How to validate back office users outside the umbraco
Hi,
I want to validate back office users through custom log in page where user will put his/her username and password where I want to check user's details are valid or not
I tried this
using umbraco.BusinessLogic;
User u = User.GetUser(User.getUserId(strEmail));
if (u.LoginName.Equals(strEmail) && u.Password.Equals(strPass))
but still not getting UmbracoContext
then I tried Umbraco.Web.UmbracoContext.Current.Security.ValidateUserContextId
not getting "ValidateBackOfficeCredentials" method
What version of Umbraco are you using? I just tried it on 7.2.4 and there the ValidateBackOfficeCredentials method is available just like ValidateCurrentUser and ValidateUserContextId.
Available methods under UmbracoContext.Current.Security
using System;
using System.Collections.Generic;
using System.Web;
using umbraco.BusinessLogic;
namespace Umbraco.Web.Security
{
public class WebSecurity
{
public WebSecurity();
public string UmbracoUserContextId { get; set; }
public void ClearCurrentLogin();
public int GetUserId(string umbracoUserContextId);
public bool IsMemberAuthorized(bool allowAll = false, IEnumerable<string> allowTypes = null, IEnumerable<string> allowGroups = null, IEnumerable<int> allowMembers = null);
public void PerformLogin(int userId);
public void RenewLoginTimeout();
public bool ValidateUserContextId(string currentUmbracoUserContextId);
}
}
Hmm Umbraco 6.1.6 dll's for a reference is not a good idea. You should reference to the 7.2 dll's from the bin folder of your website. If you get errors that's probably because you were referencing to old dll's and those methods changed. I don't know if I can help you with that.
This was an interesting topic and pretty much exactly what I'm trying to achieve. I feel like I'm so close, but can't quite get there!
Calling UmbracoContext.Current.Security.ValidateBackOfficeCredentials(strEmail, strPass) works fine and returns true for my credentials, but that method doesn't seem to actually log the user in. Calling helper.GetCurrentUmbracoUser(); returns null and trying to access the Umbraco backoffice just redirects me to the login page.
I would like to call the method Security.GetBackOfficeUser(loginModel.Username); as suggested in the latest reply but that method is internal in the umbraco code and doesn't seem to be accessible in a compiled umbraco project (internal IUser GetBackOfficeUser(string username))
To login I think the best way would be to call the PostLogin method in Umbraco.Web\Editors\AuthenticationController.cs, but I can't seem to be able to access that method either.
public override Task<bool> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
{
var userService = ApplicationContext.Current.Services.UserService;
try
{
var userStatus = (userService.GetByEmail(user.Email.ToString()) != null) ? true : false;
var userLogin = UmbracoContext.Current.Security.PerformLogin(user.Id);
var user = ApplicationContext.Services.UserService.GetUserById(id);
return Task.FromResult(userStatus);
}
catch (Exception)
{
//throw;
}
return Task.FromResult(false);
}
I am having same issue. userStatus shows true since user exists in database however, performlogin does not happen and return user=null when i check umbTicket status.
if (UmbracoContext.Security.ValidateBackOfficeCredentials(loginModel.Username, loginModel.Password))
{
var httpCtxWrapper = new System.Web.HttpContextWrapper(System.Web.HttpContext.Current);
var umbTicket = httpCtxWrapper.GetUmbracoAuthTicket();
var loginUser = userService.GetByUsername(umbTicket.Name);
}
How to validate back office users outside the umbraco
Hi,
I want to validate back office users through custom log in page where user will put his/her username and password where I want to check user's details are valid or not
I tried this
using umbraco.BusinessLogic;
User u = User.GetUser(User.getUserId(strEmail));
if (u.LoginName.Equals(strEmail) && u.Password.Equals(strPass))
{
}
else {
}
It is giving always invalid
Can any one please help me
Hello,
Have a look at the PostLogin method here: https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/Editors/AuthenticationController.cs#L103.
That's the method Umbraco actually uses to login into the backoffice. So you can probably do something like this:
If UmbracoContext is not available like in the above example try UmbracoContext.Current.Security.ValidateBackOfficeCredentials(strEmail, strPass).
Jeroen
Thanks Jeroen!
but still not getting UmbracoContext then I tried Umbraco.Web.UmbracoContext.Current.Security.ValidateUserContextId not getting "ValidateBackOfficeCredentials" method
Thank you
Hello,
What version of Umbraco are you using? I just tried it on 7.2.4 and there the ValidateBackOfficeCredentials method is available just like ValidateCurrentUser and ValidateUserContextId.
Jeroen
Thanks Jeroen for quick reply
I am using 7.2.0
Available methods under UmbracoContext.Current.Security
Hmm I don't understand why you can't see them. If you look in the source code it's clearly there: https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/Security/WebSecurity.cs#L150.
Jeroen
Actually the issue due to assembly version I have Used the dlls from umbraco version 6.1.6 in my project
umbraco.dll
businesslogic.dll
Umbraco.Core.dll
But when trying to update these dlls from 7.2.0 it throwing some other errors
am using this code snippet for getting current User
umbraco.BusinessLogic.User u = umbraco.helper.GetCurrentUmbracoUser();
here it is showing umbraco does not exist
Hmm Umbraco 6.1.6 dll's for a reference is not a good idea. You should reference to the 7.2 dll's from the bin folder of your website. If you get errors that's probably because you were referencing to old dll's and those methods changed. I don't know if I can help you with that.
Jeroen
Thanks a lot
Can you please suggest how to get current user using 7.2 dll's
in similar manner which is present in 6.1.6
umbraco.BusinessLogic.User u = umbraco.helper.GetCurrentUmbracoUser();
Try this:
I copied it from the source code: https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/Editors/AuthenticationController.cs#L107
If Security is not available try Umbraco.Web.UmbracoContext.Current.Security.
Jeroen
This was an interesting topic and pretty much exactly what I'm trying to achieve. I feel like I'm so close, but can't quite get there!
Calling UmbracoContext.Current.Security.ValidateBackOfficeCredentials(strEmail, strPass) works fine and returns true for my credentials, but that method doesn't seem to actually log the user in. Calling helper.GetCurrentUmbracoUser(); returns null and trying to access the Umbraco backoffice just redirects me to the login page.
I would like to call the method Security.GetBackOfficeUser(loginModel.Username); as suggested in the latest reply but that method is internal in the umbraco code and doesn't seem to be accessible in a compiled umbraco project (internal IUser GetBackOfficeUser(string username))
To login I think the best way would be to call the PostLogin method in Umbraco.Web\Editors\AuthenticationController.cs, but I can't seem to be able to access that method either.
Any ideas?
Thanks, Daniel
I am having same issue. userStatus shows true since user exists in database however, performlogin does not happen and return user=null when i check umbTicket status.
any idea. thanks
is working on a reply...