Table of Contents

Class AuthenticationController

Namespace
Umbraco.Cms.Web.BackOffice.Controllers
Assembly
Umbraco.Web.BackOffice.dll
public class AuthenticationController : UmbracoApiControllerBase
Inheritance
AuthenticationController

Constructors

AuthenticationController(IBackOfficeSecurityAccessor, IBackOfficeUserManager, IBackOfficeSignInManager, IUserService, ILocalizedTextService, IUmbracoMapper, IOptionsSnapshot<GlobalSettings>, IOptionsSnapshot<SecuritySettings>, ILogger<AuthenticationController>, IIpResolver, IOptionsSnapshot<UserPasswordConfigurationSettings>, IEmailSender, ISmsSender, IHostingEnvironment, LinkGenerator, IBackOfficeExternalLoginProviders, IBackOfficeTwoFactorOptions, IHttpContextAccessor, IOptions<WebRoutingSettings>, ITwoFactorLoginService) 

[ActivatorUtilitiesConstructor]
public AuthenticationController(IBackOfficeSecurityAccessor backofficeSecurityAccessor, IBackOfficeUserManager backOfficeUserManager, IBackOfficeSignInManager signInManager, IUserService userService, ILocalizedTextService textService, IUmbracoMapper umbracoMapper, IOptionsSnapshot<GlobalSettings> globalSettings, IOptionsSnapshot<SecuritySettings> securitySettings, ILogger<AuthenticationController> logger, IIpResolver ipResolver, IOptionsSnapshot<UserPasswordConfigurationSettings> passwordConfiguration, IEmailSender emailSender, ISmsSender smsSender, IHostingEnvironment hostingEnvironment, LinkGenerator linkGenerator, IBackOfficeExternalLoginProviders externalAuthenticationOptions, IBackOfficeTwoFactorOptions backOfficeTwoFactorOptions, IHttpContextAccessor httpContextAccessor, IOptions<WebRoutingSettings> webRoutingSettings, ITwoFactorLoginService twoFactorLoginService)

Parameters

backofficeSecurityAccessor IBackOfficeSecurityAccessor
backOfficeUserManager IBackOfficeUserManager
signInManager IBackOfficeSignInManager
userService IUserService
textService ILocalizedTextService
umbracoMapper IUmbracoMapper
globalSettings IOptionsSnapshot<GlobalSettings>
securitySettings IOptionsSnapshot<SecuritySettings>
logger ILogger<AuthenticationController>
ipResolver IIpResolver
passwordConfiguration IOptionsSnapshot<UserPasswordConfigurationSettings>
emailSender IEmailSender
smsSender ISmsSender
hostingEnvironment IHostingEnvironment
linkGenerator LinkGenerator
externalAuthenticationOptions IBackOfficeExternalLoginProviders
backOfficeTwoFactorOptions IBackOfficeTwoFactorOptions
httpContextAccessor IHttpContextAccessor
webRoutingSettings IOptions<WebRoutingSettings>
twoFactorLoginService ITwoFactorLoginService

Methods

Get2FAProviders()

Used to retrieve the 2FA providers for code submission

[SetAngularAntiForgeryTokens]
[AllowAnonymous]
public Task<ActionResult<IEnumerable<string>>> Get2FAProviders()

Returns

Task<ActionResult<IEnumerable<string>>>

GetCurrentInvitedUser()

When a user is invited they are not approved but we need to resolve the partially logged on (non approved) user.

[Authorize(Policy = "BackOfficeAccessWithoutApproval")]
[Authorize(Policy = "DenyLocalLoginIfConfigured")]
[SetAngularAntiForgeryTokens]
[AllowAnonymous]
public ActionResult<UserDetail?> GetCurrentInvitedUser()

Returns

ActionResult<UserDetail>

It returns a 403 error if the logged-in user has already been created.

Remarks

We cannot user GetCurrentUser since that requires they are approved, this is the same as GetCurrentUser but doesn't require them to be approved

GetCurrentUser()

Returns the currently logged in Umbraco user

[Authorize(Policy = "BackOfficeAccess")]
[SetAngularAntiForgeryTokens]
public UserDetail? GetCurrentUser()

Returns

UserDetail

Remarks

We have the attribute [SetAngularAntiForgeryTokens] applied because this method is called initially to determine if the user is valid before the login screen is displayed. The Auth cookie can be persisted for up to a day but the csrf cookies are only session cookies which means that the auth cookie could be valid but the csrf cookies are no longer there, in that case we need to re-set the csrf cookies.

GetPasswordConfig(int)

Returns the configuration for the backoffice user membership provider - used to configure the change password dialog

[AllowAnonymous]
[Authorize(Policy = "BackOfficeAccess")]
public IDictionary<string, object> GetPasswordConfig(int userId)

Parameters

userId int

Returns

IDictionary<string, object>

GetRemainingTimeoutSeconds() 

[HttpGet]
[AllowAnonymous]
public Task<double> GetRemainingTimeoutSeconds()

Returns

Task<double>

IsAuthenticated()

Checks if the current user's cookie is valid and if so returns OK or a 400 (BadRequest)

[HttpGet]
[AllowAnonymous]
public Task<bool> IsAuthenticated()

Returns

Task<bool>

PostLogin(LoginModel)

Logs a user in

[SetAngularAntiForgeryTokens]
[Authorize(Policy = "DenyLocalLoginIfConfigured")]
public Task<ActionResult<UserDetail?>> PostLogin(LoginModel loginModel)

Parameters

loginModel LoginModel

Returns

Task<ActionResult<UserDetail>>

PostLogout()

Logs the current user out

[ValidateAngularAntiForgeryToken]
[AllowAnonymous]
public Task<IActionResult> PostLogout()

Returns

Task<IActionResult>

PostRequestPasswordReset(RequestPasswordResetModel)

Processes a password reset request. Looks for a match on the provided email address and if found sends an email with a link to reset it

[SetAngularAntiForgeryTokens]
[Authorize(Policy = "DenyLocalLoginIfConfigured")]
public Task<IActionResult> PostRequestPasswordReset(RequestPasswordResetModel model)

Parameters

model RequestPasswordResetModel

Returns

Task<IActionResult>

PostSend2FACode(string) 

[SetAngularAntiForgeryTokens]
[AllowAnonymous]
public Task<IActionResult> PostSend2FACode(string provider)

Parameters

provider string

Returns

Task<IActionResult>

PostSetInvitedUserPassword(InvitePasswordModel)

When a user is invited and they click on the invitation link, they will be partially logged in where they can set their username/password.

[Authorize(Policy = "BackOfficeAccessWithoutApproval")]
[Authorize(Policy = "DenyLocalLoginIfConfigured")]
[SetAngularAntiForgeryTokens]
[AllowAnonymous]
public Task<ActionResult<UserDetail?>> PostSetInvitedUserPassword(InvitePasswordModel invitePasswordModel)

Parameters

invitePasswordModel InvitePasswordModel

The model for the new password.

Returns

Task<ActionResult<UserDetail>>

The user model for the invited user.

Remarks

This only works when the user is logged in (partially).

PostSetPassword(SetPasswordModel)

Processes a set password request. Validates the request and sets a new password.

[SetAngularAntiForgeryTokens]
[AllowAnonymous]
public Task<IActionResult> PostSetPassword(SetPasswordModel model)

Parameters

model SetPasswordModel

Returns

Task<IActionResult>

PostUnLinkLogin(UnLinkLoginModel) 

[Authorize(Policy = "BackOfficeAccess")]
[ValidateAngularAntiForgeryToken]
public Task<IActionResult> PostUnLinkLogin(UnLinkLoginModel unlinkLoginModel)

Parameters

unlinkLoginModel UnLinkLoginModel

Returns

Task<IActionResult>

PostVerify2FACode(Verify2FACodeModel) 

[SetAngularAntiForgeryTokens]
[AllowAnonymous]
public Task<ActionResult<UserDetail?>> PostVerify2FACode(Verify2FACodeModel model)

Parameters

model Verify2FACodeModel

Returns

Task<ActionResult<UserDetail>>

PostVerifyInvite(int, string)

Checks if a valid token is specified for an invited user and if so logs the user in and returns the user object

[ValidateAngularAntiForgeryToken]
[Authorize(Policy = "DenyLocalLoginIfConfigured")]
public Task<ActionResult<UserDisplay?>> PostVerifyInvite(int id, string token)

Parameters

id int
token string

Returns

Task<ActionResult<UserDisplay>>

Remarks

This will also update the security stamp for the user so it can only be used once