This is a newbie question, but it concerns a couple of areas I'm not very familiar with.
I've been using Azure AD B2C to manage my members authentication by the way of 24days.in/umbraco-cms/2019/aad-and-headless/umbraco8-aadb2c/ and I'm now trying to port it to Umbraco 9.
Setting up the integration to Azure AD is painless and straightforward, I receive the authentication token, but on the front-end my User object is still unauthenticated.
I suspect my problem comes from the cookie manager, which I haven't figured out how to port or if there's a configuration option or a middleware that solves it.
Did you ever get this working? I am planning on using Azure AD B2C for membership and Azure AD for back office users.
I previously got Identity Server 4 working with the Umbraco 8 backoffice. But I have no idea where to start with Umbraco 9, since everything moved to .Net core.
I had to shift my focus on a different part of the project hoping more info and documentation will come up in the mean time.
When I was looking over the commits on the Identity side, they were saying that they used the UmbracoIdentity package to update the identity management. My use-case concerns members so I didn't poke around too much on the backend/users side. Sorry I can't be of more help.
I haven't worked on the Backoffice for some time now, so I am not sure if this code still works with the latest version of v9, but I posted an example of what worked for me on this thread:
It seems to me that the work to support this in Umbraco 9 is not quite complete yet.
For one thing, when I try to use the backoffice to "Restrict Public Access" I am required to supply a login page that exists in the content tree.
Also, there is some code commented out in the source that seems to pertain to this:
public static class AuthenticationOptionsExtensions
{
// TODO: Migrate this! This will basically be an implementation of sorts for IBackOfficeExternalLoginProviders
So with that in mind, this is as far as I have gotten:
Step 1 - add a composer to use Microsoft.Identity.Web:
public void Compose(IUmbracoBuilder builder)
{
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Config, "AzureAdB2C");
}
Step 2 - override the default rendering controller to authenticate with this scheme:
[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
public class CustomRenderController : RenderController
{
public CustomRenderController(ILogger<RenderController> logger, ICompositeViewEngine compositeViewEngine, IUmbracoContextAccessor umbracoContextAccessor)
: base(logger, compositeViewEngine, umbracoContextAccessor)
{
}
[AllowAnonymous]
public override IActionResult Index()
{
return base.Index();
}
}
Step 3 - Handle requests to the login page
I created a new Document Type for the login page, then added a filter that would check if the request was for that doc type. If so, it returns a challenge result to reditect the user to AD B2C.
I think what needs to be done, to get this to work properly, is to finish an implementation of the "MemberSignInManager" in a similar way to the "BackOfficeSignInManager" and implement the logic that calls it (linking etc) in a similar way.
I've made some progress following this blogpost. The issue I'm facing now is that it works only for newly generated users. When I try to authenticate an older user (saved on the Umbraco 8 version of the website) it fails like this
Alin, is it possible to share any more detail on how you are implementing Azure B2C for Umbraco 9? I saw the blog post by Scott Brady and I'm looking to implement the same kind of thing. I'm not finding much on Azure B2C implementations for Umbraco 9.. any help is greatly appreciated
Porting Azure AD B2C integration to Umbraco 9
This is a newbie question, but it concerns a couple of areas I'm not very familiar with.
I've been using Azure AD B2C to manage my members authentication by the way of 24days.in/umbraco-cms/2019/aad-and-headless/umbraco8-aadb2c/ and I'm now trying to port it to Umbraco 9.
Setting up the integration to Azure AD is painless and straightforward, I receive the authentication token, but on the front-end my User object is still unauthenticated.
I suspect my problem comes from the cookie manager, which I haven't figured out how to port or if there's a configuration option or a middleware that solves it.
Much appreciated!
Hi Alin,
Did you ever get this working? I am planning on using Azure AD B2C for membership and Azure AD for back office users.
I previously got Identity Server 4 working with the Umbraco 8 backoffice. But I have no idea where to start with Umbraco 9, since everything moved to .Net core.
Any advice you could offer would be great.
Hi Keith,
Don't know if this pr helps https://github.com/umbraco/Umbraco-CMS/pull/9470
I haven't tried it myself yet.
I had to shift my focus on a different part of the project hoping more info and documentation will come up in the mean time.
When I was looking over the commits on the Identity side, they were saying that they used the UmbracoIdentity package to update the identity management. My use-case concerns members so I didn't poke around too much on the backend/users side. Sorry I can't be of more help.
Thanks for the info Alin,
I have since been able to get the Backoffice login working. I used:
in ConfigureServices() and populated all the required options with the values from my Azure AD B2C instance and it seems to be working.
Next step is to try to get Members working.
Hi Keith,
What back office provider did you use, i've been unable to get mines to work with AD B2C so far.
Cheers Dale
Hi Dale,
I haven't worked on the Backoffice for some time now, so I am not sure if this code still works with the latest version of v9, but I posted an example of what worked for me on this thread:
https://our.umbraco.com/forum/umbraco-9/106634-identity-server-4-and-backoffice-external-login-in-umbraco-9
I hope it helps!
It seems to me that the work to support this in Umbraco 9 is not quite complete yet.
For one thing, when I try to use the backoffice to "Restrict Public Access" I am required to supply a login page that exists in the content tree.
Also, there is some code commented out in the source that seems to pertain to this:
So with that in mind, this is as far as I have gotten:
Step 1 - add a composer to use Microsoft.Identity.Web:
Step 2 - override the default rendering controller to authenticate with this scheme:
Step 3 - Handle requests to the login page
I created a new Document Type for the login page, then added a filter that would check if the request was for that doc type. If so, it returns a challenge result to reditect the user to AD B2C.
This all seems to work. BUT. Now I am getting this error:
InvalidOperationException: Unable to convert user ID to int Umbraco.Cms.Core.Security.UmbracoUserStore
Which I can only imagine is because the AD B2C id is a Guid and cant be converted to an int.
This one doesn't feel like it is easily worked around.
I think what needs to be done, to get this to work properly, is to finish an implementation of the "MemberSignInManager" in a similar way to the "BackOfficeSignInManager" and implement the logic that calls it (linking etc) in a similar way.
That is not a small task. :(
I've made some progress following this blogpost. The issue I'm facing now is that it works only for newly generated users. When I try to authenticate an older user (saved on the Umbraco 8 version of the website) it fails like this
Alin, is it possible to share any more detail on how you are implementing Azure B2C for Umbraco 9? I saw the blog post by Scott Brady and I'm looking to implement the same kind of thing. I'm not finding much on Azure B2C implementations for Umbraco 9.. any help is greatly appreciated
is working on a reply...