Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alin Răuțoiu 4 posts 25 karma points
    May 06, 2021 @ 10:49
    Alin Răuțoiu
    0

    Porting Azure AD B2C integration to Umbraco 9

    This is a newbie question, but it concerns a couple of areas I'm not very familiar with.

    I've been using Azure AD B2C to manage my members authentication by the way of 24days.in/umbraco-cms/2019/aad-and-headless/umbraco8-aadb2c/ and I'm now trying to port it to Umbraco 9.

    Setting up the integration to Azure AD is painless and straightforward, I receive the authentication token, but on the front-end my User object is still unauthenticated.

    I suspect my problem comes from the cookie manager, which I haven't figured out how to port or if there's a configuration option or a middleware that solves it.

    Much appreciated!

  • Keith 18 posts 101 karma points
    May 26, 2021 @ 19:07
    Keith
    0

    Hi Alin,

    Did you ever get this working? I am planning on using Azure AD B2C for membership and Azure AD for back office users.

    I previously got Identity Server 4 working with the Umbraco 8 backoffice. But I have no idea where to start with Umbraco 9, since everything moved to .Net core.

    Any advice you could offer would be great.

  • Marcel van Helmont 1 post 21 karma points
    May 27, 2021 @ 08:31
    Marcel van Helmont
    0

    Hi Keith,

    Don't know if this pr helps https://github.com/umbraco/Umbraco-CMS/pull/9470

    I haven't tried it myself yet.

  • Alin Răuțoiu 4 posts 25 karma points
    May 27, 2021 @ 08:36
    Alin Răuțoiu
    0

    I had to shift my focus on a different part of the project hoping more info and documentation will come up in the mean time.

    When I was looking over the commits on the Identity side, they were saying that they used the UmbracoIdentity package to update the identity management. My use-case concerns members so I didn't poke around too much on the backend/users side. Sorry I can't be of more help.

  • Keith 18 posts 101 karma points
    May 27, 2021 @ 12:16
    Keith
    0

    Thanks for the info Alin,

    I have since been able to get the Backoffice login working. I used:

    AddBackOfficeExternalLogins(...)
    

    in ConfigureServices() and populated all the required options with the values from my Azure AD B2C instance and it seems to be working.

    Next step is to try to get Members working.

  • Dale McCutcheon 29 posts 132 karma points
    1 week ago
    Dale McCutcheon
    0

    Hi Keith,

    What back office provider did you use, i've been unable to get mines to work with AD B2C so far.

    Cheers Dale

  • Keith 18 posts 101 karma points
    1 week ago
    Keith
    0

    Hi Dale,

    I haven't worked on the Backoffice for some time now, so I am not sure if this code still works with the latest version of v9, but I posted an example of what worked for me on this thread:

    https://our.umbraco.com/forum/umbraco-9/106634-identity-server-4-and-backoffice-external-login-in-umbraco-9

    I hope it helps!

  • Keith 18 posts 101 karma points
    May 31, 2021 @ 10:24
    Keith
    0

    It seems to me that the work to support this in Umbraco 9 is not quite complete yet.

    For one thing, when I try to use the backoffice to "Restrict Public Access" I am required to supply a login page that exists in the content tree.

    Also, there is some code commented out in the source that seems to pertain to this:

    public static class AuthenticationOptionsExtensions
    {
        // TODO: Migrate this! This will basically be an implementation of sorts for IBackOfficeExternalLoginProviders
    

    So with that in mind, this is as far as I have gotten:

    Step 1 - add a composer to use Microsoft.Identity.Web:

        public void Compose(IUmbracoBuilder builder)
        {
            builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(builder.Config, "AzureAdB2C");
        }
    

    Step 2 - override the default rendering controller to authenticate with this scheme:

    [Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
    public class CustomRenderController : RenderController
    {
        public CustomRenderController(ILogger<RenderController> logger, ICompositeViewEngine compositeViewEngine, IUmbracoContextAccessor umbracoContextAccessor)
            : base(logger, compositeViewEngine, umbracoContextAccessor)
        {
        }
    
        [AllowAnonymous]
        public override IActionResult Index()
        {
            return base.Index();
        }
    }
    

    Step 3 - Handle requests to the login page

    I created a new Document Type for the login page, then added a filter that would check if the request was for that doc type. If so, it returns a challenge result to reditect the user to AD B2C.

            public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
    
            UmbracoRouteValues umbracoRouteValues = HttpContext.Features.Get<UmbracoRouteValues>();
    
            if (umbracoRouteValues.TemplateName == "OidcLogin" && !User.Identity.IsAuthenticated)
            {
                context.Result = Challenge(OpenIdConnectDefaults.AuthenticationScheme);
            }
            else
            {
                await base.OnActionExecutionAsync(context, next);
            }
        }
    

    This all seems to work. BUT. Now I am getting this error:

    InvalidOperationException: Unable to convert user ID to int Umbraco.Cms.Core.Security.UmbracoUserStore

    Which I can only imagine is because the AD B2C id is a Guid and cant be converted to an int.

    This one doesn't feel like it is easily worked around.

  • Keith 18 posts 101 karma points
    May 31, 2021 @ 11:01
    Keith
    0

    I think what needs to be done, to get this to work properly, is to finish an implementation of the "MemberSignInManager" in a similar way to the "BackOfficeSignInManager" and implement the logic that calls it (linking etc) in a similar way.

    That is not a small task. :(

Please Sign in or register to post replies

Write your reply to:

Draft