bearer token provided by the same token for members and users only the last implemented triggers jwt events - Using Umbraco and getting started

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Erik 1 post 21 karma points

Jun 20, 2022 @ 07:22

Bearer Token provided by the same Token for Members and Users, only the last implemented Triggers JWT Events

Umbraco Version: 9.5

im working on a Project with Umbraco 9.5.0 and im Facing an Issue with the Authentication via JWT Token. I need to authenticated users and members Based on a BearerToken which gets passed from our Proxy to the Umbraco APP, which works fine for each Type of User if i only use it only for members or users, but not for both at the same time.

The problem which we encounter comes from setting the following, i know that and only left it in place to give you guys the complete Picture,

builder.Services.AddAuthentication(options => 
{ 
     options.DefaultAuthenticateScheme = scheme; 
});

In order for the Tokens to get validated we actually need to challenge them, and without setting the DefaultAuthenticateScheme those events are not triggering. But this is also the crux which we face. Because we need to provide one scheme for users and one scheme for members and therefor we actually override the ChallengeScheme. We already tried to use the AddScheme method, but then we get an exception when we try to actually configure the scheme it self within the AddMemberLogin/AddBackOfficeLogin

In the Startup we use the following:

services.AddUmbraco(Environment, Configuration)
.AddBackOffice()
.AddWebsite()
.AddComposers()
.AddExternalMemberLogin()
.AddExternalBackofficeLogin()  
.Build();

and our Extension Methods Look like this:

    public static IUmbracoBuilder AddExternalBackofficeLogin(this IUmbracoBuilder builder)
    {
        AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration();
        builder.Config.Bind("Umbraco:Authentication", authenticationConfiguration);

        var scheme = $"{Constants.Security.BackOfficeExternalAuthenticationTypePrefix}{JwtBearerDefaults.AuthenticationScheme}";
        //this triggers the behavior that only 1 Authentication Challenge gets Triggerd
        builder.Services.AddAuthentication(options => 
        { 
               options.DefaultAuthenticateScheme = scheme; 
        });

        builder.AddBackOfficeExternalLogins(logins =>
        {
            logins.AddBackOfficeLogin(authBuilder =>
            {
                authBuilder.SchemeForBackOffice(scheme);
                authBuilder.AddJwtBearer(scheme, options =>
                {
                    options.TokenValidationParameters = new TokenValidationParameters()
                    {
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authenticationConfiguration.IdentityTokenSecret)),
                        ValidIssuer = authenticationConfiguration.Issuer,
                        ValidAudience = authenticationConfiguration.Audience,
                        ValidateAudience = true,
                        ValidateIssuer = true
                    };
                    options.Events = new JwtBearerEvents()
                    {
                        OnTokenValidated = (ctx) =>
                        {
                           return Task.CompletedTask;
                        }
                    };
                });
            });
        });
    }

    public static IUmbracoBuilder AddExternalMemberLogin(this IUmbracoBuilder builder)
    {
        AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration();
        builder.Config.Bind("Portal:Authentication", authenticationConfiguration);

        var scheme = $"{Constants.Security.MemberExternalAuthenticationTypePrefix}{JwtBearerDefaults.AuthenticationScheme}";
        //this triggers the behavior that only 1 Authentication Challenge gets Triggerd
        builder.Services.AddAuthentication(options => 
        { 
                options.DefaultAuthenticateScheme = scheme; 
        });
        builder.AddMemberExternalLogins(loginsBuilder =>
        {

            loginsBuilder.AddMemberLogin(authBuilder =>
            {

                authBuilder.SchemeForMembers(scheme);
                authBuilder.AddJwtBearer(scheme, options =>
                {
                    options.TokenValidationParameters = new TokenValidationParameters()
                    {
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authenticationConfiguration.IdentityTokenSecret)),
                        ValidIssuer = authenticationConfiguration.Issuer,
                        ValidAudience = authenticationConfiguration.Audience,
                        ValidateAudience = true,
                        ValidateIssuer = true
                    };
                    options.Events = new JwtBearerEvents()
                    {
                        OnAuthenticationFailed = (a) =>
                        {
                            return Task.CompletedTask;
                        },
                        OnTokenValidated = (a) =>
                        {
                            return Task.CompletedTask;
                        }
                    };
                });
            });

        });
        return builder;
  }

If someone has an idea feel free to reach out, for everyone who wants to earn a few points on StackOverflow, i also have this question open there and have put a bounty on it: to SO

Copy Link

is working on a reply...

Please Sign in or register to post replies