Has anyone else had timeout issues since upgrade to version 7.8.0 or later? Up through 7.7.9 things were working fine, but after upgrading to 7.8.0 and recently to 7.9.2 the backoffice seems to timeout after just a minute or so. We do use a custom "owin:Startup" authentication module to authenticate via LDAP to our Active Directory, so I'm not sure if anything has changed with the owin authentication models.
I've done some more testing with a fresh install and I can confirm that this is related to using our custom owin:appStartup authentication provider. This has been working up until version 7.8.0. Did something change with overriding authentication to use AD authentication that I need to update. I haven't seen anything in any of the upgrade notes in any version since 7.7.9 that would indicate why this broke.
Our current code is at the end of this post. However, the BackOfficeUserManager.Create method now is obsolete and says "Use the overload specifying all dependencies instead". If you have a newer code example of how to do that I would appreciate it.
Current Code:
using Microsoft.Owin;
using System;
using Owin;
using Umbraco.Core;
using Umbraco.Core.Models.Identity;
using Umbraco.Core.Security;
using Umbraco.Web.Security.Identity;
using System.Threading.Tasks;
using System.DirectoryServices;
using UmbracoOWINLDAP_Authentication;
[assembly: OwinStartup("UmbracoOwinLdapStartup", typeof(UmbracoOwinLdapStartup))]
namespace UmbracoOWINLDAP_Authentication
{
public class UmbracoOwinLdapStartup
{
public void Configuration(IAppBuilder app)
{
var applicationContext = ApplicationContext.Current;
app.UseUmbracoBackOfficeCookieAuthentication(applicationContext);
app.UseUmbracoBackOfficeExternalCookieAuthentication(applicationContext);
app.UseUmbracoPreviewAuthentication(applicationContext);
app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
applicationContext,
(options, context) =>
{
var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = BackOfficeUserManager.Create(
options,
applicationContext.Services.UserService,
applicationContext.Services.ExternalLoginService,
membershipProvider);
userManager.BackOfficeUserPasswordChecker = new LdapPasswordChecker();
return userManager;
});
}
}
public class LdapPasswordChecker : IBackOfficeUserPasswordChecker
{
public Task<BackOfficeUserPasswordCheckerResult> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
{
// By default, we will fall back to the default checker if things fail here
var result = BackOfficeUserPasswordCheckerResult.FallbackToDefaultChecker;
// Never try and perform an LDAP authentication against the ADMIN user
string Username = user.UserName.ToLower();
if (Username != "admin") {
bool ValidLogin = ldapAuth(Username, password);
if (ValidLogin) {
result = BackOfficeUserPasswordCheckerResult.ValidCredentials;
}
}
return Task.FromResult(result);
}
private bool ldapAuth(string Username, string Password)
{
bool output = false;
try {
string ldapRoot = string.Empty;
try {
ldapRoot += System.Configuration.ConfigurationManager.AppSettings["UmbracoOwinLdapRoot"];
} catch { } // Unable to read the UmbracoOwinLdapRoot setting from web.config
if (!String.IsNullOrWhiteSpace(ldapRoot)) {
string domainAndUsername = ldapRoot + @"\" + Username;
DirectoryEntry entry = new DirectoryEntry("LDAP://" + ldapRoot, domainAndUsername, Password);
try {
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + Username + ")";
search.PropertiesToLoad.Add("cn");
System.DirectoryServices.SearchResult result = search.FindOne();
if (result != null) {
output = true; // Login was successful
}
} catch { } // Unable to query LDAP
}
} catch { } // Unable to create DirectoryEntry for LDAP query
return output;
}
}
Any update on this? I put in a bug request a month ago and I've heard nothing. I hate to turn off our ability to use AD authentication against our local AD using LDAP, but at this point I'm getting uncomfortable on how many versions behind we are getting.
Timeouts Since 7.8.0
Has anyone else had timeout issues since upgrade to version 7.8.0 or later? Up through 7.7.9 things were working fine, but after upgrading to 7.8.0 and recently to 7.9.2 the backoffice seems to timeout after just a minute or so. We do use a custom "owin:Startup" authentication module to authenticate via LDAP to our Active Directory, so I'm not sure if anything has changed with the owin authentication models.
I've done some more testing with a fresh install and I can confirm that this is related to using our custom owin:appStartup authentication provider. This has been working up until version 7.8.0. Did something change with overriding authentication to use AD authentication that I need to update. I haven't seen anything in any of the upgrade notes in any version since 7.7.9 that would indicate why this broke.
Our current code is at the end of this post. However, the BackOfficeUserManager.Create method now is obsolete and says "Use the overload specifying all dependencies instead". If you have a newer code example of how to do that I would appreciate it.
Current Code:
using Microsoft.Owin; using System; using Owin; using Umbraco.Core; using Umbraco.Core.Models.Identity; using Umbraco.Core.Security; using Umbraco.Web.Security.Identity; using System.Threading.Tasks; using System.DirectoryServices; using UmbracoOWINLDAP_Authentication;
[assembly: OwinStartup("UmbracoOwinLdapStartup", typeof(UmbracoOwinLdapStartup))] namespace UmbracoOWINLDAP_Authentication { public class UmbracoOwinLdapStartup { public void Configuration(IAppBuilder app) { var applicationContext = ApplicationContext.Current; app.UseUmbracoBackOfficeCookieAuthentication(applicationContext); app.UseUmbracoBackOfficeExternalCookieAuthentication(applicationContext); app.UseUmbracoPreviewAuthentication(applicationContext);
}
Any ideas here? We've had to roll back to 7.7.9 and I need to get this working with the newer versions.
Hi Brad,
I think it's best to create a issue on : http://issues.umbraco.org/issues
Because 7.8.0 release doesn't list any breaking changes in regards to OWIN : https://our.umbraco.org/download/releases/780/
Dave
OK, I have created an issue and included the entire code sample we are using.
Dave,
Any update on this? I put in a bug request a month ago and I've heard nothing. I hate to turn off our ability to use AD authentication against our local AD using LDAP, but at this point I'm getting uncomfortable on how many versions behind we are getting.
Thanks,
Brad
is working on a reply...