Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Roeland Hermans 2 posts 22 karma points
    Feb 02, 2017 @ 16:11
    Roeland Hermans
    0

    Preview not working when using custom Startup file with app.UseOAuthBearerAuthentication

    Hello everyone,

    I'm working on a project where we use OAuth bearer authentication to secure some of the web APIs.

    Everything works fine, except for the preview in Umbraco. The startup class looks like this:

    [assembly: OwinStartup(typeof(Site.Owin.Startup))]
namespace Site.Owin
{
    public class Startup : UmbracoDefaultOwinStartup
    {
        public override void Configuration(IAppBuilder app)
        {
            base.Configuration(app);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
        }
    }
}

    The web.config app setting looks like this:

    <add key="owin:appStartup" value="Site.Owin.Startup" />

    As soon as I remove app.UseOAuthBearerAuthentication the preview works again. Any ideas on this?

    Copy Link
  • Jeroen Breuer 4909 posts 12266 karma points MVP 5x admin c-trib
    Feb 03, 2017 @ 08:18
    Jeroen Breuer
    0

    A bit more info about this issue from my colleague. I debugged the Umbraco source code and I discovered that UmbracoContext.Current.InPreviewMode always returns false. Even after pressing the preview button.

    In the DetectInPreviewModeFromRequest method Security.CurrentUser returns null. Going a few methods deeper the problem is in the AuthenticationExtensions.cs GetCurrentIdentity method.

    The problem lies in this code:

    //Check if there's more than one identity assigned and see if it's a UmbracoBackOfficeIdentity and use that
var claimsPrincipal = http.User as ClaimsPrincipal;
if (claimsPrincipal != null)
{
    backOfficeIdentity = claimsPrincipal.Identities.OfType<UmbracoBackOfficeIdentity>().FirstOrDefault();
    if (backOfficeIdentity != null) return backOfficeIdentity;

    When I debug this code with <add key="owin:appStartup" value="UmbracoDefaultOwinStartup" /> in the web.config claimsPrincipal.Identities has 2 items:

    [0] = {System.Security.Principal.GenericIdentity}
[1] = {Umbraco.Core.Security.UmbracoBackOfficeIdentity}

    When I debug with <add key="owin:appStartup" value="Site.Owin.Startup" /> in the web.config claimsPrincipal.Identities only has 1 item:

    [0] = {System.Security.Principal.GenericIdentity}

    So somehow when we use our own OwinStartup with app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); we're missing Umbraco.Core.Security.UmbracoBackOfficeIdentity. We need this code for token based authentication.

    Do we need to configure something extra to get the correct backoffice identity?

    Jeroen

    Copy Link
  • Jeroen Breuer 4909 posts 12266 karma points MVP 5x admin c-trib
    Feb 03, 2017 @ 10:42
    Jeroen Breuer
    100

    If was fixed by doing the same thing as in this topic: https://our.umbraco.org/forum/extending-umbraco-and-using-the-api/80088-preview-with-custom-backoffice-authentication

    This is the code now:

    [assembly: OwinStartup(typeof(Site.Owin.Startup))]
namespace Site.Owin
{
    public class Startup : UmbracoDefaultOwinStartup
    {
        public override void Configuration(IAppBuilder app)
        {
            base.Configuration(app);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

            // We need to set these values again after our custom changes. Otherwise preview doesn't work.
            app.UseUmbracoBackOfficeCookieAuthentication(this.ApplicationContext)
                .UseUmbracoBackOfficeExternalCookieAuthentication(this.ApplicationContext)
                .UseUmbracoPreviewAuthentication(this.ApplicationContext);
        }
    }
}

    We thought we didn't need to set those values because they we're already being set in base.Configuration(app);, but they need to be set again after we made some changes to IAppBuilder.

    Jeroen

    Copy Link
  • Shannon Deminick 1530 posts 5278 karma points MVP 3x
    Feb 06, 2017 @ 01:46
    Shannon Deminick
    1

    If you have a look at the source there are better methods to override for what you need: https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/UmbracoDefaultOwinStartup.cs

    override ConfigureMiddleware for dealing with middleware, override ConfigureServices for configuring services for the OWIN context

    You must also make sure you call everything including .FinalizeMiddlewareConfiguration();

    Copy Link
  • Jeroen Breuer 4909 posts 12266 karma points MVP 5x admin c-trib
    Feb 06, 2017 @ 10:32
    Jeroen Breuer
    1

    Thank Shannon,

    It's now solved like this:

    protected override void ConfigureMiddleware(IAppBuilder app)
{
    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());    
    base.ConfigureMiddleware(app);
}

    Jeroen

    Copy Link
  • Roeland Hermans 2 posts 22 karma points
    Feb 06, 2017 @ 07:44
    Roeland Hermans
    0

    Thank you for providing this information!

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft