Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Peter 27 posts 192 karma points
    Sep 22, 2020 @ 13:28
    Peter
    0

    Owin frontend login affects backoffice login aswell

    Hello,

    I am in the process of implementing IdentityServer login on my umbraco 7.5.12 installation. The current state of my implementation is as follows:

    • Frontend login works fine against IdentityServer
    • Backoffice login works like always when not authenticated in frontend
    • Backoffice login redirects to identityserver authorize endpoint when trying to sign in (while already authenticated in frontend)

    I found a forum post here

    https://our.umbraco.com/forum/using-umbraco-and-getting-started/83909-aspnet-identity-owin-front-end-authentication-without-impacting-backoffice

    which is almost exactly the setup I'm going for, and it has helped me understand the problem, although I have not yet been quite able to fix it.

    My ConfigureMiddleware override in startup looks like this:

    public override void Configuration(IAppBuilder app)
    {
        base.Configuration(app);

        // configure cookie based middleware authentication 
        // and point the OpenID Connect middleware to the identity server
        ConfigureAuth(app);
    }

    protected override void ConfigureMiddleware(IAppBuilder app)
    {
        app.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext, PipelineStage.Authenticate);
        app.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext, PipelineStage.Authenticate);

        app.UseCookieAuthentication(
            new FrontEndCookieAuthenticationOptions
            {
                Provider = new CookieAuthenticationProvider
                {
                    OnApplyRedirect = ctx => { 
                        ctx.Response.Redirect(ctx.RedirectUri); 
                    }
                },
                ExpireTimeSpan = TimeSpan.FromMinutes(20),
            });

        app.UseUmbracoPreviewAuthentication(ApplicationContext, PipelineStage.PostAuthenticate);
    }

    I am using a custom FrontEndCookieAuthenticationOptions and FrontEndCookieManager as described in the blog post above.

    The result when logging into the backoffice while authenticated in frontend is a blank screen and the following requests

    Wrong endpoint on backoffice login

    Here you can see a request for the IdentityServer authorize endpoint as a result of backoffice login.

    Can anyone tell me what I am missing, or perhaps point me in the right direction to get this issue resolved?

    BR, Peter

    Copy Link
  • Peter 27 posts 192 karma points
    Oct 06, 2020 @ 05:31
    Peter
    100

    Alright so I managed to get it working flawlessly actually. Most of all the problem seemed to be the order of execution. Following is my current implementation:

    public partial class Startup : UmbracoDefaultOwinStartup
{
    public override void Configuration(IAppBuilder app)
    {
        base.Configuration(app);
    }

    protected override void ConfigureMiddleware(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ApplicationCookie);

        app.UseCookieAuthentication(new FrontEndCookieAuthenticationOptions(), PipelineStage.Authenticate);

        // configure cookie based middleware authentication 
        // and point the OpenID Connect middleware to the identity server
        ConfigureAuth(app);

        //reafirm backoffice and preview authentication
        app.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext, PipelineStage.Authenticate);
        app.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext, PipelineStage.Authenticate);
        app.UseUmbracoPreviewAuthentication(ApplicationContext, PipelineStage.PostAuthenticate);
    }
}

    Hope it helps

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies