View Source

Class BasicAuthLoginController

Provides a standalone server-rendered login page for basic authentication when the backoffice SPA is not available (frontend-only deployments).

Inheritance

object

ControllerBase

Controller

Namespace: Umbraco.Cms.Web.Website.Controllers

Assembly: Umbraco.Web.Website.dll

Syntax

[AllowAnonymous]
public class BasicAuthLoginController : Controller

Remarks

This controller is used by BasicAuthenticationMiddleware when RedirectToLoginPage is enabled. It supports username/password login and two-factor authentication via IBackOfficeSignInManager. Dependencies are resolved from request services rather than constructor injection so that the controller can be activated even when AddBackOfficeSignIn() has not been called. All actions return 404 when basic authentication is not enabled, preventing the login endpoint from being used as a backdoor sign-in mechanism.

Constructors

BasicAuthLoginController(IOptions<BasicAuthSettings>)

Initializes a new instance of the BasicAuthLoginController class.

Declaration

public BasicAuthLoginController(IOptions<BasicAuthSettings> basicAuthSettings)

Parameters

Type	Name	Description
IOptions<BasicAuthSettings>	basicAuthSettings	The basic authentication settings.

Methods

ExternalLogin(string, string?)

Initiates an external login challenge (e.g. Google, Microsoft) by redirecting to the provider.

Declaration

[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult ExternalLogin(string provider, string? returnPath)

Parameters

Type	Name	Description
string	provider	The external authentication provider name.
string	returnPath	The local URL to redirect to after successful login.

Returns

Type	Description
IActionResult	A challenge result that redirects to the external provider, or 404 if basic auth is disabled.

ExternalLoginCallback(string?)

Handles the callback from an external login provider after authentication.

Declaration

[HttpGet]
public Task<IActionResult> ExternalLoginCallback(string? returnPath)

Parameters

Type	Name	Description
string	returnPath	The local URL to redirect to after successful login.

Returns

Type	Description
Task<IActionResult>	A redirect on success, or the login view with an error message on failure.

Login(string?)

Renders the login form.

Declaration

[HttpGet]
public Task<IActionResult> Login(string? returnPath)

Parameters

Type	Name	Description
string	returnPath	The local URL to redirect to after successful login.

Returns

Type	Description
Task<IActionResult>	The login view, or 404 if basic auth is not enabled.

Login(string?, string?, string?)

Processes a username/password login attempt.

Declaration

[HttpPost]
[ValidateAntiForgeryToken]
public Task<IActionResult> Login(string? username, string? password, string? returnPath)

Parameters

Type	Name	Description
string	username	The backoffice username.
string	password	The backoffice password.
string	returnPath	The local URL to redirect to after successful login.

Returns

Type	Description
Task<IActionResult>	A redirect on success, or the login view with an error message on failure.

TwoFactor(string?)

Renders the two-factor authentication code entry form.

Declaration

[HttpGet]
public Task<IActionResult> TwoFactor(string? returnPath)

Parameters

Type	Name	Description
string	returnPath	The local URL to redirect to after successful verification.

Returns

Type	Description
Task<IActionResult>	The 2FA view, or a redirect to login if no user is in the 2FA flow.

TwoFactor(string?, string?, string?)

Processes a two-factor authentication code submission.

Declaration

[HttpPost]
[ValidateAntiForgeryToken]
public Task<IActionResult> TwoFactor(string? provider, string? code, string? returnPath)

Parameters

Type	Name	Description
string	provider	The 2FA provider name (e.g. "UmbracoUserAppAuthenticator").
string	code	The verification code from the authenticator app.
string	returnPath	The local URL to redirect to after successful verification.

Returns

Type	Description
Task<IActionResult>	A redirect on success, or the 2FA view with an error message on failure.