Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Antiforgery cookie when using external identity provider #98

Open
Memoryfox opened this issue Apr 28, 2022 · 0 comments
Open

Antiforgery cookie when using external identity provider #98

Memoryfox opened this issue Apr 28, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@Memoryfox
Copy link

Hi,
we're using an OpenID server for authentication. After switching Piranha from 9 to 10 it was not possible to save/publish pages or to store site properties. After investigating the log messages, I found that the antiforgery cookie was not present.
The built in authentication method (LocalAuth) redirects after a successful login to "/manager/login/auth" where the cookie will be set.
After several tries I ended up in writing a middleware which redirects to "/manager/login/auth" if the first call to the manager appears (I did not want to copy and paste the code from AuthController.cs) .

A few comments on this:

  • the behavior should be part of the documentation
  • the creation of the antiforgery cookie could be implemented in a service
  • maybe there is a more common scenario to ensure that the cookie is created independently of the authentication

Do you have other ideas or solutions for the problem?
Thanks.

@tidyui tidyui transferred this issue from PiranhaCMS/piranha.core Jun 8, 2022
@tidyui tidyui added the enhancement New feature or request label Oct 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants