Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Thomas Moltzen-Bildsøe 18 posts 149 karma points
    Sep 02, 2022 @ 09:12
    Thomas Moltzen-Bildsøe
    0

    Autolink - only if user is found

    Hi,

    So I've setup login using an external identity provider (IdentityServer4), and it works almost as I intended.

    My challenge is I'm using SetExternalSignInAutoLinkOptions to auto-link the incoming identity to an existing account in Umbraco. This works fine. But if no account is found, it creates one. I would like to prevent this from happening. So auto-linking is ok for accounts that exist else it should stop.

    Where would I implement this?

    BR Thomas

  • Lucas Bisgaard 19 posts 128 karma points c-trib
    Sep 02, 2022 @ 09:53
    Lucas Bisgaard
    100

    Hey Thomas,

    Unfraternally it is not possible to stop creating the user/member when you use the autolinking.

    The only solution as I see it, is give the users a role to those that allowed to create a user, and on OnExternalLogin see if the current identity have in the Claim the allowed Role, just to prevent the identity to login in something like:

    OnExternalLogin = (user, loginInfo) =>
                {
                    bool allowed = false;
                    var claims = loginInfo.Principal.Claims.Where(x => x.Type == ClaimTypes.Role);
                    if (claims.Any())
                    {
                        foreach (var claim in claims)
                        {
                            if (claim.Value.Equals("adminAccess", StringComparison.InvariantCultureIgnoreCase))
                            {
                                allowed = true;
                                break;
                            }
                        }
                    }
    
                    user.LockoutEnabled = !allowed;
                    user.IsApproved = allowed;
    
                    return true;
                }
    
  • Thomas Moltzen-Bildsøe 18 posts 149 karma points
    Sep 02, 2022 @ 10:22
    Thomas Moltzen-Bildsøe
    0

    Too bad there isn't a solution preventing the user from being created.

    My current solution is assigning a role with no access at all, and I've called the role "ToBeDeleted", and my thought was to delete the users in this role, once a day.

    But combined with you're suggestion I could prevent them from logging in at all, which would be a great improvement.

    Thanks.

    BR

  • ChuDatCN 12 posts 62 karma points
    Sep 05, 2022 @ 07:55
    ChuDatCN
    0

    Hi Thomas, I'm using IdentityServer4 ( Quick-start setup ) as external identity provider too and it also works.

    But when I implenment auto-linking options following document ( https://our.umbraco.com/documentation/reference/security/auto-linking ) , it seems like only OnAutoLinking funtion is not working . At first, I thought the Claims returned from IS missing email but then I could use email claims to auto create Umbraco members based on email info.

    Is there more specific setup i should follow .

    I'm new to Umbraco and using version 10.1.0 . I don't know whether if it is Umbraco V10 's bug or IdentityServer's bug anymore. I've searched this bug for week but i'm still stuck on this bug :(

    Thanks.

    Regards

Please Sign in or register to post replies

Write your reply to:

Draft