Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Ivan Saric 40 posts 89 karma points
    Nov 01, 2016 @ 12:44
    Ivan Saric
    0

    Upgrade to v.7.5.4

    Hi, I have Umbraco 7.2.1 project and my plan is to upgrade to newest version currently 7.5.4. I download zip file and merge/overwrite existing files, following this https://our.umbraco.org/documentation/getting-started/setup/upgrading/general Problem is that for UmbracoMembershipProvider and UsersMembershipProvider password format is Encrypted.

    <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Encrypted" />
<add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Encrypted" />

    If I try to open any page or Umbraco backend I have next error in log:

    [P1168/D2/T7] ERROR Umbraco.Core.UmbracoApplicationBase - An unhandled exception occurred System.InvalidOperationException: Cannot use ASP.Net Identity with UmbracoMembersUserStore when the password format is not Hashed at Umbraco.Core.Security.BackOfficeUserStore..ctor(IUserService userService, IExternalLoginService externalLoginService, MembershipProviderBase usersMembershipProvider) at Umbraco.Core.Security.BackOfficeUserManager.Create(IdentityFactoryOptions1 options, IUserService userService, IExternalLoginService externalLoginService, MembershipProviderBase membershipProvider) at Microsoft.AspNet.Identity.Owin.IdentityFactoryMiddleware2.

    I do not know what I can do to enable password encryption as it was before upgrade?

    Copy Link
  • Ivan Saric 40 posts 89 karma points
    Nov 02, 2016 @ 16:15
    Ivan Saric
    100

    I found a solution: I changed UsersMembershipProvider password format to Hashed. Added new provider CustomUsersMembershipProvider with password format Encrypted. In this case I will validate password using new provider. Hope this solution will help somebody.

    Create custom UmbracoOwinStartup class and change appStartup in web.config as <add key="owin:appStartup" value="Umbraco.Identity.OWIN.CustomUmbracoOwinStartup" /> Custom code: 

      [assembly: OwinStartup("CustomUmbracoOwinStartup", typeof(CustomUmbracoOwinStartup))]
namespace Umbraco.Identity.OWIN
{    
    public class CustomUmbracoOwinStartup
    {
        public void Configuration(IAppBuilder app)
        {
            var applicationContext = ApplicationContext.Current;
            app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
                applicationContext,
                (options, context) =>
                {
                    var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
                    var store = new BackOfficeUserStore(
                               applicationContext.Services.UserService,
                               applicationContext.Services.ExternalLoginService,
                               membershipProvider);
                    return new CustomBackOfficeUserManager(store, options, membershipProvider);                  
                });

            //Ensure owin is configured for Umbraco back office authentication
            app
                .UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
                .UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);         
        }        
    }
}
public class CustomBackOfficeUserManager : BackOfficeUserManager
    {
        public CustomBackOfficeUserManager(
            IUserStore<BackOfficeIdentityUser, int> store,
            IdentityFactoryOptions<BackOfficeUserManager> options,
            MembershipProviderBase membershipProvider) :
            base(store, options, membershipProvider)
        {
            // Call custom passowrd checker.
            base.BackOfficeUserPasswordChecker = new BackofficeMembershipProviderPasswordChecker();
        }      
    }
public class BackofficeMembershipProviderPasswordChecker : IBackOfficeUserPasswordChecker
    {
        /// <summary>
        /// Determines if a username and password are valid using the BackofficeMembershipProvider.
        /// </summary>
        /// <param name="user">User to test.</param>
        /// <param name="password">Password to test.</param>
        /// <returns>Object showing if user credentials are valid or not.</returns>
        public Task<BackOfficeUserPasswordCheckerResult> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
        {
            // Access provider.
            if (Membership.Providers["CustomUsersMembershipProvider"] == null)
            {
                throw new InvalidOperationException("Provider 'CustomUsersMembershipProvider' is not defined.");
            }
            var adProvider = Membership.Providers["CustomUsersMembershipProvider"];


            // Check the user's password.
            var validUser = adProvider.ValidateUser(user.UserName, password) ? Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials) : Task.FromResult(BackOfficeUserPasswordCheckerResult.InvalidCredentials);

            return validUser;
        }
    }
    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies