Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Cornelis 12 posts 113 karma points
    Jul 29, 2020 @ 14:49
    Cornelis
    0

    How do I get user info during login, after the actual login but before calling SetAuthenticationSuccessful

    I am implementing 2FA for users in Umbraco 8 backoffice and I have the most of it working. But I got stuck at a point where I need user data but I cannot figure out how to get it.

    I need to know which user is logging in after he/she/it has entered the credentials and lands on the 2FA custom login page but before submitting a code on that page.

    The additional login 2FA page is shown via

    public string GetTwoFactorView(IOwinContext owinContext, UmbracoContext umbracoContext, string username) =>
            PackageConstants.PathToMfaHtmlTemplate;
    

    This template has an angularjs controller:

    <div ng-controller="mfaLoginController" class="umb-login-container">
      //...
    </div>
    

    and in the controller I got access to the services:

    userService
    authResource
    

    Unfortunately, both services doesn't seem to have the user data yet I need. It seems the user data is available after calling executing the verify2FACode:

            authResource.verify2FACode(providerName, quoted($scope.code)).then(
                data => {
                    userService.setAuthenticationSuccessful(data);
    
                    //Normally, this should be $scope.submit(true); 
                    //But this isn't working in umbraco 8, probably a bug?.
                    //For more info, check https://github.com/Dallas-msc/umbraco-2fa-with-google-authenticator/issues/1
                    $scope.$parent.vm.onLogin();
                },
                () => $scope.pinCodeMessage = pinCodInvalidMessage
            );
    

    The data in setAuthenticationSuccessful(data) seems to have the user info so this info is too late.

    Is there another service I could inject that actually got the information I need?

    Also, I need this information for some API calls I want to make. I figured out that a cookie is set after the login step 1, named

    .AspNet.UmbracoTwoFactorCookie

    And I can read the content of the cookie of course with

    var mfaCookie = Request.Headers.GetCookies(".AspNet.UmbracoTwoFactorCookie").FirstOrDefault()
                    .Cookies.FirstOrDefault(cookie => cookie.Name == ".AspNet.UmbracoTwoFactorCookie").Value;
    

    But this contains an encrypted OWIN string and I haven't succeeded yet in decrypting the string. Many decryptors I found uses the MachineKey decrypting but when I try to use those, it always ends up in the error:

    Error occurred during a cryptographic operation.

    Even when I put a machinekey in my web.config, I still get this error.

    Is there a way to get the user data (even when login is not successful yet because the user needs to enter a PIN-code) in the backend instead of retrieving it in the frontend perhaps?

    PS: I also opened a topic on stackoverflow as I am that eager to solve this issue.

  • Cornelis 12 posts 113 karma points
    Jul 30, 2020 @ 15:00
    Cornelis
    101

    I figured it out. By coincidence, while investigating a possible different solution for the problem I have, I stumbled on the AuthenticatorController of Umbraco (hooray for open source) and I saw this piece of code:

    private BackOfficeSignInManager _signInManager;
    
    private BackOfficeSignInManager SignInManager => _signInManager ?? (_signInManager = TryGetOwinContext().Result.GetBackOfficeSignInManager());
    

    Fortunately, I am able to use this code too in my controller and this line of code gave me what I need.

    var userId = await SignInManager.GetVerifiedUserIdAsync();
    
  • Simon Dingley 1441 posts 3368 karma points c-trib
    Jul 22, 2021 @ 10:48
    Simon Dingley
    0

    Thanks for sharing this it has been really helpful in getting over a hurdle I was stuck on like you.

    In your API controller were you inheriting from UmbracoAuthorizedApiController or UmbracoApiController? My current problem is that I am using UmbracoAuthorizedApiController but understandably I get a 401 unauthorised error. I could make the verification endpoint public to get around this but it's not sitting right with me and I'm thinking I may need to come up with my authorisation attribute that makes use of the SignInManager in your example to at least check for the presence of the user id first.

  • Jason 3 posts 73 karma points
    Sep 29, 2021 @ 16:50
    Jason
    0

    Can you please guide me through what steps you took to create the the 2FA ?

  • Cornelis 12 posts 113 karma points
    Sep 30, 2021 @ 07:13
    Cornelis
    0

    Most of the 2FA steps in my process I got from this article:

    https://this.isfluent.com/blog/2019/two-factor-authentication-for-umbraco-part-1

    end the follow up part 2:

    https://this.isfluent.com/blog/2019/two-factor-authentication-for-umbraco-part-2

    If there is anything specifically unclear for you then feel free to ask a more detailed question with code examples or errors and perhaps I can help you out.

  • Jason 3 posts 73 karma points
    Sep 30, 2021 @ 17:38
    Jason
    0

    Thanks for getting back to me. I am trying this on Umbraco 9. I am following some of the code snippets from your question and articles you sent me but I see that OWIN does not exist anymore in .NET 5 and I am trying to figure out how to trigger and display custom view after signon.

  • Cornelis 12 posts 113 karma points
    Oct 01, 2021 @ 07:15
    Cornelis
    0

    ah y I haven't tried to build the 2FA in Umbraco 9 yet so currently I cannot help you with that.

Please Sign in or register to post replies

Write your reply to:

Draft