Disable user in code Umbraco #help-with-umbraco

Disable user in code

Domitnator

08/07/2024, 9:38 AM

Hi Everyone, My main goal is to disable the user when our customer disabled the user in the external identity provider (Azure B2C). We implemented this according the docs: https://docs.umbraco.com/umbraco-cms/v/10.latest-lts/reference/security/auto-linking. All works well (users are linked, roles are assigned). But how can i disable a user when the user in the identity provider is "disabled" (we have a seperate property in Azure B2C for this: IsUmbracoBackofficeUser)? I tried setting the user.IsApproved in the OnExternalLogin method

Copy code

OnExternalLogin = (user, loginInfo) =>
                {
                    // You can customize the member before it's saved whenever they have
                    // logged in with the external provider.
                    // i.e. Sync the member's name based on the Claims returned
                    // in the externalLogin info
                    user.IsApproved = false;
                    return true; //returns a boolean indicating if sign in should continue or not.
                }

but this doesnt seem to be saved to the database. Whenever i try to login again the user.IsApproved is true again. this DOES work in the OnAutoLinking method, but that method is only called the first time a user logins (and this does not exist in the umbraco database yet). Any ideas?

Mike Chambers

08/07/2024, 10:39 AM

Could you inject the

userService

and explicitly set in the

OnExternalLogin

Copy code

csharp
if  (userService.GetByProviderKey(user.Id) is IUser umbUser) {
    umbUser.IsApproved = true;
    userService.Save(umbUser);
}

or maybe inject

BackOfficeUserManager

and see if

userManager.SetLockoutEnabledAsync(user, true);

is mapped to isApproved? Also have you checked if other props.. like name/username is updated if changed in aadb2c for an existing linked user? Maybe it's a bug where

OnExternalLogin

is no longer persisting changes to the

BackOfficeIndentityUser

in your callback?

Mike Chambers

08/07/2024, 10:43 AM

not sure on the relationship.. but if you get

isApproved = false

from aadb2c then you'd maybe want to set

Copy code

csharp
user.IsApproved = false;
return false;

to stop the login? and also have you extended the claims returned from aadb2c to return the

IsUmbracoBackofficeUser

claim either with that name.. or mapped to the

IsApproved

though not sure if that claim would be auto picked up?? eg would have to do something like..

Copy code

csharp
private string DisplayName(ClaimsPrincipal claimsPrincipal, string defaultValue)
{
    var displayName = claimsPrincipal.FindFirstValue("name");            
    var strDisplayName =  string.IsNullOrWhiteSpace(displayName) ? defaultValue : displayName;

    _logger.LogInformation("AzureSSO :: Adding display name {_displayName} for {_user} ", strDisplayName, claimsPrincipal.Identity?.Name);

    return strDisplayName;
}

Domitnator

08/08/2024, 7:53 AM

@Mike Chambers Hi Mike! Thanks for you response. Injecting the userService and saving it explicity works! 👍 Funny thing, I was half way implementing this but i backed out because it felt like to much interfering with the login flow. But if there is no other option i might be the only way to do it. The claims mapping thing might work too but my case is more complicated then i wrote in this thread (just to keep things simple). For now i'll stick with the userService! Disabling the user is a scenario which does not occur a lot anyways.

15 Views

Previous Next