In short, I have created a custom membership provider and a custom member. This is using the "old" .NET membership provider system. Right now I can log in successfully, and the custom member is accepted by the system as well.
Note: Only methods implemented so far in the membership provider is "ValidateUser(name, pass)" and "GetUSer(username, isonline)"
The problem is, I cant get any info from the custom member. Nothing. Everything I have tried fails. I dont think it will even matter to list what I have tried, and Googling doesnt return anything that works. Its funny how I feel like the only person in the world who has a custom member, but obviously I cant be :/
I am using Umbraco 7.5.2 if it helps.
EDIT
Ok here is one of the things I have tried:
Membership.GetUser()
Apparently that doesnt work in MVC4+ and I am using MVC 5. I also tried casting it to my custom member type of course, but it's always null.
Also for current Umbraco guides they all apply to the built in member service in Umbraco 7 which is totally different than the old way of doing it.
I was under the impression that once a user was logged in, the information stored in the user/member object was readily available in the front end.
EDIT 2
I have the following solution but it is far from perfect. When getting the user that is currently logging in, before I return the custom membership user, I send the entire object to the session, and get information like this:
#if (Members.IsLoggedIn())
{
Site.Extensions.TripleAMembershipUser tmpUser = new Site.Extensions.TripleAMembershipUser();
if (Session["currentUser"] != null)
{
tmpUser = (Site.Extensions.TripleAMembershipUser)Session["currentUser"];
<div><h1>#tmpUser.someCustomString</h1></div>
}
}
Related
I cannot figure out why ASP.NET Identity does not work with my roles. I created a custom UserStore and a custom RoleStore. In my UserStore I implemented the IUserRoleStore interface, and I expected at least one of those methods to be called when ASP.NET determines if the user should be authorized to call a given endpoint, but none of the methods are getting hit.
I registered the services like this:
builder.Services.AddIdentity<User, ProReceptionRole>();
builder.Services.AddTransient<IUserStore<User>, UserStore>();
builder.Services.AddTransient<IRoleStore<ProReceptionRole>, RoleStore>();
I also tried registering the services using this variant (with and without the AddRoles part - and with different ordering of the extension methods):
builder.Services.AddIdentity<User, ProReceptionRole>()
.AddUserStore<UserStore>()
.AddRoleStore<RoleStore>()
.AddRoles<ProReceptionRole>();
When I add the [Authorize(Roles = "MyRole")] attribute to my controller class, then I get 403 Forbidden, even for users that have the given role.
I read through the documentation but I can't spot my problem. The only part that I am unsure about is that it says If you are using Roles, update the RoleManager to use your RoleStore class. - and I am assuming that this is done when I register my RoleStore, but maybe I have to do something extra?
Any pointers are greatly appreciated.
Thanks!
I am doing a basic read and write functionality to a IdentityServer4 application using .NET Core 2.0 and have come across an issue. When trying to load clients the ValidateAntiForgeryToken attribute seem to break my update.
I know that EF core does not support lazy loading so we are using an Unit Of Work pattern. I would create separate repositories for Client, ClientScopes, Secrets, etc. and grab the data for each. I will pass in a Func<> to allow filtering when grabbing ClientScopes etc. So a method call would look like this
ClientScopeResitory.GetAll(a => a.Client.Id == id)
which would then access the dbset like this
public IEnumerable GetAll(Func<T, object> predicate == null)
{
return predicate != null ? dbset.Where(predicate) : dbset
}
My issue is when loading the client in my read operation this works just fine. However when using the same code in my update where the ValidateAntiForgeryToken is present it breaks. What happens is in the creation of the repository during the read, the Clients are loaded in with the dbset. However, in the update, the clients are not. When the ValidateAntiForgery attribute is removed. The clients are loaded again and the update works fine. Anyone have any ideas what is going on. I can supply full code upon request. Thanks in advance.
Also, I apologies for any bad grammar or spelling, I wrote this in a hurry
Can anyone save some of my hair? :)
I'm trying to create an asp.net WEB API interface for an older CSLA (1.x/2.x era) project. I am testing by hard coding the login on every request in various ways (once in the startup code, as an authorization request filter, inside the individual route request etc etc). All the ways I tried work exactly once perfectly and then I get the infamous:
'Default principal object cannot be set twice.'
exception in BusinessPrincipal.vb (yeah I know it's very old, but it's released software, I can't upgrade CSLA)
I know that there is an issue where you need to set HttpContext.Current.User = Thread.CurrentPrincipal; due to some internal workings of the web API and I do that already, that has not resolved the issue.
I'd like to know if anyone has implemented a web api front end and how they handled this issue or any pointers as to what could be the solution.
Worst case scenario if I could at least just login once and keep that same principal without losing it I could implement a second layer of security, that woudld be acceptable, barring anything else is there some way to just login once and not lose that principal?
That BusinessPrincipal class would be in your code base, not in CSLA itself. The Csla.Security namespace does include a BusinessPrincipalBase that is probably the base class for your BusinessPrincipal.
Classes in that namespace are here in GitHub
It is true that you can only call AppDomain.SetPrincipalPolicy one time, but you should be able to set the Thread.CurrentPrincipal and HttpContext.Current.User multiple times.
I am writing an MVC 3 application and I am trying to implement my own custom membership provider (following the sample in Apress' Pro ASP.NET MVC 3 Framework).
I created my custom class, inherited from MembershipProvider and (using ReSharper) implemented all 27 of the methods with NotImplementedExceptions.
Now, I have overridden the ValidateUser method as the book states and it works fine, but I would like to make my provider more robust and implement the other methods (e.g. set MinRequiredPasswordLength and GetNumberOfUsersOnline).
Is there some sample code that I can use to start populating these methods that I can tweak to fit my own DB/Model schema?
I can certainly use trial and error to figure it out, but a base code sample would greatly help.
EDIT:
This question was just downvoted twice. If you are going to downvote, please post a comment as to why so that I can work on improving my questions.
EDIT 2:
For example, for the following method:
public override int GetNumberOfUsersOnline()
{
throw new System.NotImplementedException();
}
I can try to write code from scratch to look at some web log, determine the users login time and approximate if they are still on, but that will take a large amount of time for me to figure out. Since all this code is from the same interface that Microsoft wrote for the standard SqlMembershipProvider, isn't there code out there (even from MS) that contains this method? If so, I want take it, modify it so it uses my DB schema instead of the aspnetdb default schema. I would prefer to have some sort of base code to work from. I thought this would be a simple and fairly standard request, but perhaps not.
You can't use the default provider's code for your custom provider, that is why you are implementing a custom one, to tweak it according to your requirements, use your own db tables etc.
Take a look at my blog posts about custom membership, custom role providers and custom membership user. There is an example there of how you can use your own database to get/set membership information.
Here's a of sample implementation of custom MembershipProvider on MSDN.
http://msdn.microsoft.com/en-us/library/6tc47t75.aspx
I'm using a modified version of Felix Geisendörfer's SimpleAuth/SimpleAcl components that I've combined into a single Component, Simple_Authable.
I changed his startup() function to initialize() to not clutter the beforeFilter function in my app_controller.
One of the things that this component does is check who the active user is and if that user can't be found it either looks him up based on the primary User.id or uses 'guest'. Either way, the component uses $this->Controller->Session->write() to save the active user or guest information.
I'm also using Felix's Authsome plugin instead of the default CakePHP Auth component.
When I'm logging in, the active user is guest, obviously.
After I've submitted the form, the active user is still guest because the component's initialize() function is firing before everything else. Then, the Authsome plugin comes into play and validates my user as "root" and also calls $this->SimpleAuthable->setActiveUser($id, true); to force SimpleAuthable to update the active user information it is storing via $this->Controller->Session; Then I am redirected and my simple Session information and DebugKit's Session tab reflect that I am indeed the root user.
However, when I try to navigate to an 'admin' page, let's say /admin/users/index, lo and behold SimpleAuthable thinks I'm still a 'guest' user because when it performs a $this->Controller->Session->read() call to the key holding my user id, it is getting an empty response, i.e., the data stored on the previous page didn't persist.
Maybe there is something funky happening between Authsome & SimpleAuthable, but things look pretty straightforward and to my mind, $this->Controller->Session should be saving and persisting the data written to it.
So, I'm looking at refactoring all the calls to $this->Controller->Session and replacing them with $this->Session but first I wanted to throw this out to the community and see if anybody has seen anything similar and if so how did they resolve it.
Sincerely,
Christopher.
I found the problem... I'm also using Joshua McNeese's Permissionable plugin and I needed to disable it for the $this->Controller->{$this->userModel}->findById($id); in my SimpleAuthable component when I try to lookup the current active user.
Note to self: I would have caught this faster if I had some unit testing in place :(.