Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Ivan Saric 40 posts 89 karma points
    Nov 01, 2016 @ 12:44
    Ivan Saric
    0

    Upgrade to v.7.5.4

    Extending Umbraco and using the API
    Umbraco 7

    Hi, I have Umbraco 7.2.1 project and my plan is to upgrade to newest version currently 7.5.4. I download zip file and merge/overwrite existing files, following this https://our.umbraco.org/documentation/getting-started/setup/upgrading/general Problem is that for UmbracoMembershipProvider and UsersMembershipProvider password format is Encrypted.

    <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Encrypted" />
<add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Encrypted" />

    If I try to open any page or Umbraco backend I have next error in log:

    [P1168/D2/T7] ERROR Umbraco.Core.UmbracoApplicationBase - An unhandled exception occurred System.InvalidOperationException: Cannot use ASP.Net Identity with UmbracoMembersUserStore when the password format is not Hashed at Umbraco.Core.Security.BackOfficeUserStore..ctor(IUserService userService, IExternalLoginService externalLoginService, MembershipProviderBase usersMembershipProvider) at Umbraco.Core.Security.BackOfficeUserManager.Create(IdentityFactoryOptions1 options, IUserService userService, IExternalLoginService externalLoginService, MembershipProviderBase membershipProvider) at Microsoft.AspNet.Identity.Owin.IdentityFactoryMiddleware2.

    I do not know what I can do to enable password encryption as it was before upgrade?

    Copy Link
  • Ivan Saric 40 posts 89 karma points
    Nov 02, 2016 @ 16:15
    Ivan Saric
    100

    I found a solution: I changed UsersMembershipProvider password format to Hashed. Added new provider CustomUsersMembershipProvider with password format Encrypted. In this case I will validate password using new provider. Hope this solution will help somebody.

    Create custom UmbracoOwinStartup class and change appStartup in web.config as <add key="owin:appStartup" value="Umbraco.Identity.OWIN.CustomUmbracoOwinStartup" /> Custom code: 

      [assembly: OwinStartup("CustomUmbracoOwinStartup", typeof(CustomUmbracoOwinStartup))]
namespace Umbraco.Identity.OWIN
{    
    public class CustomUmbracoOwinStartup
    {
        public void Configuration(IAppBuilder app)
        {
            var applicationContext = ApplicationContext.Current;
            app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
                applicationContext,
                (options, context) =>
                {
                    var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
                    var store = new BackOfficeUserStore(
                               applicationContext.Services.UserService,
                               applicationContext.Services.ExternalLoginService,
                               membershipProvider);
                    return new CustomBackOfficeUserManager(store, options, membershipProvider);                  
                });

            //Ensure owin is configured for Umbraco back office authentication
            app
                .UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
                .UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);         
        }        
    }
}
public class CustomBackOfficeUserManager : BackOfficeUserManager
    {
        public CustomBackOfficeUserManager(
            IUserStore<BackOfficeIdentityUser, int> store,
            IdentityFactoryOptions<BackOfficeUserManager> options,
            MembershipProviderBase membershipProvider) :
            base(store, options, membershipProvider)
        {
            // Call custom passowrd checker.
            base.BackOfficeUserPasswordChecker = new BackofficeMembershipProviderPasswordChecker();
        }      
    }
public class BackofficeMembershipProviderPasswordChecker : IBackOfficeUserPasswordChecker
    {
        /// <summary>
        /// Determines if a username and password are valid using the BackofficeMembershipProvider.
        /// </summary>
        /// <param name="user">User to test.</param>
        /// <param name="password">Password to test.</param>
        /// <returns>Object showing if user credentials are valid or not.</returns>
        public Task<BackOfficeUserPasswordCheckerResult> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
        {
            // Access provider.
            if (Membership.Providers["CustomUsersMembershipProvider"] == null)
            {
                throw new InvalidOperationException("Provider 'CustomUsersMembershipProvider' is not defined.");
            }
            var adProvider = Membership.Providers["CustomUsersMembershipProvider"];


            // Check the user's password.
            var validUser = adProvider.ValidateUser(user.UserName, password) ? Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials) : Task.FromResult(BackOfficeUserPasswordCheckerResult.InvalidCredentials);

            return validUser;
        }
    }
    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft