Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • milkman matty 31 posts 125 karma points
    May 23, 2023 @ 07:21
    milkman matty
    0

    Querying the cmsMember table

    I have a need to periodically confirm the identity of a Member per login session. I was going to make my own db field and populate it with a random string on login, but securityStampToken does exactly that already - awesome!

    Given a username and securityStampToken from an untrusworthy source I want to confirm that the securityStampToken matches the LoginName provided. However I'm having a hell of a time obtaining the securityStampToken.

    Not sure it matters, but this is with Umbraco 11

    private IMember? GetMemberFromToken(string token)
        {
            using var scope = _scopeProvider.CreateScope();
            var member = scope.Database.FirstOrDefault<cmsMember>(
                "SELECT [LoginName],[securityStampToken] " +
                "FROM cmsMember WHERE [securityStampToken] = '@0'", token);
            scope.Complete();
    
            return member != null ? _memberService.GetByUsername(member.LoginName) : null;
        }
    
    public class cmsMember
    {
        public string LoginName { get; set; }
        public string securityStampToken { get; set; }
    }
    

    seems no matter what I try var member is always null. Can anyone advise what I'm doing wrong?

  • Huw Reddick 1736 posts 6076 karma points MVP c-trib
    May 23, 2023 @ 15:02
    Huw Reddick
    100

    Hi milkman,

    Your problem is here

    [securityStampToken] = '@0'
    

    It does not need the single quotes, npoco adds them because token is a string, so just use

    [securityStampToken] = @0
    
  • milkman matty 31 posts 125 karma points
    May 24, 2023 @ 00:02
    milkman matty
    0

    Thank you so much! Your solution fixed it!

Please Sign in or register to post replies

Write your reply to:

Draft