U4-8848 - Owin back office login - AuthenticationType in AuthentictionOptions overriden by Umbraco.Web.Security.Identity.ForUmbracoBackOffice()

Created by Frederik Raabye 12 Aug 2016, 08:28:01 Updated by Frederik Raabye 28 Feb 2018, 14:56:58

When creating an AD FS / WS-Federation provider for the Umbraco back office an AuthenticationType property of WsFederationAuthenticationOptions set in an object initializer is overwritten / prefixed with Constants.Security.BackOfficeExternalAuthenticationTypePrefix in AuthenticationOptions.ForUmbracoBackOffice(style, icon).

public static void ConfigureBackOfficeAdfsAuthentication( this IAppBuilder app, string caption = "AD FS", string style = "btn-microsoft", string icon = "fa-windows") { var adfsMetadataEndpoint = ConfigurationManager.AppSettings["AdfsMetadataEndpoint"]; var adfsRelyingParty = ConfigurationManager.AppSettings["AdfsRelyingParty"]; var adfsFederationServerIdentifier = ConfigurationManager.AppSettings["AdfsFederationServerIdentifier"];

        app.SetDefaultSignInAsAuthenticationType(Constants.Security.BackOfficeExternalAuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions() { });


        var wsFedOptions = new WsFederationAuthenticationOptions
        {
            Wtrealm = adfsRelyingParty,
            MetadataAddress = adfsMetadataEndpoint,                
            SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,                
            Caption = caption,
            AuthenticationType = adfsFederationServerIdentifier  // This property is overwritten by .ForUmbracoBackOffice() just below.
        };
        
        wsFedOptions.ForUmbracoBackOffice(style, icon);

        wsFedOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(true));

        app.UseWsFederationAuthentication(wsFedOptions);            
    }

{code:lang=csharp|title=This code works as expected, allowing federated login} public static void ConfigureBackOfficeAdfsAuthentication( this IAppBuilder app, string caption = "AD FS", string style = "btn-microsoft", string icon = "fa-windows") { var adfsMetadataEndpoint = ConfigurationManager.AppSettings["AdfsMetadataEndpoint"]; var adfsRelyingParty = ConfigurationManager.AppSettings["AdfsRelyingParty"]; var adfsFederationServerIdentifier = ConfigurationManager.AppSettings["AdfsFederationServerIdentifier"];

        app.SetDefaultSignInAsAuthenticationType(Constants.Security.BackOfficeExternalAuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions() { });


        var wsFedOptions = new WsFederationAuthenticationOptions
        {
            Wtrealm = adfsRelyingParty,
            MetadataAddress = adfsMetadataEndpoint,                
            SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,                
            Caption = caption                
        };
        
        wsFedOptions.ForUmbracoBackOffice(style, icon);

        // This needs to be set after wsFedOptions.ForUmbracoBackOffice. Otherwise, it is overwritten.
        wsFedOptions.AuthenticationType = adfsFederationServerIdentifier;

        wsFedOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(true));

        app.UseWsFederationAuthentication(wsFedOptions);            
    }

I don't know if this is a bug per se or specific to WS-Federation?

Comments

Shannon Deminick 12 Aug 2016, 12:00:10

It's not a bug, things just need to be done in the right order currently. We can create an overload for ForUmbracoBackOffice to support different scenarios.


Shannon Deminick 28 Feb 2018, 00:04:02

It would be super wonderful to add some docs and update the UmbracoIdentityExtensions with a new package for this

@Frederik.Raabye Any chance you'd be able to contribute these?


Frederik Raabye 28 Feb 2018, 14:56:58

@Shandem No promises currently, but I have been considering it for some time. I'll get in touch with you in advance if I get around to it.


Priority: Normal

Type: Bug

State: Open

Assignee:

Difficulty: Normal

Category: Extensibility

Backwards Compatible: True

Fix Submitted:

Affected versions: 7.4.3

Due in version:

Sprint:

Story Points:

Cycle: