I my application I have one package the contains the “application” frontend, with user authentication and a authenticationProvider defined like
Neos: Flow: security: authentication: authenticationStrategy: oneToken providers: 'Vendor.Application:User': provider: 'PersistedUsernamePasswordProvider' token: 'Neos\Flow\Security\Authentication\Token\UsernamePassword' requestPatterns: 'Vendor.Application:ApplicationControllers': pattern: 'ControllerObjectName' patternOptions: controllerObjectNamePattern: 'Vendor\Application\Controller\.*' entryPoint: WebRedirect entryPointOptions: routeValues: '@package': 'Vendor.Application' '@controller': 'Login' '@action': 'login' '@format': 'html'
and a separate package that contains a “administration” with a administration provider configured in the same way, but with the providername
These two parts are separate system and if you authenticate in the backoffice, doesn’t mean that you authenticated as a application user - and the other around as well
But, every time I authenticate to my Backoffice and then browse to the application how does Flow differentiate?
How do I avoid that ex. the viewhelper
IfAuthenticated doesn’t end up returning a positive result in the `Application´ content, when I’m only authenticated in the Backoffice?
Can anybody put some light on this topic, it’s a missing “in-depth” thing in the security documentation that I would love to know more about