Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
I'm trying to use the Umbraco UsersMembershipProvider to validate admin users for some non-umbraco admin pages. As I understand it, Umbraco uses the ASP.Net Membership provider, and the current user should be authenticated.
From an umbraco page (like /Umbraco/Views/default.cshtml) I can see that
HttpContext.Current.User.Identity.IsAuthenticated = true
However, from a page outside of umbraco, I'm still getting
HttpContext.Current.User.Identity.IsAuthenticated = false,
HttpContext.Current.User.Identity.IsAuthenticated = false
even after having visited the back office pages and authenticated in Umbraco. So the [Authorize] attribute on my controller is redirecting to the non-existent login page.
So, is it possible to use the Umbraco UsersMembershipProvider to authenticate a user outside of the umbraco context?
Thanks -- Alan
Hi! From my understanding and from running into a similar problem recently, HttpContext can't be used from an API Controller. This is due to the fact that HttpContext is used from a known state and an API is stateless, so the context should only be called from something in a state.
That said, there are ways to get around it, although they're not recommended as best practices. You can check out this Stack Overflow article on how to access HttpContext from an API for more info (but note that I haven't tried it myself - I resorted to a different method for my issue as I didn't want to break those rules): http://stackoverflow.com/questions/19884619/is-it-possible-to-access-httpcontext-current-session-from-web-api
There is no API controller. Just a regular old MVC controller. HttpContext.Current exists, as does HttpContext.Current.Session and HttpContext.Current.Request.Cookies.
In fact, it doesn't even need to be a controller. I just added a page called "Test.aspx" in the root of the directory, and put a single line
<%= HttpContext.Current.User.Identity.IsAuthenticated %>
And I get "False".
Umbraco will only authenticate the user when certain criteria are met - eg. the URL is inside the /umbraco/ folder.
If you still want to authenticate the backoffice user, you can do something like:
HttpContextWrapper http = new HttpContextWrapper(HttpContext.Current);
FormsAuthenticationTicket ticket = http.GetUmbracoAuthTicket();
I have used this for WebForms pages located in the /App_Plugins/ folder, where it works like a charm.
OK, now I'm a little embarrassed... I had actually done this a long time ago, and put into our Global.asax file, but the Umbraco upgrade overwrote the file.
Thanks for the help... hopefully I won't need it again next time I upgrade our Umbraco installation.
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted