Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alan Draper 57 posts 140 karma points
    Jan 04, 2016 @ 20:18
    Alan Draper
    0

    HttpContext.Current.User.Identity.IsAuthenticated = false

    I'm trying to use the Umbraco UsersMembershipProvider to validate admin users for some non-umbraco admin pages. As I understand it, Umbraco uses the ASP.Net Membership provider, and the current user should be authenticated.

    From an umbraco page (like /Umbraco/Views/default.cshtml) I can see that

    HttpContext.Current.User.Identity.IsAuthenticated = true

    as expected.

    However, from a page outside of umbraco, I'm still getting

    HttpContext.Current.User.Identity.IsAuthenticated = false,

    even after having visited the back office pages and authenticated in Umbraco. So the [Authorize] attribute on my controller is redirecting to the non-existent login page.

    So, is it possible to use the Umbraco UsersMembershipProvider to authenticate a user outside of the umbraco context?

    Thanks -- Alan

    Copy Link
  • Janae Cram 63 posts 439 karma points MVP 8x c-trib
    Jan 04, 2016 @ 20:56
    Janae Cram
    0

    Alan,

    Hi! From my understanding and from running into a similar problem recently, HttpContext can't be used from an API Controller. This is due to the fact that HttpContext is used from a known state and an API is stateless, so the context should only be called from something in a state.

    That said, there are ways to get around it, although they're not recommended as best practices. You can check out this Stack Overflow article on how to access HttpContext from an API for more info (but note that I haven't tried it myself - I resorted to a different method for my issue as I didn't want to break those rules): http://stackoverflow.com/questions/19884619/is-it-possible-to-access-httpcontext-current-session-from-web-api

    Cheers,

    Janae

    Copy Link
  • Alan Draper 57 posts 140 karma points
    Jan 04, 2016 @ 21:17
    Alan Draper
    0

    There is no API controller. Just a regular old MVC controller. HttpContext.Current exists, as does HttpContext.Current.Session and HttpContext.Current.Request.Cookies.

    Copy Link
  • Alan Draper 57 posts 140 karma points
    Jan 04, 2016 @ 21:22
    Alan Draper
    0

    In fact, it doesn't even need to be a controller. I just added a page called "Test.aspx" in the root of the directory, and put a single line

    <%= HttpContext.Current.User.Identity.IsAuthenticated %>

    And I get "False".

    Copy Link
  • Anders Bjerner 487 posts 2990 karma points MVP 8x admin c-trib
    Jan 04, 2016 @ 21:50
    Anders Bjerner
    100

    Umbraco will only authenticate the user when certain criteria are met - eg. the URL is inside the /umbraco/ folder.

    If you still want to authenticate the backoffice user, you can do something like:

            HttpContextWrapper http = new HttpContextWrapper(HttpContext.Current);
        FormsAuthenticationTicket ticket = http.GetUmbracoAuthTicket();
        http.AuthenticateCurrentRequest(ticket, true);

    I have used this for WebForms pages located in the /App_Plugins/ folder, where it works like a charm.

    Copy Link
  • Alan Draper 57 posts 140 karma points
    Jan 04, 2016 @ 22:37
    Alan Draper
    0

    OK, now I'm a little embarrassed... I had actually done this a long time ago, and put into our Global.asax file, but the Umbraco upgrade overwrote the file.

    Thanks for the help... hopefully I won't need it again next time I upgrade our Umbraco installation.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft