Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Biagio Paruolo 1456 posts 1595 karma points c-trib
    May 23, 2018 @ 14:54
    Biagio Paruolo
    0

    Umbraco 7.10.+ and Active Directory Authentication: the guide is not valid and we are not able to connect to backoffice with AD

    Hi,

    I configured Umbraco with a new OWIN startup like this:

    using Microsoft.Owin;
    using Owin;
    using Umbraco.Core;
    using Umbraco.Core.Security;
    using Umbraco.Web;
    using Umbraco.Web.Security.Identity;
    using Umbraco.Core.Models.Identity;
    using Umbraco.IdentityExtensions;
    using DocManagement_WorkFlow;
    
    
    //To use this startup class, change the appSetting value in the web.config called 
    // "owin:appStartup" to be "UmbracoStandardOwinStartup"
    
    [assembly: OwinStartup("UmbracoStandardOwinStartup", typeof(UmbracoStandardOwinStartup))]
    
    namespace DocManagement_WorkFlow
    {
        /// <summary>
        /// The standard way to configure OWIN for Umbraco
        /// </summary>
        /// <remarks>
        /// The startup type is specified in appSettings under owin:appStartup - change it to "StandardUmbracoStartup" to use this class
        /// </remarks>
        public class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
        {
            public override void Configuration(IAppBuilder app)
            {
                //ensure the default options are configured
                base.Configuration(app);
    
                /* 
                 * Configure external logins for the back office:
                 * 
                 * Depending on the authentication sources you would like to enable, you will need to install 
                 * certain Nuget packages. 
                 * 
                 * For Google auth:                 Install-Package UmbracoCms.IdentityExtensions.Google
                 * For Facebook auth:                   Install-Package UmbracoCms.IdentityExtensions.Facebook
                 * For Microsoft auth:                  Install-Package UmbracoCms.IdentityExtensions.Microsoft
                 * For Azure ActiveDirectory auth:      Install-Package UmbracoCms.IdentityExtensions.AzureActiveDirectory
                 * 
                 * There are many more providers such as Twitter, Yahoo, ActiveDirectory, etc... most information can
                 * be found here: http://www.asp.net/web-api/overview/security/external-authentication-services
                 * 
                 * For sample code on using external providers with the Umbraco back office, install one of the 
                 * packages listed above to review it's code samples 
                 *  
                 */
    
                /*
                 * To configure a simple auth token server for the back office:
                 *             
                 * By default the CORS policy is to allow all requests
                 * 
                 *      app.UseUmbracoBackOfficeTokenAuth(new BackOfficeAuthServerProviderOptions());
                 *      
                 * If you want to have a custom CORS policy for the token server you can provide
                 * a custom CORS policy, example: 
                 * 
                 *      app.UseUmbracoBackOfficeTokenAuth(
                 *          new BackOfficeAuthServerProviderOptions()
                 *              {
                 *                  //Modify the CorsPolicy as required
                 *                  CorsPolicy = new CorsPolicy()
                 *                  {
                 *                      AllowAnyHeader = true,
                 *                      AllowAnyMethod = true,
                 *                      Origins = { "http://mywebsite.com" }                
                 *                  }
                 *              });
                 */
    
                // active directory authentication
                var applicationContext = ApplicationContext.Current;
    
                app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
                    applicationContext,
                    (options, context) =>
                    {
                        var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
                        var settingContent = Umbraco.Core.Configuration.UmbracoConfig.For.UmbracoSettings().Content;
                        var userManager = BackOfficeUserManager.Create(
                            options,
                            applicationContext.Services.UserService,
                            applicationContext.Services.EntityService,
                            applicationContext.Services.ExternalLoginService,
                            membershipProvider,
                            settingContent
                        );
    
                        userManager.BackOfficeUserPasswordChecker = new ActiveDirectoryBackOfficeUserPasswordChecker();
                        return userManager;
                    });
    
    
            }
    
    
    
        }
    }
    

    and configure web.config and umbracoSettings

    web.config

     <add key="ActiveDirectoryDomain" value="linde.grp" />
      <add connectionString="LDAP://x.y.z.k:389/DC=abc,DC=pippo,DC=grp" name="ADConnectionString" />
    
     <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
          <providers>
            <clear />
            <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="10" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" allowManuallyChangingPassword="false" />
    
            <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" />
    
            <add name="BackofficeMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="PIPPO\UTENTE" connectionPassword="password" />
    
          </providers>
        </membership>
    

    umbracoSettings

     <providers>
        <users>
          <DefaultBackofficeProvider>BackofficeMembershipProvider</DefaultBackofficeProvider>
        </users>
      </providers>
    

    How to authenticate to AD? I create the backoffice user with username=AD login.

  • David Peck 587 posts 1553 karma points c-trib
    May 24, 2018 @ 06:34
    David Peck
    0

    I'll reply more fully when I'm in the office but I think your web.config but I'd wrong. If you IIS server is controlled by AD then you don't need to set it up in the web.config. you do however have to add your owin class as an app setting (check the documentation).

    Can I suggest you install the nuget package (again mentioned in the documentation)? That's how I always started and it works fine.

    AD users need to match Umbraco user names too.

  • Biagio Paruolo 1456 posts 1595 karma points c-trib
    May 24, 2018 @ 06:55
    Biagio Paruolo
    0

    Hi,

    I made everything what you said and I follow the guide. The IIS is not into AD. Maybe is not reported something into docs.

  • David Peck 587 posts 1553 karma points c-trib
    May 24, 2018 @ 08:49
    David Peck
    0

    Gotcha...

    I've not tried connecting to an AD which the computer is not part of.

    Is it an option to use Azure AD? There is a specific package for that: Install-Package UmbracoCms.IdentityExtensions.AzureActiveDirectory

  • Biagio Paruolo 1456 posts 1595 karma points c-trib
    May 24, 2018 @ 09:18
    Biagio Paruolo
    0

    No Azure

Please Sign in or register to post replies

Write your reply to:

Draft