Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Simon Ulmbrant 34 posts 154 karma points
    Aug 03, 2019 @ 06:58
    Simon Ulmbrant
    0

    Can't do anything in Umbraco when implementing two factor authentication

    Hi,

    I have implemented two factor auth on my Umbraco site but the Component for this seems to make the Umbraco backoffice useless. Can't do anything that do changes to the database (Add/remove treenodes, doctypes and so on).

    If I remove the Composer implementation of the Component everything seems to be ok.

    Any help here would be really helpful.

    My Component for the Two factor implementation:

    public class AuthenticationComponent : IComponent { private readonly IUmbracoContextAccessor umbracoContextAccessor; private readonly IRuntimeState runtimeState; private readonly IUserService userService; private readonly IGlobalSettings globalSettings; private readonly ISecuritySection securitySection; private readonly IEntityService entityService; private readonly IExternalLoginService externalLoginService; private readonly IMemberTypeService memberTypeService; private readonly UmbracoMapper umbracoMapper;

        public AuthenticationComponent(
        IUmbracoContextAccessor umbracoContextAccessor,
        IRuntimeState runtimeState,
        IUserService userService,
        IGlobalSettings globalSettings,
        ISecuritySection securitySection,
        IEntityService entityService,
        IExternalLoginService externalLoginService,
        IMemberTypeService memberTypeService,
        UmbracoMapper umbracoMapper)
    {
        this.umbracoContextAccessor = umbracoContextAccessor;
        this.runtimeState = runtimeState;
        this.userService = userService;
        this.globalSettings = globalSettings;
        this.securitySection = securitySection;
        this.entityService = entityService;
        this.externalLoginService = externalLoginService;
        this.memberTypeService = memberTypeService;
        this.umbracoMapper = umbracoMapper;
    }

    public void Initialize()
    {
        UmbracoDefaultOwinStartup.MiddlewareConfigured += ConfigureTwoFactorAuthentication;
    }

    public void Terminate()
    {
        throw new NotImplementedException();
    }

    private void ConfigureTwoFactorAuthentication(object sender, OwinMiddlewareConfiguredEventArgs args)
    {
        var app = args.AppBuilder;

        app.SetUmbracoLoggerFactory();
        app.UseTwoFactorSignInCookie(Umbraco.Core.Constants.Security.BackOfficeTwoFactorAuthenticationType, TimeSpan.FromMinutes(5));

        app.UseUmbracoBackOfficeCookieAuthentication(umbracoContextAccessor, runtimeState, userService, globalSettings, securitySection)
            .UseUmbracoBackOfficeExternalCookieAuthentication(umbracoContextAccessor, runtimeState, globalSettings);

        app.ConfigureUserManagerForUmbracoBackOffice<TwoFactorBackOfficeUserManager, BackOfficeIdentityUser>(runtimeState, globalSettings,
            (options, context) =>
            {
                var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
                var userManager = TwoFactorBackOfficeUserManager.Create(options,
                    userService,
                    entityService,
                    externalLoginService,
                    membershipProvider,
                    globalSettings,
                    umbracoMapper,
                    memberTypeService);
                return userManager;
            });

        app.UseUmbracoPreviewAuthentication(umbracoContextAccessor, runtimeState, globalSettings, securitySection);
    }
    Copy Link
  • Simon Ulmbrant 34 posts 154 karma points
    Aug 04, 2019 @ 07:27
    Simon Ulmbrant
    0

    Really need help here.. Has someone done this in Umbraco 8? I have got the two factor auth to work but something totally breaking umbraco. Even getting 404 on PostSave when trying to save and publish a content node.

    Copy Link
  • Simon Ulmbrant 34 posts 154 karma points
    Aug 15, 2019 @ 05:03
    Simon Ulmbrant
    0

    Someone must have done this before... It doesn't really matter how I implement this. When implemented as a custom owin startup I get the same result, 2 factor auth works but every action inside umbraco crashes. Has this something to do with context missing or something? Is it a bug or whatever?

    Can someone please point me in the right direction..

    Copy Link
  • Simon Ulmbrant 34 posts 154 karma points
    Aug 16, 2019 @ 22:00
    Simon Ulmbrant
    0

    When trying to Save and publish a node I'm getting this error when 2 factor auth is activated. Have tripple checked the code and searched all over the web but can't find a solution to this UmbracoContextAccessor seems to be null also, don't know if it should be..

    Received an error from the server
An error occured
Object reference not set to an instance of an object.

Exception Details
System.NullReferenceException: Object reference not set to an instance of an object.
Stacktrace
at Umbraco.Web.Editors.EntityController.GetResultForAncestors(Int32 id, UmbracoEntityTypes entityType, FormDataCollection queryStrings) in d:\a\1\s\src\Umbraco.Web\Editors\EntityController.cs:line 752
   at lambda_method(Closure , Object , Object[] )
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass6_2.<GetExecutor>b__2(Object instance, Object[] methodParameters)
   at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__15.MoveNext()
    Copy Link
  • Dallas 133 posts 405 karma points
    Sep 03, 2019 @ 03:20
    Dallas
    1

    Hi Simon - were you able to resolve your issue with the 2FA in v8? I was able to upgrade ng-soft's 2FA to v8 and it seems to be working (with one issue).

    Your example component helped a lot as figuring out the new method signatures was a challenge. If you are interested, you can see the source here:

    https://github.com/Dallas-msc/umbraco-2fa-with-google-authenticator

    Though it is working there is an issue with the login Angular view and the dashboard where they don't redirect correctly after entering the code.

    https://github.com/Dallas-msc/umbraco-2fa-with-google-authenticator/issues/1

    Dallas

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft