Any .NET Core Identity gurus ? Umbraco #help-with-other

Any .NET Core Identity gurus ?

huwred

04/11/2024, 3:17 PM

I have a non Umbraco site that uses the standard .NET core identity for logins etc. I want to be able to record the login date/time when users login, obviously this is pretty simple when they login using the login form, but if they tick the remember me to create a persistent login, how can i set the login date when they come back the next time?

Ian Robinson

04/11/2024, 5:32 PM

So do you mean they haven't logged in again when they come back next time? If so, because they haven't actually logged in again, perhaps what you need is to record every page visit? You could put some code into your master layout checking that if the user is logged in, record the user's visit date and time, perhaps their ip address and the page they visited? You could use serilog for this I imagine unless theirs another logging plugin already installed in your site?

Ian Robinson

04/11/2024, 5:33 PM

If you don't want to log every page visit this way, perhaps put in some logic to check if the last visit was less than 5, 10, or 60 minutes ago and only log it if a specific time period has elapsed?

huwred

04/11/2024, 5:51 PM

Yes, they don't need to login because I assume the Auth cookie is still valid, just wondered if there was a way to hook into whatever checks that to keep them authenticated rather than checking on every page hit which seems a bit overkill

huwred

04/11/2024, 6:06 PM

Looks like I could implement my own cookieauthhandler perhaps

Mike Chambers

04/11/2024, 9:59 PM

Are we talking members here? if so if you only wanted to check against protected content access.. you could replace the implementation of the

PublicAccessChecker

https://github.com/umbraco/Umbraco-CMS/blob/contrib/src/Umbraco.Web.Common/Security/PublicAccessChecker.cs Would you not have an issue though for separating out if this was the start of a new session with a successful auth ticket resolved from a cookie.. as opposed just to any request that is in due course getting a successful ticket? Also in my limited experience, rememberme -> is persistent is only setting a 14day expiration on the cookie, it's not actually a sliding expiration (with the security ramifications of that) I think https://docs.umbraco.com/umbraco-cms/v/12.latest/reference/configuration/securitysettings#keep-user-logged-in does actually set a sliding expiry for backoffice users though? https://github.com/umbraco/Umbraco-CMS/blob/contrib/src/Umbraco.Cms.Api.Management/Configuration/ConfigureBackOfficeCookieOptions.cs#L231

Mike Chambers

04/11/2024, 10:09 PM

There is also the

PublicAccessRequestHandler

where there is a manual call to

Copy code

// manually authenticate the request
                AuthenticateResult authResult =
                    await httpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme);

https://github.com/umbraco/Umbraco-CMS/blob/contrib/src/Umbraco.Web.Website/Routing/PublicAccessRequestHandler.cs#L76

huwred

04/12/2024, 6:44 AM

It's not an Umbraco site 🙂

Mike Chambers

04/12/2024, 8:35 AM

aaahhhhh, don't I look silly... 🙂

Mike Chambers

04/12/2024, 8:43 AM

https://andrewlock.net/exploring-the-cookieauthenticationmiddleware-in-asp-net-core/ might be of use?

huwred

04/12/2024, 9:15 AM

Thanks, will have a read of that 🙂

John Sharp

05/09/2024, 7:39 AM

I'd suggest looking at JWTs

31 Views

Previous Next