Umbraco 7.10.+ and Active Directory Authentication: the guide is not valid and we are not able to connect to backoffice with AD
Hi,
I configured Umbraco with a new OWIN startup like this:
using Microsoft.Owin;
using Owin;
using Umbraco.Core;
using Umbraco.Core.Security;
using Umbraco.Web;
using Umbraco.Web.Security.Identity;
using Umbraco.Core.Models.Identity;
using Umbraco.IdentityExtensions;
using DocManagement_WorkFlow;
//To use this startup class, change the appSetting value in the web.config called
// "owin:appStartup" to be "UmbracoStandardOwinStartup"
[assembly: OwinStartup("UmbracoStandardOwinStartup", typeof(UmbracoStandardOwinStartup))]
namespace DocManagement_WorkFlow
{
/// <summary>
/// The standard way to configure OWIN for Umbraco
/// </summary>
/// <remarks>
/// The startup type is specified in appSettings under owin:appStartup - change it to "StandardUmbracoStartup" to use this class
/// </remarks>
public class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
{
public override void Configuration(IAppBuilder app)
{
//ensure the default options are configured
base.Configuration(app);
/*
* Configure external logins for the back office:
*
* Depending on the authentication sources you would like to enable, you will need to install
* certain Nuget packages.
*
* For Google auth: Install-Package UmbracoCms.IdentityExtensions.Google
* For Facebook auth: Install-Package UmbracoCms.IdentityExtensions.Facebook
* For Microsoft auth: Install-Package UmbracoCms.IdentityExtensions.Microsoft
* For Azure ActiveDirectory auth: Install-Package UmbracoCms.IdentityExtensions.AzureActiveDirectory
*
* There are many more providers such as Twitter, Yahoo, ActiveDirectory, etc... most information can
* be found here: http://www.asp.net/web-api/overview/security/external-authentication-services
*
* For sample code on using external providers with the Umbraco back office, install one of the
* packages listed above to review it's code samples
*
*/
/*
* To configure a simple auth token server for the back office:
*
* By default the CORS policy is to allow all requests
*
* app.UseUmbracoBackOfficeTokenAuth(new BackOfficeAuthServerProviderOptions());
*
* If you want to have a custom CORS policy for the token server you can provide
* a custom CORS policy, example:
*
* app.UseUmbracoBackOfficeTokenAuth(
* new BackOfficeAuthServerProviderOptions()
* {
* //Modify the CorsPolicy as required
* CorsPolicy = new CorsPolicy()
* {
* AllowAnyHeader = true,
* AllowAnyMethod = true,
* Origins = { "http://mywebsite.com" }
* }
* });
*/
// active directory authentication
var applicationContext = ApplicationContext.Current;
app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
applicationContext,
(options, context) =>
{
var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
var settingContent = Umbraco.Core.Configuration.UmbracoConfig.For.UmbracoSettings().Content;
var userManager = BackOfficeUserManager.Create(
options,
applicationContext.Services.UserService,
applicationContext.Services.EntityService,
applicationContext.Services.ExternalLoginService,
membershipProvider,
settingContent
);
userManager.BackOfficeUserPasswordChecker = new ActiveDirectoryBackOfficeUserPasswordChecker();
return userManager;
});
}
}
}
I'll reply more fully when I'm in the office but I think your web.config but I'd wrong. If you IIS server is controlled by AD then you don't need to set it up in the web.config. you do however have to add your owin class as an app setting (check the documentation).
Can I suggest you install the nuget package (again mentioned in the documentation)? That's how I always started and it works fine.
Umbraco 7.10.+ and Active Directory Authentication: the guide is not valid and we are not able to connect to backoffice with AD
Hi,
I configured Umbraco with a new OWIN startup like this:
and configure web.config and umbracoSettings
web.config
umbracoSettings
How to authenticate to AD? I create the backoffice user with username=AD login.
I'll reply more fully when I'm in the office but I think your web.config but I'd wrong. If you IIS server is controlled by AD then you don't need to set it up in the web.config. you do however have to add your owin class as an app setting (check the documentation).
Can I suggest you install the nuget package (again mentioned in the documentation)? That's how I always started and it works fine.
AD users need to match Umbraco user names too.
Hi,
I made everything what you said and I follow the guide. The IIS is not into AD. Maybe is not reported something into docs.
Gotcha...
I've not tried connecting to an AD which the computer is not part of.
Is it an option to use Azure AD? There is a specific package for that: Install-Package UmbracoCms.IdentityExtensions.AzureActiveDirectory
No Azure
is working on a reply...