Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Biagio Paruolo 1492 posts 1633 karma points c-trib
    May 23, 2018 @ 14:54
    Biagio Paruolo

    Umbraco 7.10.+ and Active Directory Authentication: the guide is not valid and we are not able to connect to backoffice with AD


    I configured Umbraco with a new OWIN startup like this:

    using Microsoft.Owin;
    using Owin;
    using Umbraco.Core;
    using Umbraco.Core.Security;
    using Umbraco.Web;
    using Umbraco.Web.Security.Identity;
    using Umbraco.Core.Models.Identity;
    using Umbraco.IdentityExtensions;
    using DocManagement_WorkFlow;
    //To use this startup class, change the appSetting value in the web.config called 
    // "owin:appStartup" to be "UmbracoStandardOwinStartup"
    [assembly: OwinStartup("UmbracoStandardOwinStartup", typeof(UmbracoStandardOwinStartup))]
    namespace DocManagement_WorkFlow
        /// <summary>
        /// The standard way to configure OWIN for Umbraco
        /// </summary>
        /// <remarks>
        /// The startup type is specified in appSettings under owin:appStartup - change it to "StandardUmbracoStartup" to use this class
        /// </remarks>
        public class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
            public override void Configuration(IAppBuilder app)
                //ensure the default options are configured
                 * Configure external logins for the back office:
                 * Depending on the authentication sources you would like to enable, you will need to install 
                 * certain Nuget packages. 
                 * For Google auth:                 Install-Package UmbracoCms.IdentityExtensions.Google
                 * For Facebook auth:                   Install-Package UmbracoCms.IdentityExtensions.Facebook
                 * For Microsoft auth:                  Install-Package UmbracoCms.IdentityExtensions.Microsoft
                 * For Azure ActiveDirectory auth:      Install-Package UmbracoCms.IdentityExtensions.AzureActiveDirectory
                 * There are many more providers such as Twitter, Yahoo, ActiveDirectory, etc... most information can
                 * be found here:
                 * For sample code on using external providers with the Umbraco back office, install one of the 
                 * packages listed above to review it's code samples 
                 * To configure a simple auth token server for the back office:
                 * By default the CORS policy is to allow all requests
                 *      app.UseUmbracoBackOfficeTokenAuth(new BackOfficeAuthServerProviderOptions());
                 * If you want to have a custom CORS policy for the token server you can provide
                 * a custom CORS policy, example: 
                 *      app.UseUmbracoBackOfficeTokenAuth(
                 *          new BackOfficeAuthServerProviderOptions()
                 *              {
                 *                  //Modify the CorsPolicy as required
                 *                  CorsPolicy = new CorsPolicy()
                 *                  {
                 *                      AllowAnyHeader = true,
                 *                      AllowAnyMethod = true,
                 *                      Origins = { "" }                
                 *                  }
                 *              });
                // active directory authentication
                var applicationContext = ApplicationContext.Current;
                app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
                    (options, context) =>
                        var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
                        var settingContent = Umbraco.Core.Configuration.UmbracoConfig.For.UmbracoSettings().Content;
                        var userManager = BackOfficeUserManager.Create(
                        userManager.BackOfficeUserPasswordChecker = new ActiveDirectoryBackOfficeUserPasswordChecker();
                        return userManager;

    and configure web.config and umbracoSettings


     <add key="ActiveDirectoryDomain" value="linde.grp" />
      <add connectionString="LDAP://x.y.z.k:389/DC=abc,DC=pippo,DC=grp" name="ADConnectionString" />
     <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
            <clear />
            <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="10" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" allowManuallyChangingPassword="false" />
            <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" />
            <add name="BackofficeMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="PIPPO\UTENTE" connectionPassword="password" />



    How to authenticate to AD? I create the backoffice user with username=AD login.

  • David Peck 589 posts 1557 karma points c-trib
    May 24, 2018 @ 06:34
    David Peck

    I'll reply more fully when I'm in the office but I think your web.config but I'd wrong. If you IIS server is controlled by AD then you don't need to set it up in the web.config. you do however have to add your owin class as an app setting (check the documentation).

    Can I suggest you install the nuget package (again mentioned in the documentation)? That's how I always started and it works fine.

    AD users need to match Umbraco user names too.

  • Biagio Paruolo 1492 posts 1633 karma points c-trib
    May 24, 2018 @ 06:55
    Biagio Paruolo


    I made everything what you said and I follow the guide. The IIS is not into AD. Maybe is not reported something into docs.

  • David Peck 589 posts 1557 karma points c-trib
    May 24, 2018 @ 08:49
    David Peck


    I've not tried connecting to an AD which the computer is not part of.

    Is it an option to use Azure AD? There is a specific package for that: Install-Package UmbracoCms.IdentityExtensions.AzureActiveDirectory

  • Biagio Paruolo 1492 posts 1633 karma points c-trib
    May 24, 2018 @ 09:18
    Biagio Paruolo

    No Azure

Please Sign in or register to post replies

Write your reply to: