Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Gonçalo Chaves 14 posts 146 karma points
    Jul 26, 2018 @ 13:23
    Gonçalo Chaves
    0

    Unable to cast object of type 'System.Security.Claims.ClaimsIdentity' to type 'Umbraco.Core.Security.UmbracoBackOfficeIdentity'

    Hi all umbracians,

    I'm trying to open an issue at http://issues.umbraco.org, but it appears that youtrack application isn't collaborating... as today.

    Nevertheless I've tried to follow the instructions of the documentation regarding extending umbraco backoffice security by implementing a custom IBackOfficeUserPasswordChecker. Although I've already tried the exact same code that is suggested in a 7.8.3 version and in a clean latest version 7.11, but also returns the same error:

    Unable to cast object of type 'System.Security.Claims.ClaimsIdentity' to type 'Umbraco.Core.Security.UmbracoBackOfficeIdentity'

    My current implementation at the 'UmbracoCustomOwinStartup' class:

    public void Configuration(IAppBuilder app) {

            var applicationContext = ApplicationContext.Current;
            app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
                applicationContext,
                (options, context) =>
                {
                    var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
                    var store = new BackOfficeUserStore(
                                applicationContext.Services.UserService,
                                applicationContext.Services.EntityService,
                                applicationContext.Services.ExternalLoginService,
                                membershipProvider);
                    var userManager = new BackOfficeUserManager(store)
                    {
                        //Set your own custom IBackOfficeUserPasswordChecker
                        BackOfficeUserPasswordChecker = new MyPasswordChecker()
                    };
                    return userManager;
                });
    
    
            //Ensure owin is configured for Umbraco back office authentication
            app
                .UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
                .UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);
        }
    

    And the MyPasswordChecker class:

    internal class MyPasswordChecker : IBackOfficeUserPasswordChecker
        {
            public Task<BackOfficeUserPasswordCheckerResult> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
            {
                var result = (password == "test")
                    ? Task.FromResult(BackOfficeUserPasswordCheckerResult.FallbackToDefaultChecker)
                    : Task.FromResult(BackOfficeUserPasswordCheckerResult.InvalidCredentials);
    
                return Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials);
            }
        }
    

    Maybe is something that I'm missing? Anyone had this issue before?

  • Shannon Deminick 1526 posts 5272 karma points MVP 3x
    Jul 30, 2018 @ 05:36
    Shannon Deminick
    0

    Are you testing all of this on localhost? If so, make sure you clear all of your cookies and try again, it could be other stale cookies that exist.

  • Gonçalo Chaves 14 posts 146 karma points
    Jul 30, 2018 @ 09:52
    Gonçalo Chaves
    0

    Hi Shannon, thanks for your reply. Yes I'm testing on localhost. This time, I paid attention regarding the cookies, and tried to perform the same with a new private browser session with no cookies or local storage items.

    Although I'm getting now another exception by a 500 error returned on the Post Login:

    "An error has occurred.","ExceptionMessage":"The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. ","ExceptionType":"System.FormatException","StackTrace":" at System.Convert.FromBase64_ComputeResultLength(Char* inputPtr, Int32 inputLength)\r\n at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)\r\n at System.Convert.FromBase64String(String s)\r\n at Microsoft.AspNet.Identity.Crypto.VerifyHashedPassword(String hashedPassword, String password)\r\n at Microsoft.AspNet.Identity.PasswordHasher.VerifyHashedPassword(String hashedPassword, String providedPassword)\r\n at Microsoft.AspNet.Identity.UserManager2.<VerifyPasswordAsync>d__3e.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Umbraco.Core.Security.BackOfficeUserManager1.

    I've tried with the following return statements, but get the same error:

    return Task.FromResult(BackOfficeUserPasswordCheckerResult.FallbackToDefaultChecker);
    
    return Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials);
    

    The user and the password are both valid before the custom backoffice password checker. Also, I've checked at the database if this is user locked, which isn't.

    Any suggestion?

  • Gonçalo Chaves 14 posts 146 karma points
    Aug 07, 2018 @ 17:30
    Gonçalo Chaves
    101

    Well,

    After a couple of hours and a new fresh pair of eyes from a friend... we found out the issue... looks like, that I was able to make a "magic" copy of the code snippet that's incorrect. The right UmbracoCustomOwinStartup code is what is founded on the docs page:

     var applicationContext = ApplicationContext.Current;
            app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
                applicationContext,
                (options, context) =>
                {
                    var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
                    var settingContent = Umbraco.Core.Configuration.UmbracoConfig.For.UmbracoSettings().Content;
                    var userManager = BackOfficeUserManager.Create(options,
                        applicationContext.Services.UserService,
                        applicationContext.Services.EntityService,
                        applicationContext.Services.ExternalLoginService,
                        membershipProvider,
            settingContent);
    
                    // Set your own custom IBackOfficeUserPasswordChecker   
                    userManager.BackOfficeUserPasswordChecker = new MyPasswordChecker();
                    return userManager;
                });
    
            //Ensure owin is configured for Umbraco back office authentication
            app
                .UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
                .UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);
    

    My bad :/ I want to make my public apologies to @Shannon and @Sebastien for my mistake.

    I hope that I can contribute in a near future to redeem myself :D

    Anyway thanks for the support.

  • Shannon Deminick 1526 posts 5272 karma points MVP 3x
    Aug 08, 2018 @ 01:22
    Shannon Deminick
    1

    Glad you got it sorted :)

Please Sign in or register to post replies

Write your reply to:

Draft