Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • AnandBhopale 54 posts 172 karma points
    May 11, 2021 @ 09:52
    AnandBhopale
    0

    Adding Backoffice user to Group dynamically

    hi,

    I have setup back office with Azure Active Directory. In AD, I have two user groups

    1. Content Designer (to be mapped to Administrator in Umbraco)
    2. Content Author (to be mapped to Writter in Umbraco)

    Users are added to these two groups in active directory respectively and I am getting correct values in Claims for logged in user

    So in in Extension Class, I have code to auto link user with Umbraco

    ExternalSignInAutoLinkOptions externalSignInAutoLink  = new ExternalSignInAutoLinkOptions(
            autoLinkExternalAccount: true,
            defaultUserGroups: new[] { groupname },
            defaultCulture: "en-US");


        externalSignInAutoLink.OnAutoLinking = (BackOfficeIdentityUser user, ExternalLoginInfo info) =>
        {
            var extClaim = info.Email;// loginInfo.ExternalIdentity.FindFirst("emailaddress");
            user.Claims.Add(new Umbraco.Core.Models.Identity.IdentityUserClaim<int>
            {
                ClaimType = ClaimTypes.Email,
                ClaimValue = extClaim
            });

            extClaim = info.DefaultUserName;
            user.Claims.Add(new Umbraco.Core.Models.Identity.IdentityUserClaim<int>
            {
                ClaimType = ClaimTypes.Name,
                ClaimValue = extClaim
            });
        };

        BackOfficeExternalLoginProviderOptions backofficeLogin = new BackOfficeExternalLoginProviderOptions();
        backofficeLogin.AutoLinkOptions = externalSignInAutoLink;
        backofficeLogin.DenyLocalLogin = true;
        backofficeLogin.AutoRedirectLoginToExternalProvider = true;


        adOptions.SetBackOfficeExternalLoginProviderOptions(backofficeLogin);

    But I have problem with passing groupname (either Administrator or Editor based on logined user's group) to autolink dynamically during login. Because code getting setup at start up and then autolink is getting called afterwards.

    Also, Is there any way to resync profile after changed in the group in AD ? Currently sync works only for the first time.

    Please guide me on how to achieve this.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft