppCaches appCaches, IProfilingLogger logger, IRuntimeState runtimeState, UmbracoHelper umbracoHelper, IUmbracoSettingsSection umbracoSettingsSection)

Parameters

Type	Name	Description
IGlobalSettings	globalSettings
IUmbracoContextAccessor	umbracoContextAccessor
ISqlContext	sqlContext
ServiceContext	services
AppCaches	appCaches
IProfilingLogger	logger
IRuntimeState	runtimeState
UmbracoHelper	umbracoHelper
IUmbracoSettingsSection	umbracoSettingsSection

Properties

SignInManager

Declaration

protected BackOfficeSignInManager SignInManager { get; }

Property Value

Type	Description
BackOfficeSignInManager

UserManager

Declaration

protected BackOfficeUserManager<BackOfficeIdentityUser> UserManager { get; }

Property Value

Type	Description
BackOfficeUserManager<BackOfficeIdentityUser>

Methods

Get2FAProviders()

Used to retrieve the 2FA providers for code submission

Declaration

public async Task<IEnumerable<string>> Get2FAProviders()

Returns

Type	Description
System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<System.String>>

GetCurrentInvitedUser()

When a user is invited they are not approved but we need to resolve the partially logged on (non approved) user.

Declaration

public UserDetail GetCurrentInvitedUser()

Returns

Type	Description
UserDetail

Remarks

We cannot user GetCurrentUser since that requires they are approved, this is the same as GetCurrentUser but doesn't require them to be approved

GetCurrentUser()

Returns the currently logged in Umbraco user

Declaration

public UserDetail GetCurrentUser()

Returns

Type	Description
UserDetail

Remarks

We have the attribute [SetAngularAntiForgeryTokens] applied because this method is called initially to determine if the user is valid before the login screen is displayed. The Auth cookie can be persisted for up to a day but the csrf cookies are only session cookies which means that the auth cookie could be valid but the csrf cookies are no longer there, in that case we need to re-set the csrf cookies.

GetCurrentUserLinkedLogins()

Declaration

public async Task<Dictionary<string, string>> GetCurrentUserLinkedLogins()

Returns

Type	Description
System.Threading.Tasks.Task<System.Collections.Generic.Dictionary<System.String, System.String>>

GetMembershipProviderConfig()

Returns the configuration for the backoffice user membership provider - used to configure the change password dialog

Declaration

public IDictionary<string, object> GetMembershipProviderConfig()

Returns

Type	Description
System.Collections.Generic.IDictionary<System.String, System.Object>

IsAuthenticated()

Checks if the current user's cookie is valid and if so returns OK or a 400 (BadRequest)

Declaration

public bool IsAuthenticated()

Returns

Type	Description
System.Boolean

PostLogin(LoginModel)

Logs a user in

Declaration

public async Task<HttpResponseMessage> PostLogin(LoginModel loginModel)

Parameters

Type	Name	Description
LoginModel	loginModel

Returns

Type	Description
System.Threading.Tasks.Task<HttpResponseMessage>

PostLogout()

Logs the current user out

Declaration

public HttpResponseMessage PostLogout()

Returns

Type	Description
HttpResponseMessage

PostRequestPasswordReset(RequestPasswordResetModel)

Processes a password reset request. Looks for a match on the provided email address and if found sends an email with a link to reset it

Declaration

public async Task<HttpResponseMessage> PostRequestPasswordReset(RequestPasswordResetModel model)

Parameters

Type	Name	Description
RequestPasswordResetModel	model

Returns

Type	Description
System.Threading.Tasks.Task<HttpResponseMessage>

PostSend2FACode(String)

Declaration

public async Task<IHttpActionResult> PostSend2FACode(string provider)

Parameters

Type	Name	Description
System.String	provider

Returns

Type	Description
System.Threading.Tasks.Task<IHttpActionResult>

PostSetPassword(SetPasswordModel)

Processes a set password request. Validates the request and sets a new password.

Declaration

public async Task<HttpResponseMessage> PostSetPassword(SetPasswordModel model)

Parameters

Type	Name	Description
SetPasswordModel	model

Returns

Type	Description
System.Threading.Tasks.Task<HttpResponseMessage>

PostUnLinkLogin(UnLinkLoginModel)

Declaration

public async Task<HttpResponseMessage> PostUnLinkLogin(UnLinkLoginModel unlinkLoginModel)

Parameters

Type	Name	Description
UnLinkLoginModel	unlinkLoginModel

Returns

Type	Description
System.Threading.Tasks.Task<HttpResponseMessage>

PostVerify2FACode(Verify2FACodeModel)

Declaration

public async Task<HttpResponseMessage> PostVerify2FACode(Verify2FACodeModel model)

Parameters

Type	Name	Description
Verify2FACodeModel	model

Returns

Type	Description
System.Threading.Tasks.Task<HttpResponseMessage>

PostVerifyInvite(Int32, String)

Checks if a valid token is specified for an invited user and if so logs the user in and returns the user object

Declaration

public async Task<UserDisplay> PostVerifyInvite(int id, string token)

Parameters

Type	Name	Description
System.Int32	id
System.String	token

Returns

Type	Description
System.Threading.Tasks.Task<UserDisplay>

Remarks

This will also update the security stamp for the user so it can only be used once