Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Ayo Adesina 430 posts 1023 karma points
    Mar 04, 2021 @ 16:34
    Ayo Adesina
    0

    Using Identity server and Azure Active Directory With Umbraco

    I have a project that uses Identity server 3 the front end so users can login. - This is working fine.

    Now I want to set up Azure Active Directory so users can log in to the back office.

    The problem I have is:

    It works when you login to the backoffice, I can log in and out 10 times no problem.

    But when I log in to the front end using Identity server, even though that works.

    If you then try and login to back office again using Azure Active Directory it seems to go to microsoft and redirect to the correct URL, but all you see is the Login sreen and then you can no longer login using Active Directory.

    This is my start-up class that configures both Azure Active directory & Identity server.

     private readonly ISettingsService _settingsService;
    
    public UmbracoStandardOwinStartup()
    {
        _settingsService = ServiceLocator.Current.GetInstance<ISettingsService>();
    }
    
    public override void Configuration(IAppBuilder app)
    {
        //ensure the default options are configured
        base.Configuration(app);
    
        app.ConfigureBackOfficeAzureActiveDirectoryAuth(
            //The Tenant can also be "YOURDIRECTORYNAME.onmicrosoft.com"
            tenant: ConfigurationManager.AppSettings["azureAd:tenantId"],
            clientId: ConfigurationManager.AppSettings["azureAd:clientId"],
            //The value of this will need to change depending on your current environment
            postLoginRedirectUri: ConfigurationManager.AppSettings["azureAd:redirectUrl"],
            //This is the same as the TenantId
            issuerId: new Guid(ConfigurationManager.AppSettings["azureAd:tenantId"]));
    
    }
    
    protected override void ConfigureServices(IAppBuilder app)
    {
        //Error if you don't use this: No Umbraco.Core.Security.IBackOfficeUserManagerMarker has been registered with Owin which means that no Umbraco back office user manager has been registered
        base.ConfigureServices(app);
    
    
    
        //Single method to configure the Identity user manager for use with Umbraco
        app.ConfigureUserManagerForUmbracoMembers<UmbracoApplicationMember>();
    
        //Single method to configure the Identity user manager for use with Umbraco
        app.ConfigureRoleManagerForUmbracoMembers<UmbracoApplicationRole>();
    }
    
    protected override void ConfigureMiddleware(IAppBuilder app)
    {
        //Ensure owin is configured for Umbraco back office authentication. If you have any front-end OWIN
        // cookie configuration, this must be declared after it.
        app
        .UseUmbracoBackOfficeCookieAuthentication(ApplicationContext, PipelineStage.Authenticate)
        .UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext, PipelineStage.Authenticate);
    
        // Enable the application to use a cookie to store information for the 
        // signed in user and to use a cookie to temporarily store information 
        // about a user logging in with a third party login provider 
        // Configure the sign in cookie
        app.UseCookieAuthentication(new FrontEndCookieAuthenticationOptions
        {
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user 
                // logs in. This is a security feature which is used when you 
                // change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator
                    .OnValidateIdentity<UmbracoMembersUserManager<UmbracoApplicationMember>, UmbracoApplicationMember, int>(
                        TimeSpan.FromMinutes(_settingsService.AuthCookieTimeoutMinutes()),
                        (manager, user) => user.GenerateUserIdentityAsync(manager),
                        IdentityExtensions.GetUserId<int>)
            },
            CookieName = _settingsService.AuthCookieName(),
            ExpireTimeSpan = TimeSpan.FromMinutes(_settingsService.AuthCookieTimeoutMinutes()),
            SlidingExpiration = true
        }, PipelineStage.Authenticate);
    
        // Uncomment the following lines to enable logging in with third party login providers
    
        //app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    
        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
    
        app.ConfigureIdentityServer();
    
        //Lasty we need to ensure that the preview Middleware is registered, this must come after
        // all of the authentication middleware:
        app.UseUmbracoPreviewAuthentication(ApplicationContext, PipelineStage.Authorize);
    }
    
Please Sign in or register to post replies

Write your reply to:

Draft