diff --git a/src/Umbraco.Web.BackOffice/Security/BackOfficeSignInManager.cs b/src/Umbraco.Web.BackOffice/Security/BackOfficeSignInManager.cs index c043cf73d2b2..96c98d80de56 100644 --- a/src/Umbraco.Web.BackOffice/Security/BackOfficeSignInManager.cs +++ b/src/Umbraco.Web.BackOffice/Security/BackOfficeSignInManager.cs @@ -193,6 +193,17 @@ private async Task AutoLinkAndSignInExternalAccount(ExternalLoginI return AutoLinkSignInResult.FailedException(ex.Message); } + var shouldSignIn = autoLinkOptions.OnExternalLogin(autoLinkUser, loginInfo); + if (shouldSignIn == false) + { + Logger.LogWarning("The AutoLinkOptions of the external authentication provider '{LoginProvider}' have refused the login based on the OnExternalLogin method. Affected user id: '{UserId}'", loginInfo.LoginProvider, autoLinkUser.Id); + return SignInResult.NotAllowed; + } + else + { + return await LinkUser(autoLinkUser, loginInfo); + } + return await LinkUser(autoLinkUser, loginInfo); } else @@ -226,7 +237,16 @@ private async Task AutoLinkAndSignInExternalAccount(ExternalLoginI } else { - return await LinkUser(autoLinkUser, loginInfo); + var shouldSignIn = autoLinkOptions.OnExternalLogin(autoLinkUser, loginInfo); + if (shouldSignIn == false) + { + Logger.LogWarning("The AutoLinkOptions of the external authentication provider '{LoginProvider}' have refused the login based on the OnExternalLogin method. Affected user id: '{UserId}'", loginInfo.LoginProvider, autoLinkUser.Id); + return SignInResult.NotAllowed; + } + else + { + return await LinkUser(autoLinkUser, loginInfo); + } } } }