I was hoping someone might be able to give me some pointers for configuring front-end members to work with azure active directory, in Umbraco 7.3 RC.

I have successfully configured back-end users with the UmbracoCms.IdentityExtensions -Pre nuget package with very little effort. It works quite well I was very pleased. However, for members I am have quite a bit of trouble, I was attempting to use the Owin package for members UmbracoIdentity. I am wondering if changes in Umbraco 7.3 invalidate this approach?

The website correctly connects to Azure Active Directory, with some configurations the site will even indicate on the redirect uri that the user is logged in, but no configuration will allow the user to access protected pages.

Here is my owin startup public void Configuration(IAppBuilder app) { //Configure the Identity user manager for use with Umbraco Back office // (EXPERT: an overload accepts a custom BackOfficeUserStore implementation) app.ConfigureUserManagerForUmbracoBackOffice( ApplicationContext.Current, MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider());

        //Ensure owin is configured for Umbraco back office authentication
        app
            .UseUmbracoBackOfficeCookieAuthentication(ApplicationContext.Current)
            .UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext.Current);


        Uri logInUri = new Uri("http://localhost:10232/umbraco#/umbraco");
        app.ConfigureBackOfficeAzureActiveDirectoryAuth(tenantId,clientId, logInUri.ToString(), new System.Guid(tenantId));
        ////Set up members login
        app.ConfigureUserManagerForUmbracoMembers<UmbracoApplicationMember>();
        // Enable the application to use a cookie to store information for the 
        // signed in user and to use a cookie to temporarily store information 
        // about a user logging in with a third party login provider 
        // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,

            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user 
                // logs in. This is a security feature which is used when you 
                // change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator
                    .OnValidateIdentity<UmbracoMembersUserManager<UmbracoApplicationMember>, UmbracoApplicationMember, int>(
                        TimeSpan.FromMinutes(30),
                        (manager, user) => user.GenerateUserIdentityAsync(manager),
                        UmbracoIdentity.IdentityExtensions.GetUserId<int>)
            }
        });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                SignInAsAuthenticationType = "OpenIdConnect",
                ClientId = clientId,
                Authority = Authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                RedirectUri = "http://localhost:10232",
                AuthenticationType = string.Format(CultureInfo.InvariantCulture, "https://sts.windows.net/{0}/", new System.Guid(tenantId))

            });


    }

As a note I have also tried without app.UseOpenIdConnectAuthentication, which I do realize is a second instance in the OWIN pipeline.

The obvious point of break down is in UmbracoIdentityAccount controller on the externallogincallback action OwinContext.Authentication.GetExternalLoginInfoAsync returns null.

Any help/hints would be appreciated.