Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Alan Draper 52 posts 135 karma points
    Jan 04, 2016 @ 20:18
    Alan Draper

    HttpContext.Current.User.Identity.IsAuthenticated = false

    I'm trying to use the Umbraco UsersMembershipProvider to validate admin users for some non-umbraco admin pages. As I understand it, Umbraco uses the ASP.Net Membership provider, and the current user should be authenticated.

    From an umbraco page (like /Umbraco/Views/default.cshtml) I can see that

    HttpContext.Current.User.Identity.IsAuthenticated = true

    as expected.

    However, from a page outside of umbraco, I'm still getting

    HttpContext.Current.User.Identity.IsAuthenticated = false,

    even after having visited the back office pages and authenticated in Umbraco. So the [Authorize] attribute on my controller is redirecting to the non-existent login page.

    So, is it possible to use the Umbraco UsersMembershipProvider to authenticate a user outside of the umbraco context?

    Thanks -- Alan

  • Janae Cram 63 posts 439 karma points MVP 8x c-trib
    Jan 04, 2016 @ 20:56
    Janae Cram


    Hi! From my understanding and from running into a similar problem recently, HttpContext can't be used from an API Controller. This is due to the fact that HttpContext is used from a known state and an API is stateless, so the context should only be called from something in a state.

    That said, there are ways to get around it, although they're not recommended as best practices. You can check out this Stack Overflow article on how to access HttpContext from an API for more info (but note that I haven't tried it myself - I resorted to a different method for my issue as I didn't want to break those rules):



  • Alan Draper 52 posts 135 karma points
    Jan 04, 2016 @ 21:17
    Alan Draper

    There is no API controller. Just a regular old MVC controller. HttpContext.Current exists, as does HttpContext.Current.Session and HttpContext.Current.Request.Cookies.

  • Alan Draper 52 posts 135 karma points
    Jan 04, 2016 @ 21:22
    Alan Draper

    In fact, it doesn't even need to be a controller. I just added a page called "Test.aspx" in the root of the directory, and put a single line

    <%= HttpContext.Current.User.Identity.IsAuthenticated %>

    And I get "False".

  • Anders Bjerner 487 posts 2989 karma points MVP 8x admin c-trib
    Jan 04, 2016 @ 21:50
    Anders Bjerner

    Umbraco will only authenticate the user when certain criteria are met - eg. the URL is inside the /umbraco/ folder.

    If you still want to authenticate the backoffice user, you can do something like:

            HttpContextWrapper http = new HttpContextWrapper(HttpContext.Current);
            FormsAuthenticationTicket ticket = http.GetUmbracoAuthTicket();
            http.AuthenticateCurrentRequest(ticket, true);

    I have used this for WebForms pages located in the /App_Plugins/ folder, where it works like a charm.

  • Alan Draper 52 posts 135 karma points
    Jan 04, 2016 @ 22:37
    Alan Draper

    OK, now I'm a little embarrassed... I had actually done this a long time ago, and put into our Global.asax file, but the Umbraco upgrade overwrote the file.

    Thanks for the help... hopefully I won't need it again next time I upgrade our Umbraco installation.

Please Sign in or register to post replies

Write your reply to: