We have a site in Azure that has Azure AD setup on the front end. This requires the user to login in with their Azure Active Directory account to view the front end. This all works well out of the box with Azure config and no additional customisation of Umbraco.
However; we also want to give access to users to Umbraco Backend using their AD account. I have setup and configured UmbracoCms.IdentityExtensions.AzureActiveDirectory perfectly. And this works like a charm, but only when the front end is not setup to use Azure AD. As soon as we turn on that in Azure, the users can not authenticate to the BackEnd.
But the two seem mutually exclusive because they each configure IAppBuilder app differently, specifically, the .RedirectUri's are different and back office configuration sets OpenIdConnectAuthenticationOptions.SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType
yes it's possible, you will need to have your owin startup cater for all scenarios, there's no package OOTB that will configure this for you so you will need to merge the required package settings from UmbracoIdentity and UmbracoCms.IdentityExtensions
Members and Users in umbraco are separate. So if you are planning on using the same AAD for both, Umbraco will still treat them differently and store the results differently. You will need bothUmbracoIdentity (for members) and UmbracoCms.IdentityExtensions (for users)
Azure Active Directory Issue
We have a site in Azure that has Azure AD setup on the front end. This requires the user to login in with their Azure Active Directory account to view the front end. This all works well out of the box with Azure config and no additional customisation of Umbraco.
However; we also want to give access to users to Umbraco Backend using their AD account. I have setup and configured UmbracoCms.IdentityExtensions.AzureActiveDirectory perfectly. And this works like a charm, but only when the front end is not setup to use Azure AD. As soon as we turn on that in Azure, the users can not authenticate to the BackEnd.
Has anyone seen this before?
Hugh, Did you manage to solve this? We have the same requirements but were struggling to get it to work
Jonas, did you solve this, we are also struggling to set this up.
I also want to set this up, so bump :)
This is what I'm trying to do, as well. I have several sites using Azure AD for Umbraco users on the Admin side. For that I followed: https://vimeo.com/224047478 and https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco/
And I've managed to get a sample of the front side AAD login working in a sample following - https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco-members/
But the two seem mutually exclusive because they each configure IAppBuilder app differently, specifically, the .RedirectUri's are different and back office configuration sets OpenIdConnectAuthenticationOptions.SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType
Hmm...?
I have not tried this yet, but here is Shannon's response: https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco-members/#disqus_thread
yes it's possible, you will need to have your owin startup cater for all scenarios, there's no package OOTB that will configure this for you so you will need to merge the required package settings from UmbracoIdentity and UmbracoCms.IdentityExtensions
Members and Users in umbraco are separate. So if you are planning on using the same AAD for both, Umbraco will still treat them differently and store the results differently. You will need bothUmbracoIdentity (for members) and UmbracoCms.IdentityExtensions (for users)
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.