Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Nathan 4 posts 76 karma points
    May 25, 2022 @ 20:46
    Nathan
    0

    Active Directory (Windows) authentication for Umbraco 9?

    I'm looking for the equivalent of this v8 article showing how to authenticate back office users using AD, but for Umbraco 9 https://our.umbraco.com/documentation/reference/security/authenticate-with-AD

    Searching the forums seems only to turn up suggestion to use OpenID provider for Umbraco 9 https://our.umbraco.com/documentation/reference/security/external-login-providers/

    This isn't the solution I really want to use as I'm already familiar and happy with the simple method of Windows Active Directory authentication. Is this simply not an option any longer because of the move to .Net 5? Seems hard to believe but I can't find any search results on how to get it to work.

    Please respond if you have any insight, thanks.

    Copy Link
  • Nathan 4 posts 76 karma points
    Jun 16, 2022 @ 16:33
    Nathan
    2

    This was fairly simple after I found the right combination of articles.

    https://our.umbraco.com/documentation/reference/security/

    https://stackoverflow.com/questions/290548/validate-a-username-and-password-against-active-directory

    1. install nuget package "System.DirectoryServices.AccountManagement"
    2. create the password checker class

    3. Add the password checker to services in startup.cs

      using System.DirectoryServices.AccountManagement;


public class MyPasswordChecker : IBackOfficeUserPasswordChecker
{
    public Task<BackOfficeUserPasswordCheckerResult> CheckPasswordAsync(BackOfficeIdentityUser user, string password)
    {
        using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"))
        {
            // validate the credentials
            return pc.ValidateCredentials(user.UserName, password)
                ? Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials)
                : Task.FromResult(BackOfficeUserPasswordCheckerResult.InvalidCredentials);
        }
    }
}


public void ConfigureServices(IServiceCollection services)
    {
        services.AddUmbraco(_env, _config)
            .AddBackOffice()
            .AddWebsite()
            .AddComposers()
            .Build();



          services.AddUnique&lt;IBackOfficeUserPasswordChecker, MyPasswordChecker&gt;();
}
    Copy Link
  • Michal 4 posts 74 karma points
    Oct 02, 2022 @ 06:19
    Michal
    0

    hi, I also developed this way in Umberco 10, but I ran into a problem: if the username entered in the login screen does not exist in Umbraco then MyPasswordChecker() does not run, instead Umbraco will immediately fall back to its internal checks (default Umbraco behavior).

    Did you manage to work around the problem?

    Tanks,

    Copy Link
  • Nathan 4 posts 76 karma points
    Nov 29, 2022 @ 21:41
    Nathan
    0

    I haven't, as we actually prefer it work this way so we have fine control and whitelist who can login. I'm not familiar with how to completely replace the login process to get around needing Umbraco Users, maybe the OpenID Connect feature could be of use?

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft