https://discord.umbraco.com logo
Join Discord
Powered by
Hangfire Auth
# hacktoberfest
w
@Sebastiaan registered hangifre on a different path that is not /umbraco prefix so just /hangfire or /seb
Wonder if C# does magic stuff due to the route of /umbraco/
s
I am taking advantage of the magic, so a different route will just give me the same access denied error
I could of course add additional auth but that defeats the whole purpose
w
Yeh I am just curious if you could get it to work with Umbraco auth stuff still but just not on the /umbraco route
So do you have an 
IDashboardAuthorizationFilter
that you wire up when setting up Hangfire ?
s
No I am [creating a policy](https://github.com/nul800sebastiaan/Cultiv.Hangfire/blob/bellissima/Cultiv.Hangfire/UmbracoBuilderExtensions.cs#L26), a policy that works - On Umbraco 13 everywhere - On Umbraco 14 with regular username password - On Umbraco 14 cloned from the Cloud site locally, logging in with Umbraco Id A policy that returns null and does not work: - On Umbraco 14 when running on a Cloud server 
IDashboardAuthorizationFilter
did not work (it's 6 months ago I tried, so no idea why, I just remember it could not work).
w
OK as the docs mention order is important. Wonder if Umbraco Cloud stuff registgered after and thus claim not there perhaps (wild guess)
s
But it doesn't make sense that it works locally then 🤷‍♂️
w
As probably not run locally, and may be added at sever runtime in the cloud perhaps?!
Can you get a razor view @inject the auth stuff and verify your claim passes/validates whilst on cloud
If it works in the razor page then my gut would be to do with order, again this is speculative
s
I tried, I can't get any of the auth stuff in the frontend or in an API Controller
I think it's because the new backoffice elements all just request their auth from the 
UMB_AUTH_CONTEXT
and I don't know how I could get that context from C# code.
w
Just on lunch atm might have a pointer
Copy code
csharp
using Asp.Versioning;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Core.Models.Membership;
using Umbraco.Cms.Core.Security;

namespace Hello.Extensions.Controllers
{
    [ApiVersion("1.0")]
    [ApiExplorerSettings(GroupName = "Examples")]
    public class ExampleApiController : ExampleControllerBase
    {
        private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;

        public ExampleApiController(IBackOfficeSecurityAccessor backOfficeSecurityAccessor)
        {
            _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
        }

        [HttpGet("Ping")]
        [ProducesResponseType<string>(StatusCodes.Status200OK)]
        public string Ping() => "Pong";

        [HttpGet("WhatsTheTimeMrWolf")]
        [ProducesResponseType(typeof(DateTime), 200)]
        public DateTime WhatsTheTimeMrWolf() => DateTime.Now;

        [HttpGet("WhatsMyName")]
        [ProducesResponseType<string>(StatusCodes.Status200OK)]
        public string WhatsMyName()
        {
            // So we can see a long request from the dashboard with the spinning button
            Thread.Sleep(2000);

            var currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
            return currentUser?.Name ?? "I have no idea who you are";
        }

        [HttpGet("WhoAmI")]
        [ProducesResponseType<IUser>(StatusCodes.Status200OK)]
        public IUser? WhoAmI() => _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
    }
}
That of any help at all mate?
IBackOfficeSecurityAccessor
s
w
Logged in and Auth'd ?
As in from the swagger page
s
Of course, but the backoffice login no longer automatically applies to the whole site
w
You ask for a token from OpenID auth flow and thats what is sent with the request to see who you are
s
ah sure, wasn't logged in on swagger
w
So there is an Authorisation header that will be sent in the HTTP request, something like Authorisation: Bearer someMagicToken
s
w
Interesting this on local or you cowboy deployed this to cloud already ?
Also got a 'friendlyt name' set for the user ?
Does the 
WhoAmI
return a rich object at all?
s
no just local.. name is set for the user, but it's an UmbracoId user
w
So means 
backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser
is null in that scenario ?! Weird
I havent tried with a cloud site/umbraco ID
I would have thought that worked 🤔
Then for now I am outta ideas matey
s
I get the same result on a clean install of just a v14 site by the way! it will work on v13, I am sure.
Also have no more ideas 😅
w
I have that API working in a V15 site but its not tied upto cloud/umbraco.id
I reckon you would have similar issues if your main login was with say Google, or Azure AD/Entra
s
you might need to send me 
ExampleControllerBase
I changed it to 
ControllerBase
w
Copy code
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Api.Common.Attributes;
using Umbraco.Cms.Web.Common.Authorization;
using Umbraco.Cms.Web.Common.Routing;

namespace Hello.Extensions.Controllers
{
    [ApiController]
    [BackOfficeRoute("example/api/v{version:apiVersion}")]
    [Authorize(Policy = AuthorizationPolicies.SectionAccessContent)]
    [MapToApi(Constants.ApiName)]
    public class ExampleControllerBase : ControllerBase
    {
    }
}
s
that might help 😅 😂
w
Surprised it even showed up for you in swagger ?!
s
Constants.ApiName is..?
w
"example"
⬆️ Composer to register API to a new OpenAPI spec/doc
s
w
OK progress 🙂
Be interested if you deploy to cloud & login with native cloud login if API still happy or not
s
swagger doesn't work in production mode does it 😅 🙈
w
Set an env flag ?
Or flick the switch in the portal UI to turn on debug mode (is that still a thing?)
s
Not going to help, the project gets compiled in release mode and that's when swagger gets disabled. Not control over that, the dlls have already been built 😢
w
ah thought it was runtime and based on debug mode
s
don't know how it's determined but the build runs before any environment values take effect.. so I should build an anon api controller, or do proper validation somehow
w
Determined based on the environment name not being production
and thats set with an Env Variable
ASPNETCORE_ENVIRONMENT=Development
Can these be set from Umbraco portal these days ?!
s
might be able to force it with a web.config, trying now
w
I thought there was an AppSettings in the portal ?!
Think your gonna need Kenn or Bjarke and/or cloud team crew to give you some pointers now :S
s
lol.. there's a forced config transform on the server that sets it to production 🤦‍♂️
w
hahah well no hacking the planet then 😛
s
yeah I know, but as this is my hobby project, I am trying not to bother them with it.. 🙂
w
Only thing I can think of next is to @inject in a razor template and see if you can get logged in user etc
So you dont need to depend on C# Controller & Swagger to test your theorys
s
w
hmmm decorate it with your policy ?! 
[Authorize(Policy = AuthorizationPolicies.SectionAccessContent)]
And then perhaps look at User prop from the base class which is coming from Microsoft base classes eventually
Copy code
var anything = this.User;
Or 
var anything = this.HttpContext.GetCurrentIdentity();
Again I am shooting in the blind here
var anything = this.HttpContext.User.GetUmbracoIdentity();
s
yeah it completely skips invoking this endpoint if I do that, not being hit in the debugger at all
w
Drop the attribute and see what is in User, HttpContext or similar ?!
Would perhaps look at preview stuff in V14+ as they have to have the logged in backofficer user to do the preview surely
s
hmm yeah, not sure how previews work, good call
w
HttpContext.User null ?
Must be a way to get the auth on the FE
s
Copy code
csharp
[ApiController]
[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]
[Authorize(Policy = AuthorizationPolicies.UmbracoFeatureEnabled)]
[MapToApi(ManagementApiConfiguration.ApiName)]
[JsonOptionsName(Constants.JsonOptionsNames.BackOffice)]
[AppendEventMessages]
[Produces("application/json")]
public abstract class ManagementApiControllerBase : Controller, IUmbracoFeature
Probably MapToApi helps, and I have no ManagementApi for hangfire. Anyway, this must be a total dead end, there's no way I can add any of this to the Hangfire options. Sorry for wasting your time!
w
Well was fun to poke about matey - good luck and hope you solve it
21 Views
PreviousNext
Powered by