Is there a way to override or extend Umbraco.Web.UmbracoModule.AuthenticateRequest?
I have an umbraco installation living as a virtual application in an existing site.
the existing site has its own auth/roles/users/etc... and I would like to use the existing session to tell umbraco who is authenticated.
To that end I have experimented with looking at writing custom Membership and Role providers however as it stands, the ideal situation is to ensure that our "parent application's" auth logic has the first swing at bat.
Having inspected the code related to this section in the Umbraco source it looks like
Umbraco.Web.UmbracoModule : IHttpModule
or
Umbraco.Core.Security public static class AuthenticationExtensions public static bool AuthenticateCurrentRequest(this HttpContextBase http, FormsAuthenticationTicket ticket, bool renewTicket)
would be the ideal place to insert my application's logic
Is there any good way to hook into Umbraco's application lifecycle?
So, in answer to my own question I had a bit of a "breakthrough" in terms of trying to achieve my goals.
In running Umbraco in a virtual directory, which already has its own authentication and login management, the solution I've decided to use is writing a custom IHttpModule.
What this allows me to do is intercept umbraco BEFORE any auth is run on its end.
namespace My.Application.Namespace
{
public class CustomWebModule : IHttpModule
{
static void AuthenticateRequest(object sender, EventArgs e){
// DO ALL FANCY STUFF in my app and then
// make calls to the KEY umbraco functions from umbraco.core.security.AuthenticationExtensions
// "Authenticate Current Request" function.
// https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Core/Security/AuthenticationExtensions.cs
// specifically: setting the GenericPrincipal and related entities.
}
public void Dispose()
{
//throw new NotImplementedException();
// make sure you don't write a memory leak! dispose of everything that needs it!
}
public void Init(HttpApplication app)
{
app.AuthenticateRequest += AuthenticateRequest;
}
}
}
Now - this is an "optimistic" declaration of a solution, as I have not yet determined with 100% certainty that I can call the functions within Umbraco.Core.Security to set my generic principal etc.. but I have a strong suspician that this will solve the problems I have with Umbraco Auth and is a generic enough and non-invasive enough solution that it could in theory be used to do any form of auth overrides like Single Sign On (SSO) or anything else.
The thing I like most is that it requires no hacking or forking of umbraco code meaning we can continue to pull updates & bugfixes from the core offering while our small auth class sits in between the request an umbraco acting as an "invisible" pass-through.
Is there a way to override or extend Umbraco.Web.UmbracoModule.AuthenticateRequest?
I have an umbraco installation living as a virtual application in an existing site.
the existing site has its own auth/roles/users/etc... and I would like to use the existing session to tell umbraco who is authenticated.
To that end I have experimented with looking at writing custom Membership and Role providers however as it stands, the ideal situation is to ensure that our "parent application's" auth logic has the first swing at bat.
Having inspected the code related to this section in the Umbraco source it looks like
or
would be the ideal place to insert my application's logic
Is there any good way to hook into Umbraco's application lifecycle?
EDIT:
incidentally - I have found https://our.umbraco.org/documentation/Reference/Events/application-startup which shows some promise with respect to being able to do what I'm looking for.
Will investigate from that angle while I cross my fingers in hopes of an expert answer :)
EDIT 2:
This also has some promise
http://stackoverflow.com/questions/9491288/custom-application-start-code-for-umbraco-website
So, in answer to my own question I had a bit of a "breakthrough" in terms of trying to achieve my goals.
In running Umbraco in a virtual directory, which already has its own authentication and login management, the solution I've decided to use is writing a custom IHttpModule.
What this allows me to do is intercept umbraco BEFORE any auth is run on its end.
See more information on the lifecycle here: https://msdn.microsoft.com/en-us/library/bb470252(v=vs.100).aspx
Specifically I am writing a custom BegunRequest (or AuthenticateRequest) handler.
Within Web.Config I write a key in the system.webserver/modules section BEFORE the key UmbracoModule I insert my keys
I also add
to the system.web/httpModules section
namespace My.Application.Namespace { public class CustomWebModule : IHttpModule { static void AuthenticateRequest(object sender, EventArgs e){ // DO ALL FANCY STUFF in my app and then // make calls to the KEY umbraco functions from umbraco.core.security.AuthenticationExtensions // "Authenticate Current Request" function. // https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Core/Security/AuthenticationExtensions.cs // specifically: setting the GenericPrincipal and related entities. } public void Dispose() { //throw new NotImplementedException(); // make sure you don't write a memory leak! dispose of everything that needs it! } public void Init(HttpApplication app) { app.AuthenticateRequest += AuthenticateRequest; } } }Now - this is an "optimistic" declaration of a solution, as I have not yet determined with 100% certainty that I can call the functions within Umbraco.Core.Security to set my generic principal etc.. but I have a strong suspician that this will solve the problems I have with Umbraco Auth and is a generic enough and non-invasive enough solution that it could in theory be used to do any form of auth overrides like Single Sign On (SSO) or anything else.
The thing I like most is that it requires no hacking or forking of umbraco code meaning we can continue to pull updates & bugfixes from the core offering while our small auth class sits in between the request an umbraco acting as an "invisible" pass-through.
is working on a reply...