Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Bill Haggerty 43 posts 177 karma points
    Apr 22, 2016 @ 17:12
    Bill Haggerty
    0

    Hybrid MVC Controller and Custom Authorization

    I have set up Umbraco so that I have this controller -

        [RestrictAccessToSite]
        public class TeamController : RenderMvcController
        {
            public ActionResult Team(RenderModel model)
            {
                var custModel = new TeamList(model.Content);
    
                return CurrentTemplate(custModel);
            }
        }
    

    And I have this class setting up the Attribute

        public class RestrictAccessToSite : AuthorizeAttribute
        {
            public void OnAuthorization(AuthenticationContext filterContext)
            {
                Console.WriteLine("Hello from Auth");  //Just for testing
            }
        }
    

    I had to set the path for the loginUrl in web.config, set to : forms name="yourAuthCookie" loginUrl="~/Umbraco/#/login" protection="All" path="/"

    So if I try to browse to content that uses this controller, I am presented with a login page.

    The problem is that after I have logged in, instead of getting to the content I was trying to get to -- it brings me to the Umbraco Editor.

    I don't ever get to the content, even if logged in. If I remove the attribute, the content is displayed properly.

    I have tested this same thing with a regular, plain MVC application, and it works properly. I have been working/searching on this for a while and would appreciate any ideas.

  • Marc Goodson 2157 posts 14431 karma points MVP 9x c-trib
    Apr 22, 2016 @ 20:50
    Marc Goodson
    0

    Hi Bill

    Are you trying to use the Umbraco Backoffice login to secure an MVC route ?

    If so you can create a controller that inherits from

    Umbraco.Web.Mvc.UmbracoAuthorizedController

    and map a route to it like so:

    protected override void ApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext    
    applicationContext) 
    { 
      RouteTable.Routes.MapRoute( 
      name: "cats", 
      url: "backoffice/cats/{action}/{id}", 
      defaults: new 
      { 
        controller = "Cats", 
        action = "Meow",
        id = UrlParameter.Optional
      }); 
    }
    

    https://our.umbraco.org/documentation/Implementation/Controllers/

    or are you trying to secure a section of your published website ? if so I'd probably use Members to protect the pages,

    https://our.umbraco.org/documentation/getting-started/data/members/

    Depending on the version of Umbraco the backoffice login hasn't always redirected to the ?returnUrl=originallyrequestedurl which I think is why what you are putting together is failing.

    regards

    Marc

  • Bill Haggerty 43 posts 177 karma points
    Apr 25, 2016 @ 21:28
    Bill Haggerty
    0

    Marc, I am using 7.4.2. I am trying to secure published content.

    Using Members does not allow me to use logic to do a lookup, based on the user and the requested url.

    Any additional tips around debugging this would be most appreciated. Thanks, Bill

  • Marc Goodson 2157 posts 14431 karma points MVP 9x c-trib
    Apr 30, 2016 @ 14:05
    Marc Goodson
    0

    Hi Bill

    Yes 'Members' is designed to be the method to secure published content on the public website; and Users are for logging into the back office to edit content.

    And so there are Member Helpers: (https://our.umbraco.org/documentation/Reference/Querying/UmbracoHelper/)

    eg:

    @if(Umbraco.MemberHasAccess(CurrentPage.Id, CurrentPage.Path)){
        <h1>Welcome Member!</h1>
    } 
    

    that can be used to determine if the current Member has access to a content page.

    And the 'Public Access' menu item would allow you to tie down access to an area of the site by Members.

    There is a good article here about setting up Membership

    http://siempresolutions.co.uk/blog/Umbraco%5FMembers%5FPart%5F3%5FA%5FFull%5FSolution

    in Umbraco 7 to protect an area of the published website.

    If I'm understanding correctly though the twist you appear to want to put on this is that instead of using the built in Members store for authenticating, you'd like to limit access to backoffice Users of Umbraco.

    Since Umbraco Membership is based on the ASP.NET Membership provider, you could create your own Custom Membership provider to authenticate to your Users or any other source that you want to protect areas of the site by, and replace the default UmbracoMembershipProvider in the web.config. Then you could take advantage of the built in Membership functionality for protecting areas of your site, but not have the people who need to access the site created as Members.

    or

    you could use Events, on the UserService, to sync Users and Members so when you have a backoffice user, you always have a corresponding member...

  • Bill Haggerty 43 posts 177 karma points
    May 02, 2016 @ 19:36
    Bill Haggerty
    0

    Marc, Thanks for your reply...

    What I am looking for is custom members. I need to authenticate and authorize custom members against a custom authorization/authentication service.

    I used the web config to set up a custom membership provider.

    These links were pretty helpful --

    https://our.umbraco.org/forum/developers/extending-umbraco/74219-custom-membership-provider

    http://24days.in/umbraco/2015/extending-membership/

    If people are looking for the link that Marc mentioned, on Siempresolutions, I think the software did something to the link, there are underscores in the URL. Just go to the blog part of the URL, and the posts are pretty obvious from there.

    From what I can understand though, these solutions seem to be overrides, to the original Umbraco member model / class.

    I just found Shawazza/UmbracoIdentity -- and I wonder if that is a better way to go??

  • Marc Goodson 2157 posts 14431 karma points MVP 9x c-trib
    May 03, 2016 @ 13:18
    Marc Goodson
    0

    Hi Bill

    Pesky Underscores!

    Yes out of the box you can create the Members in the Umbraco backoffice, and it should all work.

    For custom data sources, you can just create a custom membership provider and plumb that into the config, and it will play nicely with the built in Umbraco Members protection (eg Public Access protection)

    If your custom source of authentication would be easier to work with ASP.Net Identity / OWIN then Shannon's Umbraco Identity enables that.

    regards

    Marc

Please Sign in or register to post replies

Write your reply to:

Draft