Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • bh 444 posts 1544 karma points
    Nov 07, 2023 @ 16:04
    bh
    0

    Add OIDC Azure AD Auth to all Frontend Pages

    My goal is to authenticate all website visitors to any frontend page via Azure AD. I've had no trouble completing this in other .NET Core web apps, but implementing it in Umbraco 12.2 has proven challenging!

    I found some posts doing similar auth like this https://docs.umbraco.com/umbraco-cms/tutorials/add-azure-active-directory-authentication and this https://www.scottbrady91.com/umbraco/frontend-members-sso-openid-connect . There's even a package out there https://marketplace.umbraco.com/package/umbraco.community.azuresso

    But, none of these match exactly what I was hoping to accomplish. I don't really want all of those memberships.

    Here's what I've tried so far...

    I registered my app in portal.azure.com and setup the redirect URLs including: https://localhost:44314/signin-oidc

    I created a class AzureADAuth.cs

    public static class AzureADAuth
{
    public static IUmbracoBuilder ConfigureAzureADAuth(this IUmbracoBuilder builder, IConfiguration config)
    {
        builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApp(config.GetSection("AzureAd"));

        builder.Services.AddControllersWithViews(options =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        });
        return builder;
    }
}

    Then I added a call to that in my Startup.cs

    public void ConfigureServices(IServiceCollection services)
{
    services.AddUmbraco(_env, _config)
        .AddBackOffice()
        .AddWebsite()
        .AddDeliveryApi()
        .AddComposers()

        // ADD AZURE AD AUTH
        .ConfigureAzureADAuth(_config)

        .Build();
}

    And this bit was added to the Configure in Startup.cs

    app.UseAuthentication();
app.UseAuthorization();

    Added the Azure AD credentials to appsettings.json

    "AzureAd": {
  "Instance": "https://login.microsoftonline.com/",
  "Domain": "ourdomain.onmicrosoft.com",
  "ClientId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
  "TenantId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
},

    The end result is a 404.15 Error.

    The request filtering module is configured to deny a request where the query string is too long.

    The requested URL: https://localhost:44314/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%**shortened for brevity

    Any pointers on how to resolve this issue trying to implement OIDC Azure AD Auth to all frontend pages?

    Copy Link
  • phil barker 2 posts 72 karma points
    Jan 23, 2024 @ 04:09
    phil barker
    0

    Hi, we have the same issue trying to authenticate with Azure Active Directory from a new website built on Umbraco 12 and .Net Core. Were you ever able to solve this problem? We have a working solution for an old Umbraco 7 site which we are trying to move away from. However, without AAD authentication we cannot move forward.

    Copy Link
  • bh 444 posts 1544 karma points
    Jan 23, 2024 @ 16:00
    bh
    0

    @philbarker I made some strides on this, but I have not yet cracked the nut.

    I found this documentation helpful https://docs.umbraco.com/umbraco-cms/reference/security/external-login-providers and more specifically this documentation got me still closer https://docs.umbraco.com/umbraco-cms/tutorials/add-azure-active-directory-authentication

    I'm close, but the provided documentation works with multi-tenant Azure AD. Ours is a single-tenant Azure AD, and thus I'm stuck. I get the oidc login screen, but I get an error when I attempt to login that a multi-tenant Azure AD is required.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft