0

Im new to umbraco and currently faced with below issue.

I have a requirement to validate for the existence of umbraco backoffice users (users in umbracoUser table) inside a SurfaceController by using a user entered username and a password, and this is what I have done so far.

var result = new Umbraco.Web.Security.Providers.UsersMembershipProvider().ValidateUser(username, password);

When I used the above statement to validate with existing username and a correct password, it always returns false and locks the user by setting a DateTime value to lastLockoutDate column and userNoConsole = 1 in umbracoUser table.

Looked into below post as well, but it did not help.

https://our.umbraco.com/forum/umbraco-cloud/76499-umbraco-7-user-login-backoffice-programmatically

Any guidance on how to validate the existence of back office users programmatically would be a big help.

Andronicus
  • 25,419
  • 17
  • 47
  • 88
BUDDHIKA
  • 306
  • 2
  • 8
  • 23
  • Do you want to simply check if a user exists? Or do you want to automatically log the user in? – Mark Aug 08 '18 at 12:23
  • I found a workaround to check if the user exists or not, but is it possible to automatically log a back-office user programmaticaly? – BUDDHIKA Aug 08 '18 at 19:04

1 Answers1

0

I found a way to validate the back office users successfully, via the below code.

In the Web.config, I found back office membership provider information.

<add name="UsersMembershipProvider"
             type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" 
             minRequiredNonalphanumericCharacters="0" 
             minRequiredPasswordLength="10" 
             useLegacyEncoding="false" 
             enablePasswordRetrieval="false" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="false" 
             passwordFormat="Hashed" 
             allowManuallyChangingPassword="false" />

So, I used membership providers name and did the below to validate backoffice users,

public bool ValidateUser(string username, string password)
        {
            try
            {

                var provider = Membership.Providers["UsersMembershipProvider"];     // from web.config 

                if (provider != null)
                {                                           
                    var validUser = provider.ValidateUser(username, password)
                        ? Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials)
                        : Task.FromResult(BackOfficeUserPasswordCheckerResult.InvalidCredentials);
                    return validUser.Result == BackOfficeUserPasswordCheckerResult.ValidCredentials;
                }
                return false;
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
                throw;
            }
        }

The above validates the backoffice users returns true if they exist.

BUDDHIKA
  • 306
  • 2
  • 8
  • 23