Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Gudjon Gunnlaugsson 1 post 71 karma points
    Mar 24, 2023 @ 11:33
    Gudjon Gunnlaugsson

    ClaimsIdentity for member with middleware.

    Hi. I have an umbraco website , an app and an openiddict authentication server. the website uses cookies everything is fine with that. the app is using an jwt token from my login server.

    I made a middleware in the hope of being able to use [UmbracoMemberoAuthorize} and most of the member features without having to make it custom.

    My middleware`public async Task Invoke(HttpContext context, IMemberService memberService) { var accessToken = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");

            if (!string.IsNullOrEmpty(accessToken))
                var handler = new JwtSecurityTokenHandler();
                var claimsPrincipal = handler.ValidateToken(accessToken, new TokenValidationParameters
                    ValidIssuer = "https://localhost:7172/",
                    ValidAudience = "AO",
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("REMOVEDFORSAMPLE")),
                    ValidateIssuerSigningKey = true,
                    ValidateLifetime = true,
                    ClockSkew = TimeSpan.Zero
                }, out var validatedToken);
                if (claimsPrincipal.Identity.IsAuthenticated)
                    var username = claimsPrincipal.FindFirstValue("username");
                    var member = memberService.GetByUsername(username);
                    if (member != null)
                    { // This needs to put umbraco member into the context.user.
                        var identity = new ClaimsIdentity(member.Username);
                        identity.AddClaim(new Claim(ClaimTypes.Name, username));
                        await _next(context);
            await _next(context);

    This works as in it validates the authentication token to the server and all that. But does anyone know how I can get the correct setup for the Umbraco member or if it is possible. was hoping i could just make an identity with the name as username but that doesn't seem to be enough.

    Ps. I know i can just use Openiddict validation to get me into the controller and then just have code to lookup the member at the start of every controller action but this would be better.

    Any help would be appreciated. Thanks Guðjón

  • iNETZO 133 posts 496 karma points c-trib
    Feb 26, 2024 @ 12:06

    Hi Gudjon,

    I'm also looking for a same kind of solution where the Umbraco Delivery api bearer can be used to login the member. I also do this in the controller right now but i would also prefere to use the default UmbracoMemberAuthorize attribute instead. Can you give me some hints?

    Best regards,


Please Sign in or register to post replies

Write your reply to: