Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Owen Henry 6 posts 96 karma points
    Jan 13, 2022 @ 03:47
    Owen Henry

    Active Directory in Umbraco 9

    I'm coming back to Umbraco after having been away for several years. My company had been using DNN for its intranet, but we've grown sick of it and are beginning a long process of rebuilding in Umbraco. The first issue that we face is how to log in our staff on the front end using our on premise Active Directory. I've been looking around it seems as though most everything that I find is related to authenticating users to the back office.

    Can anyone point me in the right direction?

  • Owen Henry 6 posts 96 karma points
    Jan 14, 2022 @ 14:50
    Owen Henry

    As a follow up, I did find this topic that has some generalized steps in it. Can any one tell me if the steps in the answer from Kevin Jump would still be the same basic principles for v9?

  • Kevin Jump 2135 posts 13509 karma points MVP 6x c-trib
    Jan 14, 2022 @ 15:19
    Kevin Jump

    Hi Owen,

    I can't see the topic you are talking about, but if its the one i think it is (from quite a few years ago) then probably not 😔.

    Authentication has changed quite a bit since v4/6 when i did some Active directory integration, from memory that method involved a bit of hackery around role providers and the auth that the browser sent.

    I really haven't done much AD / External auth on the later versions, so i can't say what would be the best way to achive it now. but it probibly involves some form of OWIN authentication

    there was an Umbraco Identity package for Umbraco 8 - but i think even that isn't the v9 way to do it, mainly because authentication is much more 'standard' core now.

    this comment on the Umbraco Identity repo might have some good info in it :

    I noticed it has some Auzue AD B2C auth setup in it so it might be a place to look?

    I think the intention is that Umbraco works very much like any other core app, so if there is AD auth code out there for that, it might be you can use it for Umbraco ?

    Sorry i couldn't help anymore - i've been out of the AD intergration world for quite a while now.

  • Owen Henry 6 posts 96 karma points
    Jan 14, 2022 @ 16:27
    Owen Henry

    Thanks Kevin! I'm apparently quite scattered brained and completely failed to link to the topic, but I'm sure that it is the one you are thinking of, but just in case, for anyone else that stumbles on this I was referencing this post:

    The more I read stuff, I certainly get the same impression, that if I can find anything about AD auth for a normal .net core app that it should apply to v9 as well.

    Thanks again! Owen

  • Owen Henry 6 posts 96 karma points
    Feb 04, 2022 @ 19:03
    Owen Henry

    I finally figured out how to do this thank in part to this excellent write up by Scott Brady:

    Using that I was able to get to the point where I could see how to use the memberManager and siginInManager to hand the Windows authentication stuff off to Umbraco. So i ended up with this:

        public async Task<IActionResult> MemberLogin()
            var userName = User.Identity.Name; //Get username from Windows Authentication this will be in domain format PLCHNET\\username
            var user = await _memberManager.FindByNameAsync(userName); //See if the username has an umbraco member account
            if (user == null) {
                throw new NotImplementedException("No member found");
            await _signInManager.SignInAsync(user, false); //If the user account exists, sign in the user
            var returnUrl = HttpContext.Request.Query["returnUrl"].ToString(); //get the return url from the query string
            return new RedirectResult(returnUrl);

    Then on the login page I just placed a JS redirect to the path for that controller and appended the referring page as the return URL.

    Note that this only works if the member already has an account created in Umbraco. Scott's write up shows how to create members as well, which was a huge help but, I separated it out into different controllers because I'm running an AD sync task in Hangfire to create/update member accounts.

    Hope this helps!


  • mvbressler2008 3 posts 73 karma points
    Mar 10, 2022 @ 18:08

    Hi Owen, I'm new in NetCore and Umbraco. Can you provide a full working example for Active Directory Authentication?

  • Owen Henry 6 posts 96 karma points
    Mar 30, 2022 @ 13:59
    Owen Henry

    Hi mv, I'm sorry I'm just now getting back to you, I didn't see a notification that you replied. There really isn't much else to go along with that code. The only thing missing from it is the dependency injection. I hope you were able to work it out, if not let me know what you're stuck on and I'll be happy to try to help out.

  • mvbressler2008 3 posts 73 karma points
    Apr 09, 2022 @ 23:28

    Hi Owen

    I still can't see how to redirect to that action controller in the identity declaration in the umbraco project. That's why I'm requesting some full working sample, due to there are many things playing together.


  • Klaus Kunath 15 posts 83 karma points
    9 hours ago
    Klaus Kunath

    Hello mvbressler, I'm struggling with the same problem. Do you have a full working example with ad integration for the backend users?

  • Owen Henry 6 posts 96 karma points
    4 hours ago
    Owen Henry

    Hi Klaus,

    To call the login action I created a login template with the following code:

    @inherits Umbraco.Cms.Web.Common.Views.UmbracoViewPage<ContentModels.Login>
    @using Clean.Core.Models.ViewModels
    @using ContentModels = Umbraco.Cms.Web.Common.PublishedModels
        window.addEventListener('load', function() {
            window.location.replace("@Url.Action("MemberLogin", "ADMemberLogin", new{returnUrl = Context.Request.Path })")

    All that is doing is redirecting to that controller and action, and then setting the return URL in the query string. That's really it as far as the actual login goes. As I mentioned above I also used Scott's blog to be able to create members so that this login would work. I chose to have that be a separate process, but you could just as easily have it create/update the members on login.

    Let me know if you have any questions!


Please Sign in or register to post replies

Write your reply to: