Umbraco 10 membership: external login and roles/claims
Hello
I am converting an Umbraco 7 site to Umbraco 10. It uses a CRM for membership login including providing the roles they belong to. In the CMS, the typical public access settings are used to lock down pages to those same CRM roles set up as equivalent member groups. In the umbraco 7 site, authentication was achieved with a Custom RoleProvider to obtain the roles from the CRM, and Umbraco did the rest.
How do I achieve the same thing in Umbraco 10 / net core? Using the following seems to achieve the login part (where UserID is a unique id from the CRM already verified by a login workflow not included here):
//https://our.umbraco.com/documentation/reference/querying/IMemberManager/
var memberIdentityUser = new MemberIdentityUser() {
UserName = authResult.UserID,
};
await _memberSignInManager.SignInAsync(memberIdentityUser, false);
however, the missing piece of the puzzle is the roles. Do they need to be added as claims somehow? I tried the following but it doesn’t work:
foreach (var crmRole in authResult.RoleGroups)
memberIdentityUser.AddRole(crmRole.RoleGroupName);
hi Ruder - thanks for the link. The User Identity object now has the claims i expected (and from what i understand they have the correct claim type, "http://schemas.microsoft.com/ws/2008/06/identity/claims/role").
Now, memberManager.IsLoggedIn() returns true but IsMemberAuthorizedAsync() still returns false so I suspect there's still an issue comparing the claims to the member groups defined in the public access section of Umbraco.
I'm finding hard to get a definitive answer if a member record needs to exist in Umbraco for this to all work. The idea is that i don't want to. Does anybody know?
Umbraco 10 membership: external login and roles/claims
Hello
I am converting an Umbraco 7 site to Umbraco 10. It uses a CRM for membership login including providing the roles they belong to. In the CMS, the typical public access settings are used to lock down pages to those same CRM roles set up as equivalent member groups. In the umbraco 7 site, authentication was achieved with a Custom RoleProvider to obtain the roles from the CRM, and Umbraco did the rest.
How do I achieve the same thing in Umbraco 10 / net core? Using the following seems to achieve the login part (where UserID is a unique id from the CRM already verified by a login workflow not included here):
however, the missing piece of the puzzle is the roles. Do they need to be added as claims somehow? I tried the following but it doesn’t work:
Is the only option to explore auto-linking? https://our.umbraco.com/documentation/reference/security/auto-linking/ That seems to still want a member record in Umbraco. Ideally that’s not what I want to do at all.
Thanks for any insight
Andrew
HI
please go through the below link. a wonderfull article by Poornima Nayar that help me to set the custom claims in umbraco 9
https://poornimanayar.co.uk/blog/member-login-with-umbraco-9/
i hope this help
Thanks
hi Ruder - thanks for the link. The User Identity object now has the claims i expected (and from what i understand they have the correct claim type, "http://schemas.microsoft.com/ws/2008/06/identity/claims/role").
Now, memberManager.IsLoggedIn() returns true but IsMemberAuthorizedAsync() still returns false so I suspect there's still an issue comparing the claims to the member groups defined in the public access section of Umbraco.
I'm finding hard to get a definitive answer if a member record needs to exist in Umbraco for this to all work. The idea is that i don't want to. Does anybody know?
thanks
or in other words - in umbraco 10, how can i implement a UmbracoRoleProvider like you could in 7? thanks
This video might give you some hints on how to do it: https://youtu.be/aouFfym_7Zs
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.