Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Erik 1 post 21 karma points
    Jun 20, 2022 @ 07:22
    Erik
    0

    Bearer Token provided by the same Token for Members and Users, only the last implemented Triggers JWT Events

    Using Umbraco And Getting Started
    Umbraco 9

    Umbraco Version: 9.5

    im working on a Project with Umbraco 9.5.0 and im Facing an Issue with the Authentication via JWT Token. I need to authenticated users and members Based on a BearerToken which gets passed from our Proxy to the Umbraco APP, which works fine for each Type of User if i only use it only for members or users, but not for both at the same time.

    The problem which we encounter comes from setting the following, i know that and only left it in place to give you guys the complete Picture,

    builder.Services.AddAuthentication(options => 
{ 
     options.DefaultAuthenticateScheme = scheme; 
});

    In order for the Tokens to get validated we actually need to challenge them, and without setting the DefaultAuthenticateScheme those events are not triggering. But this is also the crux which we face. Because we need to provide one scheme for users and one scheme for members and therefor we actually override the ChallengeScheme. We already tried to use the AddScheme method, but then we get an exception when we try to actually configure the scheme it self within the AddMemberLogin/AddBackOfficeLogin

    In the Startup we use the following: 

    services.AddUmbraco(Environment, Configuration)
.AddBackOffice()
.AddWebsite()
.AddComposers()
.AddExternalMemberLogin()
.AddExternalBackofficeLogin()  
.Build();

    and our Extension Methods Look like this: 

        public static IUmbracoBuilder AddExternalBackofficeLogin(this IUmbracoBuilder builder)
    {
        AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration();
        builder.Config.Bind("Umbraco:Authentication", authenticationConfiguration);

        var scheme = $"{Constants.Security.BackOfficeExternalAuthenticationTypePrefix}{JwtBearerDefaults.AuthenticationScheme}";
        //this triggers the behavior that only 1 Authentication Challenge gets Triggerd
        builder.Services.AddAuthentication(options => 
        { 
               options.DefaultAuthenticateScheme = scheme; 
        });

        builder.AddBackOfficeExternalLogins(logins =>
        {
            logins.AddBackOfficeLogin(authBuilder =>
            {
                authBuilder.SchemeForBackOffice(scheme);
                authBuilder.AddJwtBearer(scheme, options =>
                {
                    options.TokenValidationParameters = new TokenValidationParameters()
                    {
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authenticationConfiguration.IdentityTokenSecret)),
                        ValidIssuer = authenticationConfiguration.Issuer,
                        ValidAudience = authenticationConfiguration.Audience,
                        ValidateAudience = true,
                        ValidateIssuer = true
                    };
                    options.Events = new JwtBearerEvents()
                    {
                        OnTokenValidated = (ctx) =>
                        {
                           return Task.CompletedTask;
                        }
                    };
                });
            });
        });
    }

    public static IUmbracoBuilder AddExternalMemberLogin(this IUmbracoBuilder builder)
    {
        AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration();
        builder.Config.Bind("Portal:Authentication", authenticationConfiguration);

        var scheme = $"{Constants.Security.MemberExternalAuthenticationTypePrefix}{JwtBearerDefaults.AuthenticationScheme}";
        //this triggers the behavior that only 1 Authentication Challenge gets Triggerd
        builder.Services.AddAuthentication(options => 
        { 
                options.DefaultAuthenticateScheme = scheme; 
        });
        builder.AddMemberExternalLogins(loginsBuilder =>
        {

            loginsBuilder.AddMemberLogin(authBuilder =>
            {

                authBuilder.SchemeForMembers(scheme);
                authBuilder.AddJwtBearer(scheme, options =>
                {
                    options.TokenValidationParameters = new TokenValidationParameters()
                    {
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authenticationConfiguration.IdentityTokenSecret)),
                        ValidIssuer = authenticationConfiguration.Issuer,
                        ValidAudience = authenticationConfiguration.Audience,
                        ValidateAudience = true,
                        ValidateIssuer = true
                    };
                    options.Events = new JwtBearerEvents()
                    {
                        OnAuthenticationFailed = (a) =>
                        {
                            return Task.CompletedTask;
                        },
                        OnTokenValidated = (a) =>
                        {
                            return Task.CompletedTask;
                        }
                    };
                });
            });

        });
        return builder;
  }

    If someone has an idea feel free to reach out, for everyone who wants to earn a few points on StackOverflow, i also have this question open there and have put a bounty on it: to SO

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft