I'm trying to open an issue at http://issues.umbraco.org, but it appears that youtrack application isn't collaborating... as today.
Nevertheless I've tried to follow the instructions of the documentation regarding extending umbraco backoffice security by implementing a custom IBackOfficeUserPasswordChecker. Although I've already tried the exact same code that is suggested in a 7.8.3 version and in a clean latest version 7.11, but also returns the same error:
Unable to cast object of type 'System.Security.Claims.ClaimsIdentity' to type 'Umbraco.Core.Security.UmbracoBackOfficeIdentity'
My current implementation at the 'UmbracoCustomOwinStartup' class:
public void Configuration(IAppBuilder app)
{
var applicationContext = ApplicationContext.Current;
app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
applicationContext,
(options, context) =>
{
var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var store = new BackOfficeUserStore(
applicationContext.Services.UserService,
applicationContext.Services.EntityService,
applicationContext.Services.ExternalLoginService,
membershipProvider);
var userManager = new BackOfficeUserManager(store)
{
//Set your own custom IBackOfficeUserPasswordChecker
BackOfficeUserPasswordChecker = new MyPasswordChecker()
};
return userManager;
});
//Ensure owin is configured for Umbraco back office authentication
app
.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);
}
And the MyPasswordChecker class:
internal class MyPasswordChecker : IBackOfficeUserPasswordChecker
{
public Task<BackOfficeUserPasswordCheckerResult> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
{
var result = (password == "test")
? Task.FromResult(BackOfficeUserPasswordCheckerResult.FallbackToDefaultChecker)
: Task.FromResult(BackOfficeUserPasswordCheckerResult.InvalidCredentials);
return Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials);
}
}
Maybe is something that I'm missing? Anyone had this issue before?
Hi Shannon, thanks for your reply. Yes I'm testing on localhost. This time, I paid attention regarding the cookies, and tried to perform the same with a new private browser session with no cookies or local storage items.
Although I'm getting now another exception by a 500 error returned on the Post Login:
"An error has occurred.","ExceptionMessage":"The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. ","ExceptionType":"System.FormatException","StackTrace":" at System.Convert.FromBase64_ComputeResultLength(Char* inputPtr, Int32 inputLength)\r\n at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)\r\n at System.Convert.FromBase64String(String s)\r\n at Microsoft.AspNet.Identity.Crypto.VerifyHashedPassword(String hashedPassword, String password)\r\n at Microsoft.AspNet.Identity.PasswordHasher.VerifyHashedPassword(String hashedPassword, String providedPassword)\r\n at Microsoft.AspNet.Identity.UserManager2.<VerifyPasswordAsync>d__3e.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Umbraco.Core.Security.BackOfficeUserManager1.
I've tried with the following return statements, but get the same error:
The user and the password are both valid before the custom backoffice password checker. Also, I've checked at the database if this is user locked, which isn't.
After a couple of hours and a new fresh pair of eyes from a friend... we found out the issue... looks like, that I was able to make a "magic" copy of the code snippet that's incorrect. The right UmbracoCustomOwinStartup code is what is founded on the docs page:
var applicationContext = ApplicationContext.Current;
app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
applicationContext,
(options, context) =>
{
var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var settingContent = Umbraco.Core.Configuration.UmbracoConfig.For.UmbracoSettings().Content;
var userManager = BackOfficeUserManager.Create(options,
applicationContext.Services.UserService,
applicationContext.Services.EntityService,
applicationContext.Services.ExternalLoginService,
membershipProvider,
settingContent);
// Set your own custom IBackOfficeUserPasswordChecker
userManager.BackOfficeUserPasswordChecker = new MyPasswordChecker();
return userManager;
});
//Ensure owin is configured for Umbraco back office authentication
app
.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);
My bad :/ I want to make my public apologies to @Shannon and @Sebastien for my mistake.
I hope that I can contribute in a near future to redeem myself :D
Unable to cast object of type 'System.Security.Claims.ClaimsIdentity' to type 'Umbraco.Core.Security.UmbracoBackOfficeIdentity'
Hi all umbracians,
I'm trying to open an issue at http://issues.umbraco.org, but it appears that youtrack application isn't collaborating... as today.
Nevertheless I've tried to follow the instructions of the documentation regarding extending umbraco backoffice security by implementing a custom IBackOfficeUserPasswordChecker. Although I've already tried the exact same code that is suggested in a 7.8.3 version and in a clean latest version 7.11, but also returns the same error:
Unable to cast object of type 'System.Security.Claims.ClaimsIdentity' to type 'Umbraco.Core.Security.UmbracoBackOfficeIdentity'
My current implementation at the 'UmbracoCustomOwinStartup' class:
public void Configuration(IAppBuilder app) {
And the MyPasswordChecker class:
Maybe is something that I'm missing? Anyone had this issue before?
Are you testing all of this on localhost? If so, make sure you clear all of your cookies and try again, it could be other stale cookies that exist.
Hi Shannon, thanks for your reply. Yes I'm testing on localhost. This time, I paid attention regarding the cookies, and tried to perform the same with a new private browser session with no cookies or local storage items.
Although I'm getting now another exception by a 500 error returned on the Post Login:
"An error has occurred.","ExceptionMessage":"The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. ","ExceptionType":"System.FormatException","StackTrace":" at System.Convert.FromBase64_ComputeResultLength(Char* inputPtr, Int32 inputLength)\r\n at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)\r\n at System.Convert.FromBase64String(String s)\r\n at Microsoft.AspNet.Identity.Crypto.VerifyHashedPassword(String hashedPassword, String password)\r\n at Microsoft.AspNet.Identity.PasswordHasher.VerifyHashedPassword(String hashedPassword, String providedPassword)\r\n at Microsoft.AspNet.Identity.UserManager
2.<VerifyPasswordAsync>d__3e.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Umbraco.Core.Security.BackOfficeUserManager1.I've tried with the following return statements, but get the same error:
The user and the password are both valid before the custom backoffice password checker. Also, I've checked at the database if this is user locked, which isn't.
Any suggestion?
Well,
After a couple of hours and a new fresh pair of eyes from a friend... we found out the issue... looks like, that I was able to make a "magic" copy of the code snippet that's incorrect. The right UmbracoCustomOwinStartup code is what is founded on the docs page:
My bad :/ I want to make my public apologies to @Shannon and @Sebastien for my mistake.
I hope that I can contribute in a near future to redeem myself :D
Anyway thanks for the support.
Glad you got it sorted :)
is working on a reply...