public void Configuration(IAppBuilder app)
{
var applicationContext = ApplicationContext.Current;
app.ConfigureUserManagerForUmbracoBackOffice <BackOfficeUserManager, BackOfficeIdentityUser>(
applicationContext,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = BackOfficeUserManager.Create(options,
applicationContext.Services.UserService,
applicationContext.Services.ExternalLoginService,
membershipProvider);
// Overrides Umbraco's password checker
var latchOperationSvc = new LatchOperationService(applicationContext.DatabaseContext.Database, applicationContext.Services.TextService, applicationContext.Services.UserService);
userManager.BackOfficeUserPasswordChecker = new LatchLoginChecker(latchOperationSvc, applicationContext.Services.TextService, userManager.PasswordHasher);
return(userManager);
});
//Ensure owin is configured for Umbraco back office authentication
app
.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);
}
public void Configuration(IAppBuilder app)
{
//Configure the Identity user manager for use with Umbraco Back office
var applicationContext = ApplicationContext.Current;
app.ConfigureUserManagerForUmbracoBackOffice <BackOfficeUserManager, BackOfficeIdentityUser>(
applicationContext,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = BackOfficeUserManager.Create(options,
applicationContext.Services.UserService,
applicationContext.Services.ExternalLoginService,
membershipProvider);
// Call custom passowrd checker.
userManager.BackOfficeUserPasswordChecker = new BackofficeMembershipProviderPasswordChecker();
return(userManager);
});
//Ensure owin is configured for Umbraco back office authentication
app
.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);
}
/// <summary>
/// This is simply a helper method which essentially just wraps the MembershipProvider's ChangePassword method
/// </summary>
/// <remarks>
/// This method exists so that Umbraco developers can use one entry point to create/update users if they choose to.
/// </remarks>
/// <param name="user">The user to save the password for</param>
/// <param name="password">The password to save</param>
public void SavePassword(IUser user, string password)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
var provider = MembershipProviderExtensions.GetUsersMembershipProvider();
if (provider.IsUmbracoMembershipProvider() == false)
{
throw new NotSupportedException("When using a non-Umbraco membership provider you must change the user password by using the MembershipProvider.ChangePassword method");
}
provider.ChangePassword(user.Username, "", password);
//go re-fetch the member and update the properties that may have changed
var result = GetByUsername(user.Username);
if (result != null)
{
//should never be null but it could have been deleted by another thread.
user.RawPasswordValue = result.RawPasswordValue;
user.LastPasswordChangeDate = result.LastPasswordChangeDate;
user.UpdateDate = user.UpdateDate;
}
}
private void ConfigureTwoFactorAuthentication(object sender, OwinMiddlewareConfiguredEventArgs args)
{
var app = args.AppBuilder;
var applicationContext = ApplicationContext.Current;
app.SetUmbracoLoggerFactory();
app.UseTwoFactorSignInCookie(Umbraco.Core.Constants.Security.BackOfficeTwoFactorAuthenticationType, TimeSpan.FromMinutes(5));
// We need to set these values again after our custom changes. Otherwise preview doesn't work.
app.UseUmbracoBackOfficeCookieAuthentication(applicationContext)
.UseUmbracoBackOfficeExternalCookieAuthentication(applicationContext)
.UseUmbracoPreviewAuthentication(applicationContext);
app.ConfigureUserManagerForUmbracoBackOffice <TwoFactorBackOfficeUserManager, BackOfficeIdentityUser>(
applicationContext,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = TwoFactorBackOfficeUserManager.Create(options,
applicationContext.Services.UserService,
applicationContext.Services.EntityService,
applicationContext.Services.ExternalLoginService,
membershipProvider);
return(userManager);
});
}
public void Configuration(IAppBuilder app)
{
// Configure back office users membership provider
app.ConfigureUserManagerForUmbracoBackOffice(
ApplicationContext.Current,
MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider());
// Ensure OWIN is configured for Umbraco back office authentication
app.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);
// Configure additional back office authentication options
app.ConfigureBackOfficeAdfsAuthentication();
}
private void ConfigureTwoFactorAuthentication(object sender, OwinMiddlewareConfiguredEventArgs args)
{
var app = args.AppBuilder;
var applicationContext = Umbraco.Core.Composing.Current.Services;
IGlobalSettings GlobalSettings = Umbraco.Core.Composing.Current.Configs.Global();
IUmbracoSettingsSection UmbracoSettings = Umbraco.Core.Composing.Current.Configs.Settings();
UmbracoMapper umbracoMapper = Umbraco.Core.Composing.Current.Mapper;
//netser/////////////////////////
/* var oAuthServerOptions = new OAuthAuthorizationServerOptions
*
* {
* AllowInsecureHttp = true,
* TokenEndpointPath = new PathString("/token"),
* AccessTokenExpireTimeSpan = TimeSpan.FromDays(1)
* };
* // Token Generation
* app.UseOAuthAuthorizationServer(oAuthServerOptions);
* app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());*/
////////////////////end netser
app.SetUmbracoLoggerFactory();
app.UseTwoFactorSignInCookie(Umbraco.Core.Constants.Security.BackOfficeTwoFactorAuthenticationType, TimeSpan.FromMinutes(5));
// app.UseOAuthAuthorizationServer(options);
// app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
// We need to set these values again after our custom changes. Otherwise preview doesn't work.
// Gunni: Apparently we don't need this for preview to work and the following code breaks other Identity providers
//app.UseUmbracoBackOfficeCookieAuthentication(umbracoContextAccessor, Umbraco.Web.Composing.Current.RuntimeState, applicationContext.UserService, GlobalSettings, securitySection)
// .UseUmbracoBackOfficeExternalCookieAuthentication(umbracoContextAccessor, runtimeState, GlobalSettings)
// .UseUmbracoPreviewAuthentication(umbracoContextAccessor, runtimeState, globalSettings, securitySection);
app.ConfigureUserManagerForUmbracoBackOffice <TwoFactorBackOfficeUserManager, BackOfficeIdentityUser>(
Umbraco.Web.Composing.Current.RuntimeState,
GlobalSettings,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = TwoFactorBackOfficeUserManager.Create(options,
applicationContext.UserService,
applicationContext.MemberTypeService,
applicationContext.EntityService,
applicationContext.ExternalLoginService,
membershipProvider, GlobalSettings, umbracoMapper);
return(userManager);
});
}
public virtual IUserRepository CreateUserRepository(IScopeUnitOfWork uow)
{
var userMembershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider();
var passwordConfig = userMembershipProvider == null || userMembershipProvider.PasswordFormat != MembershipPasswordFormat.Hashed
? null
: new System.Collections.Generic.Dictionary <string, string> {
{ "hashAlgorithm", Membership.HashAlgorithmType }
};
return(new UserRepository(
uow,
//Need to cache users - we look up user information more than anything in the back office!
_cacheHelper,
_logger,
_sqlSyntax,
passwordConfig));
}
public override bool PerformSave()
{
// Hot damn HACK > user is allways UserType with id = 1 = administrator ???
// temp password deleted by NH
//BusinessLogic.User.MakeNew(Alias, Alias, "", BusinessLogic.UserType.GetUserType(1));
//return true;
var provider = MembershipProviderExtensions.GetUsersMembershipProvider();
var status = MembershipCreateStatus.ProviderError;
try
{
// Password is auto-generated. They are they required to change the password by editing the user information.
var password = Membership.GeneratePassword(
provider.MinRequiredPasswordLength,
provider.MinRequiredNonAlphanumericCharacters);
var parts = Alias.Split(new[] { '|' }, StringSplitOptions.RemoveEmptyEntries);
if (parts.Length != 2)
{
return(false);
}
var login = parts[0];
var email = parts[1];
var u = provider.CreateUser(
login, password, email.Trim().ToLower(), "", "", true, null, out status);
if (u == null)
{
return(false);
}
_returnUrl = string.Format("users/EditUser.aspx?id={0}", u.ProviderUserKey);
return(status == MembershipCreateStatus.Success);
}
catch (Exception ex)
{
LogHelper.Error <userTasks>(string.Format("Failed to create the user. Error from provider: {0}", status.ToString()), ex);
return(false);
}
}
/// <summary>
/// Creates a BackOfficeUserManager instance with all default options and the default BackOfficeUserManager
/// </summary>
/// <param name="options"></param>
/// <param name="userService"></param>
/// <param name="externalLoginService"></param>
/// <param name="membershipProvider"></param>
/// <returns></returns>
public static CustomBackOfficeUserManager Create(IdentityFactoryOptions <CustomBackOfficeUserManager> options, ApplicationContext applicationContext)
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userService = applicationContext.Services.UserService;
var entityService = applicationContext.Services.EntityService;
var externalLoginService = applicationContext.Services.ExternalLoginService;
var contentSectionConfig = UmbracoConfig.For.UmbracoSettings().Content;
var manager = new CustomBackOfficeUserManager(new CustomBackOfficeUserStore(userService, entityService, externalLoginService, membershipProvider));
manager.InitUserManager(manager, membershipProvider, options.DataProtectionProvider, contentSectionConfig);
manager.RegisterTwoFactorProvider("DefaultProvider", new DefaultTwoFactorProvider(options.DataProtectionProvider.Create("DefaultProvider")));
return(manager);
}
public override void Configuration(IAppBuilder app)
{
app.SetUmbracoLoggerFactory();
var appContext = ApplicationContext.Current;
app.ConfigureUserManagerForUmbracoBackOffice <BackOfficeUserManager, BackOfficeIdentityUser>(
appContext,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var store = new BackOfficeUserStore(appContext.Services.UserService, appContext.Services.ExternalLoginService, membershipProvider);
return(UmbracoEasyADUserManager.InitUserManager(store, membershipProvider, options));
});
app.UseUmbracoBackOfficeCookieAuthentication(appContext)
.UseUmbracoBackOfficeExternalCookieAuthentication(appContext);
}
public override void Up()
{
//Don't exeucte if the column is already there
var columns = SqlSyntax.GetColumnsInSchema(Context.Database).ToArray();
if (columns.Any(x => x.TableName.InvariantEquals("umbracoUser") && x.ColumnName.InvariantEquals("createDate")) == false)
{
Create.Column("createDate").OnTable("umbracoUser").AsDateTime().NotNullable().WithDefault(SystemMethods.CurrentDateTime);
}
if (columns.Any(x => x.TableName.InvariantEquals("umbracoUser") && x.ColumnName.InvariantEquals("updateDate")) == false)
{
Create.Column("updateDate").OnTable("umbracoUser").AsDateTime().NotNullable().WithDefault(SystemMethods.CurrentDateTime);
}
if (columns.Any(x => x.TableName.InvariantEquals("umbracoUser") && x.ColumnName.InvariantEquals("emailConfirmedDate")) == false)
{
Create.Column("emailConfirmedDate").OnTable("umbracoUser").AsDateTime().Nullable();
}
if (columns.Any(x => x.TableName.InvariantEquals("umbracoUser") && x.ColumnName.InvariantEquals("invitedDate")) == false)
{
Create.Column("invitedDate").OnTable("umbracoUser").AsDateTime().Nullable();
}
if (columns.Any(x => x.TableName.InvariantEquals("umbracoUser") && x.ColumnName.InvariantEquals("avatar")) == false)
{
Create.Column("avatar").OnTable("umbracoUser").AsString(500).Nullable();
}
if (columns.Any(x => x.TableName.InvariantEquals("umbracoUser") && x.ColumnName.InvariantEquals("passwordConfig")) == false)
{
Create.Column("passwordConfig").OnTable("umbracoUser").AsString(500).Nullable();
//Check if we have a known config, we only want to store config for hashing
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider();
if (membershipProvider.PasswordFormat == MembershipPasswordFormat.Hashed)
{
var json = JsonConvert.SerializeObject(new { hashAlgorithm = Membership.HashAlgorithmType });
Execute.Sql("UPDATE umbracoUser SET passwordConfig = '" + json + "'");
}
}
}
private void ConfigureTwoFactorAuthentication(object sender, OwinMiddlewareConfiguredEventArgs args)
{
var app = args.AppBuilder;
var applicationContext = ApplicationContext.Current;
//netser/////////////////////////
/* var oAuthServerOptions = new OAuthAuthorizationServerOptions
*
* {
* AllowInsecureHttp = true,
* TokenEndpointPath = new PathString("/token"),
* AccessTokenExpireTimeSpan = TimeSpan.FromDays(1)
* };
* // Token Generation
* app.UseOAuthAuthorizationServer(oAuthServerOptions);
* app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());*/
////////////////////end netser
app.SetUmbracoLoggerFactory();
app.UseTwoFactorSignInCookie(Umbraco.Core.Constants.Security.BackOfficeTwoFactorAuthenticationType, TimeSpan.FromMinutes(5));
// app.UseOAuthAuthorizationServer(options);
// app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
// We need to set these values again after our custom changes. Otherwise preview doesn't work.
app.UseUmbracoBackOfficeCookieAuthentication(applicationContext)
.UseUmbracoBackOfficeExternalCookieAuthentication(applicationContext)
.UseUmbracoPreviewAuthentication(applicationContext); /**/
app.ConfigureUserManagerForUmbracoBackOffice <TwoFactorBackOfficeUserManager, BackOfficeIdentityUser>(
applicationContext,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = TwoFactorBackOfficeUserManager.Create(options,
applicationContext.Services.UserService,
applicationContext.Services.EntityService,
applicationContext.Services.ExternalLoginService,
membershipProvider);
return(userManager);
});
}
public void Build(IContainer container)
{
container.Register(() =>
{
var userManager = BackOfficeUserManager.Create(
new IdentityFactoryOptions <BackOfficeUserManager>
{
Provider = new IdentityFactoryProvider <BackOfficeUserManager>()
},
container.Resolve <IUserService>(),
container.Resolve <IEntityService>(),
container.Resolve <IExternalLoginService>(),
MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider(),
UmbracoConfig.For.UmbracoSettings().Content
);
return(userManager);
})
.As <BackOfficeUserManager <BackOfficeIdentityUser> >();
}
/// <summary>
/// Configure user manager for use with Active Directory
/// </summary>
/// <param name="app"></param>
protected override void ConfigureUmbracoUserManager(IAppBuilder app)
{
app.ConfigureUserManagerForUmbracoBackOffice <BackOfficeUserManager, BackOfficeIdentityUser>(
ApplicationContext,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = BackOfficeUserManager.Create(options,
ApplicationContext.Services.UserService,
ApplicationContext.Services.EntityService,
ApplicationContext.Services.ExternalLoginService,
membershipProvider,
UmbracoConfig.For.UmbracoSettings().Content);
// Configure custom password checker.
userManager.BackOfficeUserPasswordChecker = new BackofficeMembershipProviderPasswordChecker();
return(userManager);
});
}
/// <summary>
/// Configure user manager for use with Active Directory
/// </summary>
/// <param name="app"></param>
protected override void ConfigureUmbracoUserManager(IAppBuilder app)
{
app.ConfigureUserManagerForUmbracoBackOffice <BackOfficeUserManager, BackOfficeIdentityUser>(Current.RuntimeState, Current.Configs.Global(),
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = BackOfficeUserManager.Create(options,
Current.Services.UserService,
Current.Services.MemberTypeService,
Current.Services.EntityService,
Current.Services.ExternalLoginService,
membershipProvider,
UmbracoSettings.Content,
Current.Configs.Global());
// Configure custom password checker.
userManager.BackOfficeUserPasswordChecker = new BackofficeMembershipProviderPasswordChecker();
return(userManager);
});
}
/// <summary>
/// Configure the Identity user manager for use with Umbraco Back office
/// </summary>
/// <param name="app"></param>
protected override void ConfigureUmbracoUserManager(IAppBuilder app)
{
// Overload the following method to add a custom user-pass check
app.ConfigureUserManagerForUmbracoBackOffice <BackOfficeUserManager, BackOfficeIdentityUser>(
RuntimeState,
GlobalSettings,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = BackOfficeUserManager.Create(
options,
Services.UserService,
Services.MemberTypeService,
Services.EntityService,
Services.ExternalLoginService,
membershipProvider,
ContentSection, //content section config
GlobalSettings
);
userManager.BackOfficeUserPasswordChecker = new HybrideAuthenticator();
return(userManager);
});
}
/// <summary>
/// Configure user manager for use with Active Directory
/// </summary>
/// <param name="app"></param>
protected override void ConfigureUmbracoUserManager(IAppBuilder app)
{
var applicationContext = Umbraco.Core.Composing.Current.Services;
IGlobalSettings GlobalSettings = Umbraco.Core.Composing.Current.Configs.Global();
IUmbracoSettingsSection UmbracoSettings = Umbraco.Core.Composing.Current.Configs.Settings();
app.ConfigureUserManagerForUmbracoBackOffice <BackOfficeUserManager, BackOfficeIdentityUser>(Umbraco.Web.Composing.Current.RuntimeState, GlobalSettings,
(options, context) =>
{
var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var userManager = BackOfficeUserManager.Create(options,
applicationContext.UserService,
applicationContext.MemberTypeService,
applicationContext.EntityService,
applicationContext.ExternalLoginService,
membershipProvider,
Mapper,
UmbracoSettings.Content,
GlobalSettings);
userManager.BackOfficeUserPasswordChecker = new BackofficeMembershipProviderPasswordChecker();
return(userManager);
});
}
private bool IsValidRequest(HttpContext context)
{
// check for secure connection
if (GlobalSettings.UseSSL && !context.Request.IsSecureConnection)
{
throw new UserAuthorizationException("This installation requires a secure connection (via SSL). Please update the URL to include https://");
}
var username = context.Request["username"];
var password = context.Request["password"];
var ticket = context.Request["ticket"];
var isValid = false;
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
var mp = MembershipProviderExtensions.GetUsersMembershipProvider();
if (mp != null && mp.ValidateUser(username, password))
{
var user = new User(username);
isValid = user.Applications.Any(app => app.alias == Constants.Applications.Media);
if (isValid)
{
AuthenticatedUser = user;
}
}
}
else if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(ticket))
{
var t = FormsAuthentication.Decrypt(ticket);
var user = new User(username);
if (t != null)
{
isValid = user.LoginName.ToLower() == t.Name.ToLower() && user.Applications.Any(app => app.alias == Constants.Applications.Media);
}
if (isValid)
{
AuthenticatedUser = user;
}
}
else
{
var usr = User.GetCurrent();
if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID) && usr != null)
{
//The user is valid based on their cookies, but is the request valid? We need to validate
// against CSRF here. We'll do this by ensuring that the request contains a token which will
// be equal to the decrypted version of the current user's user context id.
var token = context.Request["__reqver"];
if (token.IsNullOrWhiteSpace() == false)
{
//try decrypting it
try
{
var decrypted = token.DecryptWithMachineKey();
//now check if it matches
if (decrypted == BasePage.umbracoUserContextID)
{
isValid = true;
AuthenticatedUser = usr;
}
}
catch
{
//couldn't decrypt, so it's invalid
}
}
}
}
return(isValid);
}
private static bool ValidateUser(string username, string password)
{
var provider = MembershipProviderExtensions.GetUsersMembershipProvider();
return(provider.ValidateUser(username, password));
}
private void CoreRuntime_UnattendedInstalled(IRuntime sender, UnattendedInstallEventArgs e)
{
var unattendedName = Environment.GetEnvironmentVariable("UnattendedUserName");
var unattendedEmail = Environment.GetEnvironmentVariable("UnattendedUserEmail");
var unattendedPassword = Environment.GetEnvironmentVariable("UnattendedUserPassword");
var fileExists = false;
var filePath = IOHelper.MapPath("~/App_Data/unattended.user.json");
// No values store in ENV vars - try fallback file of /app_data/unattended.user.json
if (unattendedName.IsNullOrWhiteSpace() ||
unattendedEmail.IsNullOrWhiteSpace() ||
unattendedPassword.IsNullOrWhiteSpace())
{
fileExists = File.Exists(filePath);
if (fileExists == false)
{
return;
}
// Attempt to deserialize JSON
try
{
var fileContents = File.ReadAllText(filePath);
var credentials = JsonConvert.DeserializeObject <UnattendedUserConfig>(fileContents);
unattendedName = credentials.Name;
unattendedEmail = credentials.Email;
unattendedPassword = credentials.Password;
}
catch (Exception ex)
{
throw;
}
}
// ENV Variables & JSON still empty
if (unattendedName.IsNullOrWhiteSpace() ||
unattendedEmail.IsNullOrWhiteSpace() ||
unattendedPassword.IsNullOrWhiteSpace())
{
return;
}
// Update user details
var currentProvider = MembershipProviderExtensions.GetUsersMembershipProvider();
var admin = Current.Services.UserService.GetUserById(Constants.Security.SuperUserId);
if (admin == null)
{
throw new InvalidOperationException("Could not find the super user!");
}
var membershipUser = currentProvider.GetUser(Constants.Security.SuperUserId, true);
if (membershipUser == null)
{
throw new InvalidOperationException($"No user found in membership provider with id of {Constants.Security.SuperUserId}.");
}
try
{
var success = membershipUser.ChangePassword("default", unattendedPassword.Trim());
if (success == false)
{
throw new FormatException("Password must be at least " + currentProvider.MinRequiredPasswordLength + " characters long and contain at least " + currentProvider.MinRequiredNonAlphanumericCharacters + " symbols");
}
}
catch (Exception)
{
throw new FormatException("Password must be at least " + currentProvider.MinRequiredPasswordLength + " characters long and contain at least " + currentProvider.MinRequiredNonAlphanumericCharacters + " symbols");
}
admin.Email = unattendedEmail.Trim();
admin.Name = unattendedName.Trim();
admin.Username = unattendedEmail.Trim();
Current.Services.UserService.Save(admin);
// Delete JSON file if it existed to tidy
if (fileExists)
{
File.Delete(filePath);
}
}