We have a site in Azure that has Azure AD setup on the front end. This requires the user to login in with their Azure Active Directory account to view the front end. This all works well out of the box with Azure config and no additional customisation of Umbraco.
However; we also want to give access to users to Umbraco Backend using their AD account. I have setup and configured UmbracoCms.IdentityExtensions.AzureActiveDirectory perfectly. And this works like a charm, but only when the front end is not setup to use Azure AD. As soon as we turn on that in Azure, the users can not authenticate to the BackEnd.
But the two seem mutually exclusive because they each configure IAppBuilder app differently, specifically, the .RedirectUri's are different and back office configuration sets OpenIdConnectAuthenticationOptions.SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType
yes it's possible, you will need to have your owin startup cater for all scenarios, there's no package OOTB that will configure this for you so you will need to merge the required package settings from UmbracoIdentity and UmbracoCms.IdentityExtensions
Members and Users in umbraco are separate. So if you are planning on using the same AAD for both, Umbraco will still treat them differently and store the results differently. You will need bothUmbracoIdentity (for members) and UmbracoCms.IdentityExtensions (for users)
I have tried to combine two providers in same owin startup call (not in Umbraco but seperate asp.net website, but same behavior as that of Umbraco ). Again both are working individually (commenting the other). But when both are added same time, second one gets preference over first. because of that claimes are returns to wrong url and hence user cannot signin.
After going through Microsoft doc and Stackoverflow, there are not much example available on how to integrate two/multiple openID connect of same type/nature with Azure AD.
then I found this link but there is no recognition of custom provider type inside code. In my case, Provider name is always be "OpenIdConnect".
My code has two same provider name which I cannot change(rather allowed to change, otherwise controller is throwing 400 error).
GetOwinContext.GetAuthenticationType method is returning both provider type but I dont know how to call correct provider as provider name is same throughout.
I have no clue on how I can fire different providers if they are register at start up.
Azure Active Directory Issue
We have a site in Azure that has Azure AD setup on the front end. This requires the user to login in with their Azure Active Directory account to view the front end. This all works well out of the box with Azure config and no additional customisation of Umbraco.
However; we also want to give access to users to Umbraco Backend using their AD account. I have setup and configured UmbracoCms.IdentityExtensions.AzureActiveDirectory perfectly. And this works like a charm, but only when the front end is not setup to use Azure AD. As soon as we turn on that in Azure, the users can not authenticate to the BackEnd.
Has anyone seen this before?
Hugh, Did you manage to solve this? We have the same requirements but were struggling to get it to work
Jonas, did you solve this, we are also struggling to set this up.
I also want to set this up, so bump :)
This is what I'm trying to do, as well. I have several sites using Azure AD for Umbraco users on the Admin side. For that I followed: https://vimeo.com/224047478 and https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco/
And I've managed to get a sample of the front side AAD login working in a sample following - https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco-members/
But the two seem mutually exclusive because they each configure IAppBuilder app differently, specifically, the .RedirectUri's are different and back office configuration sets OpenIdConnectAuthenticationOptions.SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType
Hmm...?
I have not tried this yet, but here is Shannon's response: https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco-members/#disqus_thread
yes it's possible, you will need to have your owin startup cater for all scenarios, there's no package OOTB that will configure this for you so you will need to merge the required package settings from UmbracoIdentity and UmbracoCms.IdentityExtensions
Members and Users in umbraco are separate. So if you are planning on using the same AAD for both, Umbraco will still treat them differently and store the results differently. You will need bothUmbracoIdentity (for members) and UmbracoCms.IdentityExtensions (for users)
Hi Expert,
I am also stuck with the implementation.
I have tried to combine two providers in same owin startup call (not in Umbraco but seperate asp.net website, but same behavior as that of Umbraco ). Again both are working individually (commenting the other). But when both are added same time, second one gets preference over first. because of that claimes are returns to wrong url and hence user cannot signin.
After going through Microsoft doc and Stackoverflow, there are not much example available on how to integrate two/multiple openID connect of same type/nature with Azure AD. then I found this link but there is no recognition of custom provider type inside code. In my case, Provider name is always be "OpenIdConnect".
https://stackoverflow.com/q...
My code has two same provider name which I cannot change(rather allowed to change, otherwise controller is throwing 400 error).
GetOwinContext.GetAuthenticationType method is returning both provider type but I dont know how to call correct provider as provider name is same throughout.
I have no clue on how I can fire different providers if they are register at start up.
Any guidance ?
is working on a reply...