I'm having an issue with Member AD authentication and the Member in Umbraco.
I implemented a custom Owin startup class:
public class UmbracoCustomOwinStartup
{
public void Configuration(IAppBuilder app)
{
var applicationContext = ApplicationContext.Current;
app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
ApplicationContext.Current,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var store = new BackOfficeUserStore(
applicationContext.Services.UserService,
applicationContext.Services.ExternalLoginService,
membershipProvider);
return MyUserManager.InitUserManager(new MyUserManager(store), membershipProvider, options);
});
app.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);
}
}
with a MyUserManager class:
public class MyUserManager : BackOfficeUserManager
{
public MyUserManager(IUserStore<BackOfficeIdentityUser, int> store)
: base(store)
{
}
public override Task<bool> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
{
// Validations coming here
bool ret = LdapAuth(user.Name, password);
return Task.FromResult(ret);
}
private bool LdapAuth(string username, string password)
{
bool resp = false;
try
{
//string ldapRoot = ConfigurationManager.ConnectionStrings["ADConnectionString"].ConnectionString;
//var entry = new DirectoryEntry(ldapRoot, username, password);
try
{
//var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" };
//search.PropertiesToLoad.Add("cn");
//SearchResult result = search.FindOne();
ActiveDirectorySearcherServiceReference.ActiveDirectorySearcherClient searchSvc = new ActiveDirectorySearcherServiceReference.ActiveDirectorySearcherClient();
ActiveDirectorySearcherServiceReference.ActiveUser result = null;
searchSvc.ClientCredentials.Windows.ClientCredential.Domain = "*****";
searchSvc.ClientCredentials.Windows.ClientCredential.UserName = "*****";
searchSvc.ClientCredentials.Windows.ClientCredential.Password = "*****";
result = searchSvc.GetADUser(username);
if (result != null)
{
// Login was successful
resp = true;
}
}
catch (Exception ex)
{
// Login was invalid
}
}
catch (Exception ex)
{
// Login was invalid
}
return resp;
}
public static MyUserManager InitUserManager(MyUserManager manager, MembershipProviderBase membershipProvider, IdentityFactoryOptions<BackOfficeUserManager> options)
{
// Configure validation logic for usernames
manager.UserValidator = new UserValidator<BackOfficeIdentityUser, int>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = membershipProvider.MinRequiredPasswordLength,
RequireNonLetterOrDigit = membershipProvider.MinRequiredNonAlphanumericCharacters > 0,
RequireDigit = false,
RequireLowercase = false,
RequireUppercase = false
};
//use a custom hasher based on our membership provider
//THIS IS AN INTERNAL METHOD WHICH I PULL OUT INTO A CLASS BELOW
//THIS SHOULD NOT BE NECESSARY IN v7.3.1
manager.PasswordHasher = new MembershipPasswordHasher(membershipProvider);
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null)
{
manager.UserTokenProvider = new DataProtectorTokenProvider<BackOfficeIdentityUser, int>(dataProtectionProvider.Create("ASP.NET Identity"));
}
manager.UserLockoutEnabledByDefault = true;
manager.MaxFailedAccessAttemptsBeforeLockout = membershipProvider.MaxInvalidPasswordAttempts;
//NOTE: This just needs to be in the future, we currently don't support a lockout timespan, it's either they are locked
// or they are not locked, but this determines what is set on the account lockout date which corresponds to whether they are
// locked out or not.
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromDays(30);
//custom identity factory for creating the identity object for which we auth against in the back office
manager.ClaimsIdentityFactory = new BackOfficeClaimsIdentityFactory();
return manager;
}
}
internal class MembershipPasswordHasher : IPasswordHasher
{
private readonly MembershipProviderBase _provider;
public MembershipPasswordHasher(MembershipProviderBase provider)
{
_provider = provider;
}
public string HashPassword(string password)
{
return _provider.HashPasswordForStorage(password);
}
public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
{
return _provider.VerifyPassword(providedPassword, hashedPassword)
? PasswordVerificationResult.Success
: PasswordVerificationResult.Failed;
}
}
On my master template I do:
var user = Environment.UserName;
FormsAuthentication.SetAuthCookie(user, false);
The Context.User.Identity.IsAuthenticated returns true, however,
Members.GetCurrentMember() allways returns null.
Doing:
var s = Membership.GetUser(user, true);
returns my user, updates the LastLoginDate, shows I'm online:
but the Members.GetCurrentMember() still returns null.
Umbraco currently allows you to use OWIN for Back office Users.
These Users are people who login to the Umbraco back office to update and publish content.
Members are different to Back office Users, they are front end visitors to the website.
So what's not clear to me is if you are trying to implement an AD provider using ASP.net Identity for Back office Users or for Members who visit your website ?
Now for Members, visitors to the site, there IS a bit of a proof of concept for using ASP.Net Identity for members in Umbraco, core member Shannon has a repo on GitHub here:
Member AD Authentication not logging in Member ?
Hi all,
I'm having an issue with Member AD authentication and the Member in Umbraco.
I implemented a custom Owin startup class:
with a MyUserManager class:
On my master template I do:
The Context.User.Identity.IsAuthenticated returns true, however, Members.GetCurrentMember() allways returns null.
Doing:
returns my user, updates the LastLoginDate, shows I'm online:
but the Members.GetCurrentMember() still returns null.
Any idea what i'm doing wrong?
Hi Eric
Umbraco currently allows you to use OWIN for Back office Users.
These Users are people who login to the Umbraco back office to update and publish content.
Members are different to Back office Users, they are front end visitors to the website.
So what's not clear to me is if you are trying to implement an AD provider using ASP.net Identity for Back office Users or for Members who visit your website ?
For back office users info is here: https://our.umbraco.org/Documentation/Reference/Security/
Now for Members, visitors to the site, there IS a bit of a proof of concept for using ASP.Net Identity for members in Umbraco, core member Shannon has a repo on GitHub here:
https://github.com/Shazwazza/UmbracoIdentity
if that helps give you a steer ?
regards
Marc
is working on a reply...