Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Roeland Hermans 2 posts 22 karma points
    Feb 02, 2017 @ 16:11
    Roeland Hermans
    0

    Preview not working when using custom Startup file with app.UseOAuthBearerAuthentication

    Hello everyone,

    I'm working on a project where we use OAuth bearer authentication to secure some of the web APIs.

    Everything works fine, except for the preview in Umbraco. The startup class looks like this:

    [assembly: OwinStartup(typeof(Site.Owin.Startup))]
namespace Site.Owin
{
    public class Startup : UmbracoDefaultOwinStartup
    {
        public override void Configuration(IAppBuilder app)
        {
            base.Configuration(app);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
        }
    }
}

    The web.config app setting looks like this:

    <add key="owin:appStartup" value="Site.Owin.Startup" />

    As soon as I remove app.UseOAuthBearerAuthentication the preview works again. Any ideas on this?

    Copy Link
  • Jeroen Breuer 4861 posts 12138 karma points MVP 3x admin c-trib
    Feb 03, 2017 @ 08:18
    Jeroen Breuer
    0

    A bit more info about this issue from my colleague. I debugged the Umbraco source code and I discovered that UmbracoContext.Current.InPreviewMode always returns false. Even after pressing the preview button.

    In the DetectInPreviewModeFromRequest method Security.CurrentUser returns null. Going a few methods deeper the problem is in the AuthenticationExtensions.cs GetCurrentIdentity method.

    The problem lies in this code:

    //Check if there's more than one identity assigned and see if it's a UmbracoBackOfficeIdentity and use that
var claimsPrincipal = http.User as ClaimsPrincipal;
if (claimsPrincipal != null)
{
    backOfficeIdentity = claimsPrincipal.Identities.OfType<UmbracoBackOfficeIdentity>().FirstOrDefault();
    if (backOfficeIdentity != null) return backOfficeIdentity;

    When I debug this code with <add key="owin:appStartup" value="UmbracoDefaultOwinStartup" /> in the web.config claimsPrincipal.Identities has 2 items:

    [0] = {System.Security.Principal.GenericIdentity}
[1] = {Umbraco.Core.Security.UmbracoBackOfficeIdentity}

    When I debug with <add key="owin:appStartup" value="Site.Owin.Startup" /> in the web.config claimsPrincipal.Identities only has 1 item:

    [0] = {System.Security.Principal.GenericIdentity}

    So somehow when we use our own OwinStartup with app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); we're missing Umbraco.Core.Security.UmbracoBackOfficeIdentity. We need this code for token based authentication.

    Do we need to configure something extra to get the correct backoffice identity?

    Jeroen

    Copy Link
  • Jeroen Breuer 4861 posts 12138 karma points MVP 3x admin c-trib
    Feb 03, 2017 @ 10:42
    Jeroen Breuer
    100

    If was fixed by doing the same thing as in this topic: https://our.umbraco.org/forum/extending-umbraco-and-using-the-api/80088-preview-with-custom-backoffice-authentication

    This is the code now:

    [assembly: OwinStartup(typeof(Site.Owin.Startup))]
namespace Site.Owin
{
    public class Startup : UmbracoDefaultOwinStartup
    {
        public override void Configuration(IAppBuilder app)
        {
            base.Configuration(app);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

            // We need to set these values again after our custom changes. Otherwise preview doesn't work.
            app.UseUmbracoBackOfficeCookieAuthentication(this.ApplicationContext)
                .UseUmbracoBackOfficeExternalCookieAuthentication(this.ApplicationContext)
                .UseUmbracoPreviewAuthentication(this.ApplicationContext);
        }
    }
}

    We thought we didn't need to set those values because they we're already being set in base.Configuration(app);, but they need to be set again after we made some changes to IAppBuilder.

    Jeroen

    Copy Link
  • Shannon Deminick 1510 posts 5195 karma points hq
    Feb 06, 2017 @ 01:46
    Shannon Deminick
    1

    If you have a look at the source there are better methods to override for what you need: https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/UmbracoDefaultOwinStartup.cs

    override ConfigureMiddleware for dealing with middleware, override ConfigureServices for configuring services for the OWIN context

    You must also make sure you call everything including .FinalizeMiddlewareConfiguration();

    Copy Link
  • Jeroen Breuer 4861 posts 12138 karma points MVP 3x admin c-trib
    Feb 06, 2017 @ 10:32
    Jeroen Breuer
    1

    Thank Shannon,

    It's now solved like this:

    protected override void ConfigureMiddleware(IAppBuilder app)
{
    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());    
    base.ConfigureMiddleware(app);
}

    Jeroen

    Copy Link
  • Roeland Hermans 2 posts 22 karma points
    Feb 06, 2017 @ 07:44
    Roeland Hermans
    0

    Thank you for providing this information!

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies