I have no answer for you, but I need to do something similar. I want to expose some download links and the files they refer to based on whether a user is logged into our Azure AD B2C. The rest of the content on the site is public, just that this secret content is hidden from the anonymous visitor.
The solution is below. But its also VERY IMPORTANT to use the right settings..... (surprise!). You MUST sign in with to the same APP_ID you're using below. In my app I signed in to another one...
/// <summary>
/// The standard way to configure OWIN for Umbraco
/// </summary>
/// <remarks>
/// The startup type is specified in appSettings under owin:appStartup - change it to "UmbracoStandardOwinStartup" to use this class
/// </remarks>
using Microsoft.IdentityModel.Protocols;
using Microsoft.Owin;
using Microsoft.Owin.Security.ActiveDirectory;
using Owin;
using RoGruppen.Application;
using System.IdentityModel.Tokens;
using Umbraco.Web;
using System.Linq;
[assembly: OwinStartup("UmbracoStandardOwinStartup", typeof(UmbracoStandardOwinStartup))]
namespace Thing.Application
{
public class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
{
public override void Configuration(IAppBuilder app)
{
var stsDiscoveryEndpoint = string.Format("{0}/.well-known/openid-configuration", "https://login.microsoftonline.com/<tenant>");
var configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint);
var config = configManager.GetConfigurationAsync().Result;
app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = "<tenant>",
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = "<tenant>/<APP_ID>",
ValidIssuer = config.Issuer,
IssuerSigningTokens = config.SigningTokens.ToList(),
RequireSignedTokens = true
}
});
base.Configuration(app);
}
}
}
Secure web API by using bearer tokens from Azure AD
Hello!
I need to secure a web api (NOT backoffice) with bearer tokens from Azure AD. This should be possible according to https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapi-dotnet .
But how do I integreate this with Umbraco? Can anyone point me in the right direction?
I've tried this:
And then in my api controller:
But I get 401, and I dont think UseWindowsAzureActiveDirectoryBearerAuthentication is even used.
I have no answer for you, but I need to do something similar. I want to expose some download links and the files they refer to based on whether a user is logged into our Azure AD B2C. The rest of the content on the site is public, just that this secret content is hidden from the anonymous visitor.
I was close..
The solution is below. But its also VERY IMPORTANT to use the right settings..... (surprise!). You MUST sign in with to the same
APP_IDyou're using below. In my app I signed in to another one...is working on a reply...