Search Results for

    Show / Hide Table of Contents
    View Source

    Class AuthenticationController

    Inheritance
    System.Object
    Microsoft.AspNetCore.Mvc.ControllerBase
    UmbracoApiControllerBase
    Namespace: Umbraco.Cms.Web.BackOffice.Controllers
    Assembly: Umbraco.Web.BackOffice.dll
    Syntax
    [AngularJsonOnlyConfiguration]
    public class AuthenticationController : UmbracoApiControllerBase

    Constructors

    View Source

    AuthenticationController(IBackOfficeSecurityAccessor, IBackOfficeUserManager, IBackOfficeSignInManager, IUserService, ILocalizedTextService, IUmbracoMapper, IOptionsSnapshot<GlobalSettings>, IOptionsSnapshot<SecuritySettings>, ILogger<AuthenticationController>, IIpResolver, IOptionsSnapshot<UserPasswordConfigurationSettings>, IEmailSender, ISmsSender, IHostingEnvironment, LinkGenerator, IBackOfficeExternalLoginProviders, IBackOfficeTwoFactorOptions, IHttpContextAccessor, IOptions<WebRoutingSettings>, ITwoFactorLoginService)

    Declaration
    [ActivatorUtilitiesConstructor]
    public AuthenticationController(IBackOfficeSecurityAccessor backofficeSecurityAccessor, IBackOfficeUserManager backOfficeUserManager, IBackOfficeSignInManager signInManager, IUserService userService, ILocalizedTextService textService, IUmbracoMapper umbracoMapper, IOptionsSnapshot<GlobalSettings> globalSettings, IOptionsSnapshot<SecuritySettings> securitySettings, ILogger<AuthenticationController> logger, IIpResolver ipResolver, IOptionsSnapshot<UserPasswordConfigurationSettings> passwordConfiguration, IEmailSender emailSender, ISmsSender smsSender, IHostingEnvironment hostingEnvironment, LinkGenerator linkGenerator, IBackOfficeExternalLoginProviders externalAuthenticationOptions, IBackOfficeTwoFactorOptions backOfficeTwoFactorOptions, IHttpContextAccessor httpContextAccessor, IOptions<WebRoutingSettings> webRoutingSettings, ITwoFactorLoginService twoFactorLoginService)
    Parameters
    Type Name Description
    IBackOfficeSecurityAccessor backofficeSecurityAccessor
    IBackOfficeUserManager backOfficeUserManager
    IBackOfficeSignInManager signInManager
    IUserService userService
    ILocalizedTextService textService
    IUmbracoMapper umbracoMapper
    Microsoft.Extensions.Options.IOptionsSnapshot<GlobalSettings> globalSettings
    Microsoft.Extensions.Options.IOptionsSnapshot<SecuritySettings> securitySettings
    Microsoft.Extensions.Logging.ILogger<AuthenticationController> logger
    IIpResolver ipResolver
    Microsoft.Extensions.Options.IOptionsSnapshot<UserPasswordConfigurationSettings> passwordConfiguration
    IEmailSender emailSender
    ISmsSender smsSender
    IHostingEnvironment hostingEnvironment
    Microsoft.AspNetCore.Routing.LinkGenerator linkGenerator
    IBackOfficeExternalLoginProviders externalAuthenticationOptions
    IBackOfficeTwoFactorOptions backOfficeTwoFactorOptions
    Microsoft.AspNetCore.Http.IHttpContextAccessor httpContextAccessor
    Microsoft.Extensions.Options.IOptions<WebRoutingSettings> webRoutingSettings
    ITwoFactorLoginService twoFactorLoginService

    Methods

    View Source

    Get2FAProviders()

    Used to retrieve the 2FA providers for code submission

    Declaration
    [SetAngularAntiForgeryTokens]
    [AllowAnonymous]
    public async Task<ActionResult<IEnumerable<string>>> Get2FAProviders()
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.ActionResult<IEnumerable<System.String>>>
    View Source

    GetCurrentInvitedUser()

    When a user is invited they are not approved but we need to resolve the partially logged on (non approved) user.

    Declaration
    [Authorize(Policy = "BackOfficeAccessWithoutApproval")]
    [SetAngularAntiForgeryTokens]
    [Authorize(Policy = "DenyLocalLoginIfConfigured")]
    public ActionResult<UserDetail?> GetCurrentInvitedUser()
    Returns
    Type Description
    Microsoft.AspNetCore.Mvc.ActionResult<System.Nullable<UserDetail>>
    Remarks

    We cannot user GetCurrentUser since that requires they are approved, this is the same as GetCurrentUser but doesn't require them to be approved

    View Source

    GetCurrentUser()

    Returns the currently logged in Umbraco user

    Declaration
    [Authorize(Policy = "BackOfficeAccess")]
    [SetAngularAntiForgeryTokens]
    public UserDetail? GetCurrentUser()
    Returns
    Type Description
    System.Nullable<UserDetail>
    Remarks

    We have the attribute [SetAngularAntiForgeryTokens] applied because this method is called initially to determine if the user is valid before the login screen is displayed. The Auth cookie can be persisted for up to a day but the csrf cookies are only session cookies which means that the auth cookie could be valid but the csrf cookies are no longer there, in that case we need to re-set the csrf cookies.

    View Source

    GetPasswordConfig(Int32)

    Returns the configuration for the backoffice user membership provider - used to configure the change password dialog

    Declaration
    [AllowAnonymous]
    [Authorize(Policy = "BackOfficeAccess")]
    public IDictionary<string, object> GetPasswordConfig(int userId)
    Parameters
    Type Name Description
    System.Int32 userId
    Returns
    Type Description
    IDictionary<System.String, System.Object>
    View Source

    GetRemainingTimeoutSeconds()

    Declaration
    [HttpGet]
    [AllowAnonymous]
    public async Task<double> GetRemainingTimeoutSeconds()
    Returns
    Type Description
    Task<System.Double>
    View Source

    IsAuthenticated()

    Checks if the current user's cookie is valid and if so returns OK or a 400 (BadRequest)

    Declaration
    [HttpGet]
    [AllowAnonymous]
    public async Task<bool> IsAuthenticated()
    Returns
    Type Description
    Task<System.Boolean>
    View Source

    PostLogin(LoginModel)

    Logs a user in

    Declaration
    [SetAngularAntiForgeryTokens]
    [Authorize(Policy = "DenyLocalLoginIfConfigured")]
    public async Task<ActionResult<UserDetail?>> PostLogin(LoginModel loginModel)
    Parameters
    Type Name Description
    LoginModel loginModel
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.ActionResult<System.Nullable<UserDetail>>>
    View Source

    PostLogout()

    Logs the current user out

    Declaration
    [ValidateAngularAntiForgeryToken]
    [AllowAnonymous]
    public async Task<IActionResult> PostLogout()
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.IActionResult>
    View Source

    PostRequestPasswordReset(RequestPasswordResetModel)

    Processes a password reset request. Looks for a match on the provided email address and if found sends an email with a link to reset it

    Declaration
    [SetAngularAntiForgeryTokens]
    [Authorize(Policy = "DenyLocalLoginIfConfigured")]
    public async Task<IActionResult> PostRequestPasswordReset(RequestPasswordResetModel model)
    Parameters
    Type Name Description
    RequestPasswordResetModel model
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.IActionResult>
    View Source

    PostSend2FACode(String)

    Declaration
    [SetAngularAntiForgeryTokens]
    [AllowAnonymous]
    public async Task<IActionResult> PostSend2FACode([FromBody] string provider)
    Parameters
    Type Name Description
    System.String provider
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.IActionResult>
    View Source

    PostSetPassword(SetPasswordModel)

    Processes a set password request. Validates the request and sets a new password.

    Declaration
    [SetAngularAntiForgeryTokens]
    [AllowAnonymous]
    public async Task<IActionResult> PostSetPassword(SetPasswordModel model)
    Parameters
    Type Name Description
    SetPasswordModel model
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.IActionResult>
    View Source

    PostUnLinkLogin(UnLinkLoginModel)

    Declaration
    [Authorize(Policy = "BackOfficeAccess")]
    [ValidateAngularAntiForgeryToken]
    public async Task<IActionResult> PostUnLinkLogin(UnLinkLoginModel unlinkLoginModel)
    Parameters
    Type Name Description
    UnLinkLoginModel unlinkLoginModel
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.IActionResult>
    View Source

    PostVerify2FACode(Verify2FACodeModel)

    Declaration
    [SetAngularAntiForgeryTokens]
    [AllowAnonymous]
    public async Task<ActionResult<UserDetail?>> PostVerify2FACode(Verify2FACodeModel model)
    Parameters
    Type Name Description
    Verify2FACodeModel model
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.ActionResult<System.Nullable<UserDetail>>>
    View Source

    PostVerifyInvite(Int32, String)

    Checks if a valid token is specified for an invited user and if so logs the user in and returns the user object

    Declaration
    [ValidateAngularAntiForgeryToken]
    [Authorize(Policy = "DenyLocalLoginIfConfigured")]
    public async Task<ActionResult<UserDisplay?>> PostVerifyInvite([FromQuery] int id, [FromQuery] string token)
    Parameters
    Type Name Description
    System.Int32 id
    System.String token
    Returns
    Type Description
    Task<Microsoft.AspNetCore.Mvc.ActionResult<System.Nullable<UserDisplay>>>
    Remarks

    This will also update the security stamp for the user so it can only be used once

    • Improve this Doc
    • View Source
    In This Article
    • Constructors
      • AuthenticationController(IBackOfficeSecurityAccessor, IBackOfficeUserManager, IBackOfficeSignInManager, IUserService, ILocalizedTextService, IUmbracoMapper, IOptionsSnapshot<GlobalSettings>, IOptionsSnapshot<SecuritySettings>, ILogger<AuthenticationController>, IIpResolver, IOptionsSnapshot<UserPasswordConfigurationSettings>, IEmailSender, ISmsSender, IHostingEnvironment, LinkGenerator, IBackOfficeExternalLoginProviders, IBackOfficeTwoFactorOptions, IHttpContextAccessor, IOptions<WebRoutingSettings>, ITwoFactorLoginService)
    • Methods
      • Get2FAProviders()
      • GetCurrentInvitedUser()
      • GetCurrentUser()
      • GetPasswordConfig(Int32)
      • GetRemainingTimeoutSeconds()
      • IsAuthenticated()
      • PostLogin(LoginModel)
      • PostLogout()
      • PostRequestPasswordReset(RequestPasswordResetModel)
      • PostSend2FACode(String)
      • PostSetPassword(SetPasswordModel)
      • PostUnLinkLogin(UnLinkLoginModel)
      • PostVerify2FACode(Verify2FACodeModel)
      • PostVerifyInvite(Int32, String)
    Back to top Copyright © 2016-present Umbraco
    Generated by DocFX