public void AddingExistingIdentityChangesDefaultButPreservesPrior()
{
IOwinContext context = new OwinContext();
IOwinRequest request = context.Request;
request.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
var helper = new SecurityHelper(context);
request.User.Identity.AuthenticationType.ShouldBe("Alpha");
request.User.Identity.Name.ShouldBe("Test1");
helper.AddUserIdentity(new GenericIdentity("Test2", "Beta"));
request.User.Identity.AuthenticationType.ShouldBe("Beta");
request.User.Identity.Name.ShouldBe("Test2");
helper.AddUserIdentity(new GenericIdentity("Test3", "Gamma"));
request.User.Identity.AuthenticationType.ShouldBe("Gamma");
request.User.Identity.Name.ShouldBe("Test3");
var principal = (ClaimsPrincipal)request.User;
principal.Identities.Count().ShouldBe(3);
principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
}
public void AddingExistingIdentityChangesDefaultButPreservesPrior()
{
HttpContext context = new DefaultHttpContext();
context.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
context.User.Identity.AuthenticationType.ShouldBe("Alpha");
context.User.Identity.Name.ShouldBe("Test1");
SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test2", "Beta"));
context.User.Identity.AuthenticationType.ShouldBe("Beta");
context.User.Identity.Name.ShouldBe("Test2");
SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test3", "Gamma"));
context.User.Identity.AuthenticationType.ShouldBe("Gamma");
context.User.Identity.Name.ShouldBe("Test3");
var principal = context.User;
principal.Identities.Count().ShouldBe(3);
principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
}
protected async Task ApplyIdentity()
{
AuthenticationTicket ticket = await Authenticate();
if (ticket != null)
{
Helper.AddUserIdentity(ticket.Identity);
}
}
public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
{
HttpContext context = new DefaultHttpContext();
context.User.ShouldNotBe(null);
context.User.Identity.IsAuthenticated.ShouldBe(false);
SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test1", "Alpha"));
context.User.ShouldNotBe(null);
context.User.Identity.AuthenticationType.ShouldBe("Alpha");
context.User.Identity.Name.ShouldBe("Test1");
context.User.ShouldBeTypeOf <ClaimsPrincipal>();
context.User.Identity.ShouldBeTypeOf <ClaimsIdentity>();
((ClaimsPrincipal)context.User).Identities.Count().ShouldBe(1);
}
public void AddingToNullUserCreatesUserAsClaimsPrincipalWithSingleIdentity()
{
var request = OwinRequest.Create();
request.User.ShouldBe(null);
var helper = new SecurityHelper(request);
helper.AddUserIdentity(new GenericIdentity("Test1", "Alpha"));
request.User.ShouldNotBe(null);
request.User.Identity.AuthenticationType.ShouldBe("Alpha");
request.User.Identity.Name.ShouldBe("Test1");
request.User.ShouldBeTypeOf <ClaimsPrincipal>();
request.User.Identity.ShouldBeTypeOf <ClaimsIdentity>();
((ClaimsPrincipal)request.User).Identities.Count().ShouldBe(1);
}
public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
{
var request = OwinRequest.Create();
request.User = new GenericPrincipal(new GenericIdentity(string.Empty, string.Empty), null);
request.User.Identity.IsAuthenticated.ShouldBe(false);
var helper = new SecurityHelper(request);
helper.AddUserIdentity(new GenericIdentity("Test1", "Alpha"));
request.User.ShouldNotBe(null);
request.User.Identity.AuthenticationType.ShouldBe("Alpha");
request.User.Identity.Name.ShouldBe("Test1");
request.User.ShouldBeTypeOf <ClaimsPrincipal>();
request.User.Identity.ShouldBeTypeOf <ClaimsIdentity>();
((ClaimsPrincipal)request.User).Identities.Count().ShouldBe(1);
}
public override async Task Invoke(IOwinContext context)
{
IOwinRequest request = context.Request;
if (request.Uri.AbsolutePath.StartsWith(MagicStrings.PreviewRouteBase) && request.Uri.Segments.Length == 6)
{
string[] segments = request.Uri.Segments;
string userId = segments[3].Trim('/');
IUser user = ApplicationContext.Current.Services.UserService.GetUserById(int.Parse(userId));
UserData userData = GetUserData(user);
Utility.ExpireCookie(UmbracoConfig.For.UmbracoSettings().Security.AuthCookieName);
HttpCookie authCookie = CreateAuthCookie(
user.Name,
segments[2].Trim('/'),
JsonConvert.SerializeObject(userData),
UmbracoConfig.For.UmbracoSettings().Security.AuthCookieName,
UmbracoConfig.For.UmbracoSettings().Security.AuthCookieDomain);
HttpContext.Current.Request.Cookies.Add(authCookie);
HttpContext.Current.Items.Add(UmbracoConfig.For.UmbracoSettings().Security.AuthCookieName, authCookie.Value);
var identity = new UmbracoBackOfficeIdentity(userData);
var securityHelper = new SecurityHelper(context);
securityHelper.AddUserIdentity(identity);
}
if (Next != null)
{
await Next.Invoke(context);
}
}
