Hi,
I am currently evaluating Heartcore and I find it mostly rather great, but there is one big thing that I can't seem to figure out and that is how to make it work with other identity proiders tham just the built-in username/password. I would like to bea able to use Google, Microsoft, Facebook, Identityserver4, etc.
This is a BIG go or no go for me, could anyone point me to where I can find information regarding this?
Please, don't give me information about how to implement this is .NET since I am using Heartcore as a SaaS hence I will not be able to change, add or in other ways manipulate the backend code.
For example, a person with a Microsoft AAD account should be able to login to "the site" and therefor "the site" will be able to retreive information from MS365 as well as from Umbraco and even other systems, but I would also want to be able to give that person/user/account specific permissions on/in "the system" (Umbraco).
User with M365 Account has to be able to be part of "Groups" in Umbraco.
You could use them to integrate your frontend identity provider with Heartcore's members feature, although I personally cannot see a use case for that.
I am talking about frontend users. Since editiors will create content in Heartcore they have to be able to ad different kind of securities to different "pages" and other content. I am currently looking at this for an Intranet and there will be some sections that have to be able to be more secured then others. As for now I see that there is a possibility to create Member Groups and use them to create kind of what I want, but it lacks the possibility to add external users to these Member Groups, at least I haven't founf a way to do it.
I could create it my self if I get all data from Heartcore via a Proxy service, which I most likely would do since I don't want to expose the api-key and such. But since I don't receive any "Member Groups" property on the data I receive from Umbraco I don't se how this could be done.
This is a really common scenario within both Intranet, e-commerce, external web sites, so I am a bit suprised if it has not been taken in concideration.
Yes, that works, but I need that data on the actual content/page/item (what ever you call it) if I am supposed to check it against som identity provider claims.
I have come up with a solution that kind of works and that is to add a field on the page called "Security" of the type "MemberGroupPicker" adn that field I could maybe use to check it. But I would sill think it would be in the system.
Do you actually really mean that you have no idea what I am trying to solve here? I mean in what ever CMS based web site or intranet (maybe mainly) editors want to add security to certain pages. In the case of Haartcore, I only have the possibility to add security on members and/or users built in to Heartcore..... I want to be able to extend that to external users as well.
What you want to achieve has to be done on the frontend and you can achieve it by using the API data returned from the member endpoint.
I can't see why you would want to return the member data on a page when it can be fetched using the member endpoint.
The response then returns the member group name that I've pointed you to after you've asked for it.
You want a "Security" checkbox/toggle. That doesn't exist. Instead, you can just use the group name as an if statement.
E.g. If the user's group name = x then the user has access to the specific content page(s) on the frontend. Otherwise, they don't.
I know for a fact that there's an intranet site with different user level access levels and they went with the above-mentioned approach after we've had a chat about it.
If you dislike that then you can always just change the fields on your member by going to settings>member types>member and adding a checkbox or a true/false property editor and using that instead.
Then that specific member would have the following value "security": "1 or 0"
There are definitely several different options available.
Furthermore, if you're looking for a unique value per member then the email field is the way to go.
Also, if you still feel like I don't understand you then feel free to explain it better.
I understand your solution and I also described it above. But the thing with that solution is that the content is not actually security trimmed. What I mean by this is that by default all users have the same permissions to everything and the frontend has to handle it. What if there is information that it is very important that nobody without the correct permission is able to read, then Umbraco does not handle that for external providers, as far as I can see.
Identityproviders using Heartcore
Hi, I am currently evaluating Heartcore and I find it mostly rather great, but there is one big thing that I can't seem to figure out and that is how to make it work with other identity proiders tham just the built-in username/password. I would like to bea able to use Google, Microsoft, Facebook, Identityserver4, etc.
This is a BIG go or no go for me, could anyone point me to where I can find information regarding this?
Please, don't give me information about how to implement this is .NET since I am using Heartcore as a SaaS hence I will not be able to change, add or in other ways manipulate the backend code.
BR /Patrik
Hi Patrik.
Could you please elaborate on what you want to use the identity providers for?
Backoffice users or frontend users? Or perhaps something else?
Best, Darek
Hi,
For example, a person with a Microsoft AAD account should be able to login to "the site" and therefor "the site" will be able to retreive information from MS365 as well as from Umbraco and even other systems, but I would also want to be able to give that person/user/account specific permissions on/in "the system" (Umbraco).
User with M365 Account has to be able to be part of "Groups" in Umbraco.
/Patrik
Hi again.
I'm still a bit unsure whether you're talking about the frontend users or the backoffice ones.
Heartcore is a headless CMS which means that your backoffice and frontend are split
Only developers and content editors have access to the backoffice and the actual customers/users will only be accessing the frontend.
If you wish to integrate an external identity provider into Heartcore's backoffice then that is not possible.
If you wish to use one for your frontend then you can go ahead and do that just fine :)
Furthermore, we do have some members API endpoints in Heartcore: https://our.umbraco.com/documentation/Umbraco-Heartcore/API-Documentation/Content-Management/member/ https://our.umbraco.com/documentation/Umbraco-Heartcore/API-Documentation/Content-Management/member/group/ https://our.umbraco.com/documentation/Umbraco-Heartcore/API-Documentation/Content-Management/member/type/
You could use them to integrate your frontend identity provider with Heartcore's members feature, although I personally cannot see a use case for that.
I hope this helps 👍🏻
Best, Darek
Hi,
I am talking about frontend users. Since editiors will create content in Heartcore they have to be able to ad different kind of securities to different "pages" and other content. I am currently looking at this for an Intranet and there will be some sections that have to be able to be more secured then others. As for now I see that there is a possibility to create Member Groups and use them to create kind of what I want, but it lacks the possibility to add external users to these Member Groups, at least I haven't founf a way to do it.
I could create it my self if I get all data from Heartcore via a Proxy service, which I most likely would do since I don't want to expose the api-key and such. But since I don't receive any "Member Groups" property on the data I receive from Umbraco I don't se how this could be done.
This is a really common scenario within both Intranet, e-commerce, external web sites, so I am a bit suprised if it has not been taken in concideration.
/Patrik
Are you certain about the user group data not being there?
Try this:
Create a member in the backoffice or using this
Add the member to a group(make sure you have one) either by doing it manually in the backoffice or using this
Get the user by the username using this
This should return a response like the one below:
As you can see the group name is returned on the 4th line of the response body.
You can use that group value for the logic on the frontend that would allow for different access levels.
Was this what you were missing?
Yes, that works, but I need that data on the actual content/page/item (what ever you call it) if I am supposed to check it against som identity provider claims.
I have come up with a solution that kind of works and that is to add a field on the page called "Security" of the type "MemberGroupPicker" adn that field I could maybe use to check it. But I would sill think it would be in the system.
Do you actually really mean that you have no idea what I am trying to solve here? I mean in what ever CMS based web site or intranet (maybe mainly) editors want to add security to certain pages. In the case of Haartcore, I only have the possibility to add security on members and/or users built in to Heartcore..... I want to be able to extend that to external users as well.
What you want to achieve has to be done on the frontend and you can achieve it by using the API data returned from the member endpoint.
I can't see why you would want to return the member data on a page when it can be fetched using the member endpoint.
The response then returns the member group name that I've pointed you to after you've asked for it.
You want a "Security" checkbox/toggle. That doesn't exist. Instead, you can just use the group name as an if statement.
E.g. If the user's group name = x then the user has access to the specific content page(s) on the frontend. Otherwise, they don't.
I know for a fact that there's an intranet site with different user level access levels and they went with the above-mentioned approach after we've had a chat about it.
If you dislike that then you can always just change the fields on your member by going to settings>member types>member and adding a checkbox or a true/false property editor and using that instead.
Then that specific member would have the following value "security": "1 or 0"
There are definitely several different options available.
Furthermore, if you're looking for a unique value per member then the email field is the way to go.
Also, if you still feel like I don't understand you then feel free to explain it better.
I understand your solution and I also described it above. But the thing with that solution is that the content is not actually security trimmed. What I mean by this is that by default all users have the same permissions to everything and the frontend has to handle it. What if there is information that it is very important that nobody without the correct permission is able to read, then Umbraco does not handle that for external providers, as far as I can see.
Do you understand my concern better now?
is working on a reply...