/// <summary>
/// Returns true if the request is a back office request
/// </summary>
public static bool IsBackOfficeRequest(this HttpRequest request)
{
PathString absPath = request.Path;
UmbracoRequestPaths umbReqPaths = request.HttpContext.RequestServices.GetService <UmbracoRequestPaths>();
return(umbReqPaths.IsBackOfficeRequest(absPath));
}
/// <summary>
/// Determines if we should authenticate the request
/// </summary>
/// <returns>true if the request should be authenticated</returns>
/// <remarks>
/// We auth the request when:
/// * it is a back office request
/// * it is an installer request
/// * it is a preview request
/// </remarks>
public bool ShouldAuthenticateRequest(string absPath)
{
// Do not authenticate the request if we are not running (don't have a db, are not configured) - since we will never need
// to know a current user in this scenario - we treat it as a new install. Without this we can have some issues
// when people have older invalid cookies on the same domain since our user managers might attempt to lookup a user
// and we don't even have a db.
// was: app.IsConfigured == false (equiv to !Run) && dbContext.IsDbConfigured == false (equiv to Install)
// so, we handle .Install here and NOT .Upgrade
if (_runtime.Level == RuntimeLevel.Install)
{
return(false);
}
// check the explicit paths
if (_explicitPaths != null)
{
return(_explicitPaths.Any(x => x.InvariantEquals(absPath)));
}
if ( // check back office
_umbracoRequestPaths.IsBackOfficeRequest(absPath)
// check installer
|| _umbracoRequestPaths.IsInstallerRequest(absPath))
{
return(true);
}
if (_basicAuthService.IsBasicAuthEnabled())
{
return(true);
}
return(false);
}
public void Is_Back_Office_Request(string input, string virtualPath, bool expected)
{
var source = new Uri(input);
var hostingEnvironment = CreateHostingEnvironment(virtualPath);
var umbracoRequestPaths = new UmbracoRequestPaths(Options.Create(_globalSettings), hostingEnvironment);
Assert.AreEqual(expected, umbracoRequestPaths.IsBackOfficeRequest(source.AbsolutePath));
}
/// <summary>
/// Used to lazily initialize any back office services when the first request to the back office is made
/// </summary>
/// <param name="umbracoContext"></param>
/// <returns></returns>
private void LazyInitializeBackOfficeServices(PathString absPath)
{
if (s_firstBackOfficeRequest)
{
return;
}
if (_umbracoRequestPaths.IsBackOfficeRequest(absPath) ||
(absPath.Value?.InvariantStartsWith($"/{_smidgeOptions.UrlOptions.CompositeFilePath}") ?? false) ||
(absPath.Value?.InvariantStartsWith($"/{_smidgeOptions.UrlOptions.BundleFilePath}") ?? false))
{
LazyInitializer.EnsureInitialized(ref s_firstBackOfficeRequest, ref s_firstBackOfficeReqestFlag, ref s_firstBackOfficeRequestLocker, () =>
{
_backOfficeWebAssets.CreateBundles();
return(true);
});
}
}
/// <summary>
/// Determines if we should authenticate the request
/// </summary>
/// <returns>true if the request should be authenticated</returns>
/// <remarks>
/// We auth the request when it is not a back office request and when the runtime level is Run
/// </remarks>
public bool ShouldAuthenticateRequest(string absPath)
{
// Do not authenticate the request if we are not running.
// Else this can cause problems especially if the members DB table needs upgrades
// because when authing, the member db table will be read and we'll get exceptions.
if (_runtime.Level != RuntimeLevel.Run)
{
return(false);
}
if (// check back office
_umbracoRequestPaths.IsBackOfficeRequest(absPath)
// check installer
|| _umbracoRequestPaths.IsInstallerRequest(absPath))
{
return(false);
}
return(true);
}