Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
This is a newbie question, but it concerns a couple of areas I'm not very familiar with.
I've been using Azure AD B2C to manage my members authentication by the way of 24days.in/umbraco-cms/2019/aad-and-headless/umbraco8-aadb2c/ and I'm now trying to port it to Umbraco 9.
Setting up the integration to Azure AD is painless and straightforward, I receive the authentication token, but on the front-end my User object is still unauthenticated.
I suspect my problem comes from the cookie manager, which I haven't figured out how to port or if there's a configuration option or a middleware that solves it.
Did you ever get this working? I am planning on using Azure AD B2C for membership and Azure AD for back office users.
I previously got Identity Server 4 working with the Umbraco 8 backoffice. But I have no idea where to start with Umbraco 9, since everything moved to .Net core.
Any advice you could offer would be great.
Don't know if this pr helps https://github.com/umbraco/Umbraco-CMS/pull/9470
I haven't tried it myself yet.
I had to shift my focus on a different part of the project hoping more info and documentation will come up in the mean time.
When I was looking over the commits on the Identity side, they were saying that they used the UmbracoIdentity package to update the identity management. My use-case concerns members so I didn't poke around too much on the backend/users side. Sorry I can't be of more help.
Thanks for the info Alin,
I have since been able to get the Backoffice login working. I used:
in ConfigureServices() and populated all the required options with the values from my Azure AD B2C instance and it seems to be working.
Next step is to try to get Members working.
What back office provider did you use, i've been unable to get mines to work with AD B2C so far.
I haven't worked on the Backoffice for some time now, so I am not sure if this code still works with the latest version of v9, but I posted an example of what worked for me on this thread:
I hope it helps!
It seems to me that the work to support this in Umbraco 9 is not quite complete yet.
For one thing, when I try to use the backoffice to "Restrict Public Access" I am required to supply a login page that exists in the content tree.
Also, there is some code commented out in the source that seems to pertain to this:
public static class AuthenticationOptionsExtensions
// TODO: Migrate this! This will basically be an implementation of sorts for IBackOfficeExternalLoginProviders
So with that in mind, this is as far as I have gotten:
Step 1 - add a composer to use Microsoft.Identity.Web:
public void Compose(IUmbracoBuilder builder)
Step 2 - override the default rendering controller to authenticate with this scheme:
[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
public class CustomRenderController : RenderController
public CustomRenderController(ILogger<RenderController> logger, ICompositeViewEngine compositeViewEngine, IUmbracoContextAccessor umbracoContextAccessor)
: base(logger, compositeViewEngine, umbracoContextAccessor)
public override IActionResult Index()
Step 3 - Handle requests to the login page
I created a new Document Type for the login page, then added a filter that would check if the request was for that doc type. If so, it returns a challenge result to reditect the user to AD B2C.
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
UmbracoRouteValues umbracoRouteValues = HttpContext.Features.Get<UmbracoRouteValues>();
if (umbracoRouteValues.TemplateName == "OidcLogin" && !User.Identity.IsAuthenticated)
context.Result = Challenge(OpenIdConnectDefaults.AuthenticationScheme);
await base.OnActionExecutionAsync(context, next);
This all seems to work. BUT. Now I am getting this error:
InvalidOperationException: Unable to convert user ID to int
Which I can only imagine is because the AD B2C id is a Guid and cant be converted to an int.
This one doesn't feel like it is easily worked around.
I think what needs to be done, to get this to work properly, is to finish an implementation of the "MemberSignInManager" in a similar way to the "BackOfficeSignInManager" and implement the logic that calls it (linking etc) in a similar way.
That is not a small task. :(
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted