user passwordsigninasync does not persist in umbraco 14 - Using Umbraco and getting started

Go to solution

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Matty 34 posts 148 karma points

Jun 16, 2024 @ 09:48
0

User PasswordSignInAsync does not persist in Umbraco 14?
In Umbraco 14, when calling _backOfficeSignInManager.PasswordSignInAsync() to sign a backoffice User in:
- The return is successful (result.Succeeded == true)
- The correct User with a valid Identity and IsAuthenticated = true
- A cookie is created (UMB_UCONTEXT=...)
This seems like everything is correct, but it only lasts for the single request. Every subsequent request will have no User or Identity despite having the cookie. What am I missing??
```
private readonly IBackOfficeSignInManager _backOfficeSignInManager;

public WhyYouNoWorkController(
    IBackOfficeSignInManager backOfficeSignInManager)
{
    _backOfficeSignInManager = backOfficeSignInManager;
}

[HttpPost]
public async Task<IActionResult> LoginAction(string username, string password)
{
    IdentitySignInResult result = await _backOfficeSignInManager.PasswordSignInAsync(
        username, password, true, true);

    //...

    return Ok();
}
```
Any help would be very much appreciated!
Copy Link
Matty 34 posts 148 karma points

Jun 16, 2024 @ 14:22
100
Figured it out.

For some reason the UseAuthentication() middleware does not function correctly.

It is added to the pipeline correctly in the Umbraco.Web.Common.UmbracoApplicationBuilder.cs file, the method is RegisterDefaultRequiredMiddleware(). Which is invoked when you call app.UseUmbraco() in your Program.cs file.

For whatever reason however it doesn't work. My guess is that it has something to do with the amount of custom-rolled auth that Umbraco has for Users.

In any case, the application is in the same state as if UseAuthentication() was never added. As per this post, the fix is to add the following Attribute to get the Auth to force re-run
```
[Authorize(AuthenticationSchemes = Constants.Security.BackOfficeAuthenticationType)]
```
This has to be done on a per-endpoint basis, instead of using just [Authorize]

For example:
```
public class MustBeAuthedController : UmbracoController
{
    [HttpGet]
    //[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)] <-- Will not work
    //[Authorize] <-- Will not work
    [Authorize(AuthenticationSchemes = Constants.Security.BackOfficeAuthenticationType)]
    public IActionResult Index()
    {
        return View("SomeViewThatRequiresAuth");
    }
}
```
As an aside, figuring out that Constants.Security.BackOfficeAuthenticationType is actually an AuthenticationScheme was very much not obvious
Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?

User PasswordSignInAsync does not persist in Umbraco 14?