Fix Control Panel Authentication for Sitecore 9.1 (#328)

* Fix Unicorn control panel to work with 9.1 identity server

* Fix login URL so it redirects properly in 9.1

src/Unicorn/ControlPanel/Controls/AccessDenied.cs

@@ -1,4 +1,4 @@
-using System.Web;
+using System.Web;
 using System.Web.UI;
 
 namespace Unicorn.ControlPanel.Controls
@@ -21,7 +21,7 @@ public void Render(HtmlTextWriter writer)
 			writer.WriteLine("    `.            :.,\'");
 			writer.WriteLine("      `-.________,-\'");
 			writer.WriteLine("-->");
-			writer.Write($"<p>You need to <a href=\"/sitecore/login?returnUrl={HttpUtility.UrlEncode(HttpContext.Current.Request.Url.PathAndQuery)}\">sign in to Sitecore as an administrator</a> to use the Unicorn control panel.</p>");
+			writer.Write($"<p>You need to <a href=\"{GetLoginUrl()}\">sign in to Sitecore as an administrator</a> to use the Unicorn control panel.</p>");
 
 			HttpContext.Current.Response.TrySkipIisCustomErrors = true;
 
@@ -30,5 +30,11 @@ public void Render(HtmlTextWriter writer)
 			// Assuming it is doubtful Sitecore has, or will ever, do any special handling for this situation.
 			HttpContext.Current.Response.StatusCode = 418;
 		}
+
+		private static string GetLoginUrl()
+		{
+			var returnUrl = HttpUtility.UrlEncode(HttpContext.Current.Request.Url.PathAndQuery);
+			return $"{Sitecore.Context.Site.LoginPage}?returnUrl={returnUrl}";
+		}
 	}
 }

src/Unicorn/Standard Config Files/Unicorn.UI.IdentityServer.config.disabled

@@ -0,0 +1,26 @@
+<!--
+	Unicorn UI Identity Server Configuration
+
+	This file enables the Unicorn control panel to work with authentication in Sitecore 9.1 and above.
+
+	This file should not be enabled on versions of Sitecore prior to 9.1.
+
+	http://github.com/kamsar/Unicorn
+-->
+<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/" xmlns:security="http://www.sitecore.net/xmlconfig/security/">
+	<sitecore role:require="Standalone or ContentManagement" security:require="Sitecore">
+		<pipelines>
+			<!--
+				The Unicorn control panel path must be added to the list of site neutral paths for the Unicorn control panel to work with authentication in 9.1.
+				This must match the activationUrl defined in the UnicornControlPanelPipelineProcessor defined in Unicorn.UI.config.
+			-->
+			<owin.cookieAuthentication.validateIdentity>
+				<processor type="Sitecore.Owin.Authentication.Pipelines.CookieAuthentication.ValidateIdentity.ValidateSiteNeutralPaths, Sitecore.Owin.Authentication">
+					<siteNeutralPaths hint="list">
+						<path hint="unicorn">/unicorn.aspx</path>
+					</siteNeutralPaths>
+				</processor>
+			</owin.cookieAuthentication.validateIdentity>
+		</pipelines>
+	</sitecore>
+</configuration>

src/Unicorn/Standard Config Files/Unicorn.UI.config

@@ -47,6 +47,8 @@
 			<httpRequestBegin>
 				<!--
 					This pipeline handler shows the Unicorn control panel. You can customize the URL the control panel lives at by changing the activationUrl.
+					On Sitecore 9.1 and above, you must also update the site neutral paths in the owin.cookieAuthentication.validateIdentity pipeline defined in
+					Unicorn.UI.IdentityServer.config when you customize the control panel URL.
 					The activationUrl must be a URL that the Sitecore pipeline won't ignore (e.g. .aspx, .ashx, etc)
 					The activationSite must be a site that doesn't use Language Fallback or Enforce Version Presence
 				-->

src/Unicorn/Unicorn.csproj

@@ -285,6 +285,9 @@
       <SubType>Designer</SubType>
     </None>
     <None Include="Standard Config Files\Unicorn.PowerShell.config" />
+    <None Include="Standard Config Files\Unicorn.UI.IdentityServer.config.disabled">
+      <SubType>Designer</SubType>
+    </None>
     <None Include="Standard Config Files\Unicorn.zSharedSecret.config.example">
       <SubType>Designer</SubType>
     </None>