Access Umbraco back office user from the front end

If you need to access the current user logged into the Umbraco Backoffice from the Front End (to show a link to administrator area for example) you may have tried:

umbraco.BusinessLogic.User.GetCurrent()
UmbracoContext.UmbracoUser
UmbracoContext.Security.CurrentUser
umbraco.helper.GetCurrentUmbracoUser()

None of which seem to work, then you should user the following code:

var userTicket = new System.Web.HttpContextWrapper(System.Web.HttpContext.Current).GetUmbracoAuthTicket();
if (userTicket != null) {     
 var currentUser = ApplicationContext.Services.UserService.GetByUsername(userTicket.Name);
}

As Andrew Wilson mentions in the comments, remember to include Umbraco.Core.Security – though if you forget hopefully Visual Studio will tell you to add it.

Find source property name from automapped object

So if you find yourself wanting to find the source property of a view model that caused an entity validation error in the destination when you’re using AutoMapper to map one field to
another then here you go:

First create a TypeMap to perform a lookup against:

var map = Mapper.FindTypeMapFor<YourViewModelClass, YourEntityClass>();

Then for each of the error in the EntityValidationErrors lookup the Destination Property using the Validation Error’s Property name

ex.EntityValidationErrors.SelectMany(e => e.ValidationErrors).ForEach(e =>
{
var errorItem = map.GetPropertyMaps().FirstOrDefault(x => x.DestinationProperty.Name == e.PropertyName);
});

Now the errorItem variable has a property called SourceMember.Name which is the name of the property in the View Model.

So then you can add a error to the ModelState in the loop:

ex.EntityValidationErrors.SelectMany(e => e.ValidationErrors).ForEach(e =>
{
var errorItem = map.GetPropertyMaps().FirstOrDefault(x => x.DestinationProperty.Name == e.PropertyName);
this.ModelState.AddModelError(errorItem.SourceMember.Name, e.ErrorMessage);
});

Then when you return the ViewModel back to the page it will highlight the affected field and display the entity validation error.

Subresource integrity

A new feature in Google Chrome 45 is the ability to add meta data inline to <script> and <link rel=”stylesheet”> elements which will allow the browser to determine if the resource which has been downloaded is the same as the author intended.

This is done by adding integrity  metadata to the element inline such as:

<link rel=”stylesheet” href=”this_is_verified.css” integrity=”sha256-qvuZLpjL9TNV6yI1kNdGCPnSTrWM6Y0ILEzzyvA9hGY=”>

You would generate the base64 encoded version of the SHA256 hash with the following command:

cat this_is_verified.css| openssl dgst -sha256 -binary | openssl enc -base64 -A

If the hash doesn’t match the file and the integrity is compromised the browser will not load the resource.

This is currently in development for Firefox as well, though no news on Edge or Safari for implementation.

jQuery.hashIdentity

Identify hashes using javascript.

This plugin allows you to identify hashes using regular expressions.


$(this).hashIdentity(hash); Returns: Array of hash types it may be.

Description

By passing a string of the hash to the plugin it will return a list of possible hash types it could be.

Example

var listOfHashes = $(this).hashIdentity(“35d715dbd2b390af1f5596b2118f7216”);

Demo

Visit: http://ryanmcdonough.co.uk/hashidentity/index.html

Extending CurrentPrincipal

If you are wanting to use the built in ASP Identity but you are also wanting to store extra data against that user whilst they use the website then you can extend the CurrentPrincipal easily.

So in this case I’m going to use it in the sense of it being for a company called Company, here’s my extended code:


public class CompanyPrincipal : IPrincipal
{
private _Company_Employee_Access employeeAccess = new _Company_Employee_Access();
public _Company_Employee_Detail Information { get; set; }
public IIdentity Identity { get; private set; }
public CompanyPrincipal(IIdentity identity)
{
Information = employeeAccess.getEmployeeByName(identity.Name);
this.Identity = identity;
}
public bool IsInRole(string role)
{
throw new NotImplementedException();
}
}

So the extra information we want to store is an instance of: _Company_Employee_Detail called Information.

We fill it using employeeAccess.getEmployeeByName(identity.Name); so that would be your code to return _Company_Employee_Detail with the correct information.

In MVC you can then access it like so:

@{
ViewBag.Title = "Home Page";
var User = (CompanyPrincipal)Context.User;
}

Sup @User.Information.FirstName ?

 

jQuery Pseudo Random Number Generator Plugin

Yesterday I released a jQuery plugin to generate true random numbers based on the brilliant work done by Steve Gibson to create an Ultra-High Entropy Pseudo-Random Number Generator.

This takes the work Steve has done, and automates some of the steps used on the demo page such as generating the entropy and setting the range & count for the loops – though you can change those.

Example code

var options = { range: 10001, count: 10001 };
var x = $(this).uheprngGen(options);

You can download the plugin here from Github.

This plugin was featured on the amazing DailyJS site.

Hash Generation – Self Hosted

Recently I built http://hashfor.me, a hash generation service. Though I do get a reasonable amount of visits I couldn’t see a future of it being a serious project due to people’s valid security concerns of entering text you want to hash on a website you don’t own yourself, so I released the code.

You can find the code on Github here, it makes use of the CrytoJS and ZeroClipboard libraries to make it a pleasant user experience.#

The readme being:

Browser based hash generation, making use of CryptoJS to allow you to self host a quick and easy hash generator.

Originally built for hashfor.me, this project is a quick hack together of resources to allow you to generate hashes with ease.

You can generate:

SHA3, BMW, Halfskein, MD5, SHABAL, Cube Hash, AES, SHA1, SHA255, SHA512, BLAKE, Rabbit & RIPEMD-160

View a live version at https://hashfor.me

Licensed under BSD-3, Enjoy!