Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Marco Graziotti 40 posts 166 karma points c-trib
    Jul 16, 2021 @ 10:01
    Marco Graziotti
    0

    Identity Server 4 and backoffice external login in Umbraco 9

    Umbraco 9
    Umbraco 9

    Hi,

    I'm trying to retrieve some information about the possibility to implement Identity Server 4 for the backoffice login in Umbraco 9.

    I saw that in ConfigureServices() it's possible to use AddBackOfficeExternalLogins(). Is there any reference guide to implement a third party backoffice login service? Any suggestions?

    I also found this discussion that seems interesting.

    Thank you, Marco

    Copy Link
  • Keith 74 posts 240 karma points
    Jul 20, 2021 @ 23:35
    Keith
    2

    Hi Marco,

    This is the code I used on that other discussion you linked to. It worked for me using Azure AD B2C, but I would imagine the config is very similar for Identity Server 4.

    Its not fully tested and Im sure someone will post something better, but might be of use to you.

                services.AddUmbraco(_env, _config)
            .AddBackOffice()
            // new code
            .AddBackOfficeExternalLogins(builder =>
                builder.AddBackOfficeLogin(
                    new BackOfficeExternalLoginProviderOptions(
                        "btn-primary", // button stype
                        "fa-windows", // icon
                        new ExternalSignInAutoLinkOptions(
                            true, // autolink
                            null, // default groups,
                            null, //default culture,
                            true), //allowManualLinking
                        true, // deny local login
                        false, // autoredirect local login to external login
                        null), // custom backoffice view
                    build =>
                        build.AddOpenIdConnect(
                            build.SchemeForBackOffice(OpenIdConnectDefaults.AuthenticationScheme),
                            "AD B2C",
                            options =>
                            {
                                options.RemoteSignOutPath = "/oidc-signout";
                                options.MetadataAddress = "path-to-my /.well-known";
                                options.ClientId = "my-client-id";
                                options.SignedOutRedirectUri = "https://myumbracosite.com/umbraco";
                                options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
                                {
                                    NameClaimType = "name"
                                };
                            }
                        )
                )
            )
            // end of new code
            .AddWebsite()
            .AddComposers()
            .Build();

    "autolink" is what is used to automatically create an umbraco user when someone signs in with your external provider. Without this, you need to create each umbraco user first, ask them to log in and manually perform a link to their external identity.

    Copy Link
  • Marco Graziotti 40 posts 166 karma points c-trib
    Aug 23, 2021 @ 15:56
    Marco Graziotti
    0

    Hi Keith,

    thank you for your reply.

    This snippet was useful, but I couldn't test it because of this bug in Umbraco 9 RC1 (here more details), that should be fixed in the RC2 release.

    I have just updated my solution to RC2, and builder.AddBackOfficeLogin(...) now has the parameters order inverted, from: 

    AddBackOfficeLogin(BackOfficeExternalLoginProviderOptions loginProviderOptions, Action<BackOfficeAuthenticationBuilder> build);

    to: 

    AddBackOfficeLogin(Action<BackOfficeAuthenticationBuilder> build, Action<BackOfficeExternalLoginProviderOptions> loginProviderOptions = null)

    So your code snippet will change like this:

     services.AddUmbraco(_env, _config)
            .AddBackOffice()
            // new code
            .AddBackOfficeExternalLogins(builder =>
                builder.AddBackOfficeLogin(                   
                    build =>
                        build.AddOpenIdConnect(
                            build.SchemeForBackOffice(OpenIdConnectDefaults.AuthenticationScheme),
                            "AD B2C",
                            options =>
                            {
                                options.RemoteSignOutPath = "/oidc-signout";
                                options.MetadataAddress = "path-to-my /.well-known";
                                options.ClientId = "my-client-id";
                                options.SignedOutRedirectUri = "https://myumbracosite.com/umbraco";
                                options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
                                {
                                    NameClaimType = "name"
                                };
                            }
                        ),
                    options =>
                        new BackOfficeExternalLoginProviderOptions(
                            "btn-primary", // button stype
                            "fa-windows", // icon
                            new ExternalSignInAutoLinkOptions(
                                true, // autolink
                                null, // default groups,
                                null, //default culture,
                                true), //allowManualLinking
                            true, // deny local login
                            false, // autoredirect local login to external login
                            null), // custom backoffice view
                )
            )
            // end of new code
            .AddWebsite()
            .AddComposers()
            .Build();

    Thank you

    Copy Link
  • Gunnar Már Óttarsson 11 posts 47 karma points
    Aug 14, 2021 @ 14:19
    Gunnar Már Óttarsson
    2

    In case you want to use AzureAd to authenticate backoffice users I have working code based off Shannon's pull here

    .AddBackOfficeExternalLogins(extLoginBuilder =>
{
    var extLoginOpts = new ExternalSignInAutoLinkOptions(
        autoLinkExternalAccount: true,
        defaultUserGroups: new[] { "admin" },
        defaultCulture: "en-US",
        allowManualLinking: true)
    {
        OnExternalLogin = (user, loginInfo) =>
        {
            return true;
        },
    };

    var loginProviderOptions = new BackOfficeExternalLoginProviderOptions(
        "btn-microsoft",
        "fa-windows",
        extLoginOpts,
        autoRedirectLoginToExternalProvider: false);

    extLoginBuilder.AddBackOfficeLogin(
        loginProviderOptions,
        auth =>
    {
        var azAdConfig = _config.GetSection("AzureAd");

        auth
            // https://github.com/umbraco/Umbraco-CMS/pull/9470
            .AddMicrosoftIdentityWebApp(options =>
            {
                options.CallbackPath = "/umbraco-signin-oidc";
                options.Instance = "https://login.microsoftonline.com/";
                options.TenantId = azAdConfig["TenantId"];
                options.ClientId = azAdConfig["ClientId"];
                options.SignedOutRedirectUri = "/umbraco";

                // https://github.com/AzureAD/microsoft-identity-web/issues/749
                //options.ClaimActions.MapJsonKey(ClaimTypes.Email, ClaimConstants.PreferredUserName);

                // Preferred over IClaimsTransformation which runs for every AuthenticateAsync
                options.Events.OnTokenValidated = ctx =>
                {
                    var username = ctx.Principal?.Claims.FirstOrDefault(c => c.Type == ClaimConstants.PreferredUserName);
                    if (username != null && ctx.Principal?.Identity is ClaimsIdentity claimsIdentity)
                    {
                        claimsIdentity.AddClaim(
                            new Claim(
                                ClaimTypes.Email,
                                username.Value
                            )
                        );
                    }

                    return Task.CompletedTask;
                };
            },
            openIdConnectScheme: auth.SchemeForBackOffice(Constants.AzureAd),
            cookieScheme: "Fake")
            ;
    });
})
    Copy Link
  • Marco Graziotti 40 posts 166 karma points c-trib
    Aug 23, 2021 @ 16:00
    Marco Graziotti
    0

    Thank you Gunnar for your reply. I will try also this code.

    Marco

    Copy Link
  • Dale McCutcheon 32 posts 135 karma points
    Sep 17, 2021 @ 09:22
    Dale McCutcheon
    0

    Hi Gunnar,

    I'm not able to get this code working I can't reference .AddMicrosoftIdentityWebApp(options => as this just says it does not exist.

    Can you give any further information on this? or what i might be missing?

    THanks Dale

    Copy Link
  • Thomas 315 posts 602 karma points c-trib
    Jan 13, 2022 @ 09:05
    Thomas
    0

    What am I missing here?

    enter image description here

    Copy Link
  • Gunnar Már Óttarsson 11 posts 47 karma points
    Sep 17, 2021 @ 12:26
    Gunnar Már Óttarsson
    0

    You are likely missing Microsoft.Identity.Web in my code i was using 1.15.2

    Copy Link
  • John A 6 posts 27 karma points
    Feb 07, 2022 @ 15:59
    John A
    0

    Gunnar

    Thanks for sharing this for BackOffice. Do you have any samples to share for Umbraco 9 AzureB2C Auth for Members? Appreciate any help you can provide, thanks.

    Copy Link
  • Jeroen Breuer 4908 posts 12265 karma points MVP 4x admin c-trib
    Sep 01, 2022 @ 12:05
    Jeroen Breuer
    0

    Hi John,

    I have created an example for members here: https://www.jeroenbreuer.nl/blog/released-umbraco-openid-connect-example-package/

    Jeroen

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft