Search code examples
c#umbracoumbraco7surface-controller

Validate Umbraco Back Office Users programmatically

Im new to umbraco and currently faced with below issue.

I have a requirement to validate for the existence of umbraco backoffice users (users in umbracoUser table) inside a SurfaceController by using a user entered username and a password, and this is what I have done so far.

var result = new Umbraco.Web.Security.Providers.UsersMembershipProvider().ValidateUser(username, password);

When I used the above statement to validate with existing username and a correct password, it always returns false and locks the user by setting a DateTime value to lastLockoutDate column and userNoConsole = 1 in umbracoUser table.

Looked into below post as well, but it did not help.

https://our.umbraco.com/forum/umbraco-cloud/76499-umbraco-7-user-login-backoffice-programmatically

Any guidance on how to validate the existence of back office users programmatically would be a big help.

Solution

  • I found a way to validate the back office users successfully, via the below code.

    In the Web.config, I found back office membership provider information.

    <add name="UsersMembershipProvider"
             type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" 
             minRequiredNonalphanumericCharacters="0" 
             minRequiredPasswordLength="10" 
             useLegacyEncoding="false" 
             enablePasswordRetrieval="false" 
             enablePasswordReset="true" 
             requiresQuestionAndAnswer="false" 
             passwordFormat="Hashed" 
             allowManuallyChangingPassword="false" />

    So, I used membership providers name and did the below to validate backoffice users,

    public bool ValidateUser(string username, string password)
        {
            try
            {

                var provider = Membership.Providers["UsersMembershipProvider"];     // from web.config 

                if (provider != null)
                {                                           
                    var validUser = provider.ValidateUser(username, password)
                        ? Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials)
                        : Task.FromResult(BackOfficeUserPasswordCheckerResult.InvalidCredentials);
                    return validUser.Result == BackOfficeUserPasswordCheckerResult.ValidCredentials;
                }
                return false;
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
                throw;
            }
        }

    The above validates the backoffice users returns true if they exist.