Updated BackofficeUser provider to use ChunkingCookieManager

Philip Daniel Hayton · Philip Daniel Hayton · commit b5aae725981f · 2022-12-19T21:17:19.000Z
diff --git a/Our.Umbraco.TagHelpers/Services/BackofficeUserAccessor.cs b/Our.Umbraco.TagHelpers/Services/BackofficeUserAccessor.cs
@@ -1,5 +1,4 @@
-﻿using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Cookies;
+﻿using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Options;
 using System.Security.Claims;
@@ -26,6 +25,11 @@ public BackofficeUserAccessor(
             _httpContextAccessor = httpContextAccessor;
         }
 
+
+        /// <summary>
+        /// Updated to use ChunkingCookieManager as per Sean Maloney's answer on our.umbraco.com
+        /// https://our.umbraco.com/forum/umbraco-9/106857-how-do-i-determine-if-a-backoffice-user-is-logged-in-from-a-razor-view#comment-341847
+        /// </summary>
         public ClaimsIdentity BackofficeUser
         {
             get
@@ -35,16 +39,17 @@ public ClaimsIdentity BackofficeUser
                 if (httpContext == null)
                     return new ClaimsIdentity();
 
-                CookieAuthenticationOptions cookieOptions = _cookieOptionsSnapshot.Get(global::Umbraco.Cms.Core.Constants.Security.BackOfficeAuthenticationType);
-                string? backOfficeCookie = httpContext.Request.Cookies[cookieOptions.Cookie.Name!];
+                var cookieOptions = _cookieOptionsSnapshot.Get(global::Umbraco.Cms.Core.Constants.Security.BackOfficeAuthenticationType);
+                var cookieManager = new ChunkingCookieManager();
+                var backOfficeCookie = cookieManager.GetRequestCookie(httpContext, cookieOptions.Cookie.Name!);
 
                 if (string.IsNullOrEmpty(backOfficeCookie))
                     return new ClaimsIdentity();
 
-                AuthenticationTicket? unprotected = cookieOptions.TicketDataFormat.Unprotect(backOfficeCookie!);
-                ClaimsIdentity backOfficeIdentity = unprotected!.Principal.GetUmbracoIdentity();
+                var unprotected = cookieOptions.TicketDataFormat.Unprotect(backOfficeCookie!);
+                var backOfficeIdentity = unprotected!.Principal.GetUmbracoIdentity();
 
-                return backOfficeIdentity;
+                return backOfficeIdentity ?? new ClaimsIdentity();
             }
         }
     }
