Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Andrew 1 post 71 karma points
    Nov 25, 2016 @ 12:33
    Andrew
    0

    Umbraco v7.4.3 Logging out of umbraco backoffice when logging in to the my app

    Hi!

    We have an application running on Umbraco v7.4.3

    The problem is that when I'm logged in to Umbraco backoffice, let's say it's running on http://localhost/umbraco , and then open a new tab and log in to the app which is here: http://localhost/, I get logged out from backoffice.

    I digged a bit into the issue and noticed a few things:

    1) when the login request sent to /umbraco/surface/account/SignIn, it gets Set-Cookie header for UMB_UCONTEXT and sets it to "", which is possibly done here: https://github.com/umbraco/Umbraco-CMS/blob/5397f2c53acbdeb0805e1fe39fda938f571d295a/src/Umbraco.Core/Security/BackOfficeCookieAuthenticationProvider.cs

    As I understand it forces logging out from the backoffice prior to logging in to the app.

    2) if I log in back to the backoffice (http://localhost/umbraco/backoffice/UmbracoApi/Authentication/PostLogin), it gets the UMB_UCONTEXT cookie and I can work in both app and the backoffice.

    3) When I log out from the main app I also get signed out from the backoffice ( Set-Cookie:UMB_UCONTEXT=; )

    Is there a way to solve this?

    I tried to do it in a hacky way and remove the Set-Cookie header in OnResponseSignIn, but it still comes to the client... Please help.

    Here's the OwinStartup Configuration method:

    public override void Configuration(IAppBuilder app) { base.Configuration(app);

            if (!ApplicationContext.IsUpgrading)
        {
            app.UseNLog();
            app.UseSetLanguageMiddleware(GetLanguageOptions(), _cultureHelper);

            // Configure the db context, user manager and signin manager to use a single instance per request
            app.CreatePerOwinContext<InfinityUserManager>(InfinityUserManager.Create);

            //Single method to configure the Identity user manager for use with Umbraco
            //            app.ConfigureUserManagerForUmbracoMembers<UmbracoApplicationMember>();

            //var lang = CultureInfo.CurrentUICulture.Name;
            var lang = PageHelper.GetSelectedLanguageName();

            // Enable the application to use a cookie to store information for the 
            // signed in user and to use a cookie to temporarily store information 
            // about a user logging in with a third party login provider 
            // Configure the sign in cookie
            //UrlHelper url = new UrlHelper(HttpContext.Current.Request.RequestContext);

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString($"/{lang}"),
                //LoginPath = new PathString($"/{lang}/login"),
                ExpireTimeSpan = TimeSpan.FromMinutes(20),
                CookieName = "AuthCookie",
                SlidingExpiration = true,
                //CookieSecure = CookieSecureOption.Always,
                Provider = new CookieAuthenticationProvider
                {
                    OnApplyRedirect = ctx =>
                    {
                        if (!IsAjaxRequest(ctx.Request))
                        {
                            var uri = new UriBuilder(ctx.RedirectUri);
                            var query = HttpUtility.ParseQueryString(uri.Query);
                            query["login"] = "show";
                            uri.Query = query.ToString();
                            //string loginPath = ctx.RedirectUri + (ctx.RedirectUri.Contains("?") ? "&" : "?") + "login=show";
                            ctx.Response.Redirect(uri.ToString());
                        }
                    },
                    OnResponseSignIn = ctx =>
                    {
                        //the Set-Cookie collection still comes to the client
                        ctx.OwinContext.Response.Headers.Remove("Set-Cookie");
                    },
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<InfinityUserManager, User, long>(
                        validateInterval: TimeSpan.FromMinutes(20),
                        regenerateIdentityCallback:
                            (manager, user) =>
                                manager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie),
                        getUserIdCallback: user => user.GetUserId<long>())
                }
            });

            app.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext);

            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            var facebookOptions = new FacebookAuthenticationWrapper().GetAuthenticationOptions(_infinityConfiguration.Facebook);
            if (facebookOptions != null)
                app.UseFacebookAuthentication(facebookOptions);

            var providaOptions = new ProVidaAuthenticationWrapper(_infinityConfiguration.ProVida).GetAuthenticationOptions();
            if (providaOptions != null)
                app.UseProvidaAuthentication(providaOptions);

            app.UseInfinityTokenAuth();
        }
    }

    Many thanks for help!

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies