Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alin Răuțoiu 27 posts 125 karma points
    May 06, 2021 @ 10:49
    Alin Răuțoiu
    0

    Porting Azure AD B2C integration to Umbraco 9

    This is a newbie question, but it concerns a couple of areas I'm not very familiar with.

    I've been using Azure AD B2C to manage my members authentication by the way of 24days.in/umbraco-cms/2019/aad-and-headless/umbraco8-aadb2c/ and I'm now trying to port it to Umbraco 9.

    Setting up the integration to Azure AD is painless and straightforward, I receive the authentication token, but on the front-end my User object is still unauthenticated.

    I suspect my problem comes from the cookie manager, which I haven't figured out how to port or if there's a configuration option or a middleware that solves it.

    Much appreciated!

  • Keith 74 posts 240 karma points
    May 26, 2021 @ 19:07
    Keith
    0

    Hi Alin,

    Did you ever get this working? I am planning on using Azure AD B2C for membership and Azure AD for back office users.

    I previously got Identity Server 4 working with the Umbraco 8 backoffice. But I have no idea where to start with Umbraco 9, since everything moved to .Net core.

    Any advice you could offer would be great.

  • Marcel van Helmont 1 post 21 karma points
    May 27, 2021 @ 08:31
    Marcel van Helmont
    0

    Hi Keith,

    Don't know if this pr helps https://github.com/umbraco/Umbraco-CMS/pull/9470

    I haven't tried it myself yet.

  • Alin Răuțoiu 27 posts 125 karma points
    May 27, 2021 @ 08:36
    Alin Răuțoiu
    0

    I had to shift my focus on a different part of the project hoping more info and documentation will come up in the mean time.

    When I was looking over the commits on the Identity side, they were saying that they used the UmbracoIdentity package to update the identity management. My use-case concerns members so I didn't poke around too much on the backend/users side. Sorry I can't be of more help.

  • Keith 74 posts 240 karma points
    May 27, 2021 @ 12:16
    Keith
    0

    Thanks for the info Alin,

    I have since been able to get the Backoffice login working. I used:

    AddBackOfficeExternalLogins(...)
    

    in ConfigureServices() and populated all the required options with the values from my Azure AD B2C instance and it seems to be working.

    Next step is to try to get Members working.

  • Dale McCutcheon 32 posts 135 karma points
    Sep 16, 2021 @ 11:43
    Dale McCutcheon
    0

    Hi Keith,

    What back office provider did you use, i've been unable to get mines to work with AD B2C so far.

    Cheers Dale

  • Keith 74 posts 240 karma points
    Sep 16, 2021 @ 12:14
    Keith
    0

    Hi Dale,

    I haven't worked on the Backoffice for some time now, so I am not sure if this code still works with the latest version of v9, but I posted an example of what worked for me on this thread:

    https://our.umbraco.com/forum/umbraco-9/106634-identity-server-4-and-backoffice-external-login-in-umbraco-9

    I hope it helps!

  • Keith 74 posts 240 karma points
    May 31, 2021 @ 10:24
    Keith
    0

    It seems to me that the work to support this in Umbraco 9 is not quite complete yet.

    For one thing, when I try to use the backoffice to "Restrict Public Access" I am required to supply a login page that exists in the content tree.

    Also, there is some code commented out in the source that seems to pertain to this:

    public static class AuthenticationOptionsExtensions
    {
        // TODO: Migrate this! This will basically be an implementation of sorts for IBackOfficeExternalLoginProviders
    

    So with that in mind, this is as far as I have gotten:

    Step 1 - add a composer to use Microsoft.Identity.Web:

        public void Compose(IUmbracoBuilder builder)
        {
            builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(builder.Config, "AzureAdB2C");
        }
    

    Step 2 - override the default rendering controller to authenticate with this scheme:

    [Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
    public class CustomRenderController : RenderController
    {
        public CustomRenderController(ILogger<RenderController> logger, ICompositeViewEngine compositeViewEngine, IUmbracoContextAccessor umbracoContextAccessor)
            : base(logger, compositeViewEngine, umbracoContextAccessor)
        {
        }
    
        [AllowAnonymous]
        public override IActionResult Index()
        {
            return base.Index();
        }
    }
    

    Step 3 - Handle requests to the login page

    I created a new Document Type for the login page, then added a filter that would check if the request was for that doc type. If so, it returns a challenge result to reditect the user to AD B2C.

            public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
    
            UmbracoRouteValues umbracoRouteValues = HttpContext.Features.Get<UmbracoRouteValues>();
    
            if (umbracoRouteValues.TemplateName == "OidcLogin" && !User.Identity.IsAuthenticated)
            {
                context.Result = Challenge(OpenIdConnectDefaults.AuthenticationScheme);
            }
            else
            {
                await base.OnActionExecutionAsync(context, next);
            }
        }
    

    This all seems to work. BUT. Now I am getting this error:

    InvalidOperationException: Unable to convert user ID to int Umbraco.Cms.Core.Security.UmbracoUserStore

    Which I can only imagine is because the AD B2C id is a Guid and cant be converted to an int.

    This one doesn't feel like it is easily worked around.

  • Keith 74 posts 240 karma points
    May 31, 2021 @ 11:01
    Keith
    0

    I think what needs to be done, to get this to work properly, is to finish an implementation of the "MemberSignInManager" in a similar way to the "BackOfficeSignInManager" and implement the logic that calls it (linking etc) in a similar way.

    That is not a small task. :(

  • Alin Răuțoiu 27 posts 125 karma points
    Jan 19, 2022 @ 21:49
    Alin Răuțoiu
    0

    I've made some progress following this blogpost. The issue I'm facing now is that it works only for newly generated users. When I try to authenticate an older user (saved on the Umbraco 8 version of the website) it fails like thisenter image description here

  • John A 6 posts 27 karma points
    Feb 02, 2022 @ 13:53
    John A
    1

    Alin, is it possible to share any more detail on how you are implementing Azure B2C for Umbraco 9? I saw the blog post by Scott Brady and I'm looking to implement the same kind of thing. I'm not finding much on Azure B2C implementations for Umbraco 9.. any help is greatly appreciated

Please Sign in or register to post replies

Write your reply to:

Draft