Using Identity server and Azure Active Directory With Umbraco
I have a project that uses Identity server 3 the front end so users can login. - This is working fine.
Now I want to set up Azure Active Directory so users can log in to the back office.
The problem I have is:
It works when you login to the backoffice, I can log in and out 10 times no problem.
But when I log in to the front end using Identity server, even though that works.
If you then try and login to back office again using Azure Active Directory it seems to go to microsoft and redirect to the correct URL, but all you see is the Login sreen and then you can no longer login using Active Directory.
This is my start-up class that configures both Azure Active directory & Identity server.
private readonly ISettingsService _settingsService;
public UmbracoStandardOwinStartup()
{
_settingsService = ServiceLocator.Current.GetInstance<ISettingsService>();
}
public override void Configuration(IAppBuilder app)
{
//ensure the default options are configured
base.Configuration(app);
app.ConfigureBackOfficeAzureActiveDirectoryAuth(
//The Tenant can also be "YOURDIRECTORYNAME.onmicrosoft.com"
tenant: ConfigurationManager.AppSettings["azureAd:tenantId"],
clientId: ConfigurationManager.AppSettings["azureAd:clientId"],
//The value of this will need to change depending on your current environment
postLoginRedirectUri: ConfigurationManager.AppSettings["azureAd:redirectUrl"],
//This is the same as the TenantId
issuerId: new Guid(ConfigurationManager.AppSettings["azureAd:tenantId"]));
}
protected override void ConfigureServices(IAppBuilder app)
{
//Error if you don't use this: No Umbraco.Core.Security.IBackOfficeUserManagerMarker has been registered with Owin which means that no Umbraco back office user manager has been registered
base.ConfigureServices(app);
//Single method to configure the Identity user manager for use with Umbraco
app.ConfigureUserManagerForUmbracoMembers<UmbracoApplicationMember>();
//Single method to configure the Identity user manager for use with Umbraco
app.ConfigureRoleManagerForUmbracoMembers<UmbracoApplicationRole>();
}
protected override void ConfigureMiddleware(IAppBuilder app)
{
//Ensure owin is configured for Umbraco back office authentication. If you have any front-end OWIN
// cookie configuration, this must be declared after it.
app
.UseUmbracoBackOfficeCookieAuthentication(ApplicationContext, PipelineStage.Authenticate)
.UseUmbracoBackOfficeExternalCookieAuthentication(ApplicationContext, PipelineStage.Authenticate);
// Enable the application to use a cookie to store information for the
// signed in user and to use a cookie to temporarily store information
// about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new FrontEndCookieAuthenticationOptions
{
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user
// logs in. This is a security feature which is used when you
// change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator
.OnValidateIdentity<UmbracoMembersUserManager<UmbracoApplicationMember>, UmbracoApplicationMember, int>(
TimeSpan.FromMinutes(_settingsService.AuthCookieTimeoutMinutes()),
(manager, user) => user.GenerateUserIdentityAsync(manager),
IdentityExtensions.GetUserId<int>)
},
CookieName = _settingsService.AuthCookieName(),
ExpireTimeSpan = TimeSpan.FromMinutes(_settingsService.AuthCookieTimeoutMinutes()),
SlidingExpiration = true
}, PipelineStage.Authenticate);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
app.ConfigureIdentityServer();
//Lasty we need to ensure that the preview Middleware is registered, this must come after
// all of the authentication middleware:
app.UseUmbracoPreviewAuthentication(ApplicationContext, PipelineStage.Authorize);
}
Using Identity server and Azure Active Directory With Umbraco
I have a project that uses Identity server 3 the front end so users can login. - This is working fine.
Now I want to set up Azure Active Directory so users can log in to the back office.
The problem I have is:
It works when you login to the backoffice, I can log in and out 10 times no problem.
But when I log in to the front end using Identity server, even though that works.
If you then try and login to back office again using Azure Active Directory it seems to go to microsoft and redirect to the correct URL, but all you see is the Login sreen and then you can no longer login using Active Directory.
This is my start-up class that configures both Azure Active directory & Identity server.
is working on a reply...