Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Gonçalo Chaves 13 posts 124 karma points
    Jul 20, 2018 @ 17:24
    Gonçalo Chaves

    Custom umbraco backoffice authentication

    Hi all,

    We're trying to provide another way to authenticate users against the umbraco backoffice interface but is a special authentication flow that doesn't meet any of the traditional OAuth ones.

    My question is: does the umbraco identity extensions ( project is suitable for this type of customization? Is there any other best approach for this type of custom authentication?

    Thank you all.

  • Gabe Alam 6 posts 96 karma points
    Aug 08, 2018 @ 19:19
    Gabe Alam

    Have you made any progress with this? I'm also looking to use a custom authentication flow that we use for our internal applications.

  • Gonçalo Chaves 13 posts 124 karma points
    Aug 24, 2018 @ 13:40
    Gonçalo Chaves

    Hi Gabe, thanks for your comment.

    Wel,l indeed ;) Old time say that if you don't have a dog you can hunt with a cat, right?

    So what we did? The SSO service provider that we needed to integrate with umbraco backoffice user authentication works using the SAML2 protocol, in which by itself isn't compatible with the OAuth... or at least without some dark-side magic on it... I guess.

    To start, we've installed the umbraco identity extensions in order to have a way for developing the MyCustomPasswordChecker class that you can use to override the default umbraco backoffice authentication behaviour, like:

      // Set your own custom IBackOfficeUserPasswordChecker   
      userManager.BackOfficeUserPasswordChecker = new MyPasswordChecker();

    You can find on the official documentation the complete example of this implementation.

    Although the given options are quite limited by return valid credentials or leave for fallback authentication it's enough to start by someplace to achieve your goal. So we develop two API services: GetSamlRequest and PostAndProcessSamlResponse. The first returns the request that is required to ask for a Saml SSO authentication flow, and we injected on the umbraco back-office login view - with a little "umbrangular" you can do so great magic here. The user requests authentication and is redirected to the SSO page provider and after the authorization the SSO provider post into the second service.

    Now with the SSO response, we can process and determine if the user has the authorization and we can now generate a special token with the required data to inject back on the login view... again with some "umbrangular" automagic, the form is now posted against the MyCustomPasswordChecker class to sort out the rest of the process. Either returns ValidCredentials or we pass on the fallback mode for the umbraco backoffice handler as usual.

    If you need further details please let me know.

    Thank you all

Please Sign in or register to post replies

Write your reply to: