Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Thomas Moltzen-Bildsøe 18 posts 149 karma points
    Sep 02, 2022 @ 09:12
    Thomas Moltzen-Bildsøe
    0

    Autolink - only if user is found

    Hi,

    So I've setup login using an external identity provider (IdentityServer4), and it works almost as I intended.

    My challenge is I'm using SetExternalSignInAutoLinkOptions to auto-link the incoming identity to an existing account in Umbraco. This works fine. But if no account is found, it creates one. I would like to prevent this from happening. So auto-linking is ok for accounts that exist else it should stop.

    Where would I implement this?

    BR Thomas

    Copy Link
  • Lucas Bisgaard 19 posts 128 karma points c-trib
    Sep 02, 2022 @ 09:53
    Lucas Bisgaard
    100

    Hey Thomas,

    Unfraternally it is not possible to stop creating the user/member when you use the autolinking.

    The only solution as I see it, is give the users a role to those that allowed to create a user, and on OnExternalLogin see if the current identity have in the Claim the allowed Role, just to prevent the identity to login in something like:

    OnExternalLogin = (user, loginInfo) =>
            {
                bool allowed = false;
                var claims = loginInfo.Principal.Claims.Where(x => x.Type == ClaimTypes.Role);
                if (claims.Any())
                {
                    foreach (var claim in claims)
                    {
                        if (claim.Value.Equals("adminAccess", StringComparison.InvariantCultureIgnoreCase))
                        {
                            allowed = true;
                            break;
                        }
                    }
                }

                user.LockoutEnabled = !allowed;
                user.IsApproved = allowed;

                return true;
            }
    Copy Link
  • Thomas Moltzen-Bildsøe 18 posts 149 karma points
    Sep 02, 2022 @ 10:22
    Thomas Moltzen-Bildsøe
    0

    Too bad there isn't a solution preventing the user from being created.

    My current solution is assigning a role with no access at all, and I've called the role "ToBeDeleted", and my thought was to delete the users in this role, once a day.

    But combined with you're suggestion I could prevent them from logging in at all, which would be a great improvement.

    Thanks.

    BR

    Copy Link
  • ChuDatCN 12 posts 62 karma points
    Sep 05, 2022 @ 07:55
    ChuDatCN
    0

    Hi Thomas, I'm using IdentityServer4 ( Quick-start setup ) as external identity provider too and it also works.

    But when I implenment auto-linking options following document ( https://our.umbraco.com/documentation/reference/security/auto-linking ) , it seems like only OnAutoLinking funtion is not working . At first, I thought the Claims returned from IS missing email but then I could use email claims to auto create Umbraco members based on email info.

    Is there more specific setup i should follow .

    I'm new to Umbraco and using version 10.1.0 . I don't know whether if it is Umbraco V10 's bug or IdentityServer's bug anymore. I've searched this bug for week but i'm still stuck on this bug :(

    Thanks.

    Regards

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies