Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Biagio Paruolo 1594 posts 1825 karma points c-trib
    May 23, 2018 @ 14:54
    Biagio Paruolo
    0

    Umbraco 7.10.+ and Active Directory Authentication: the guide is not valid and we are not able to connect to backoffice with AD

    Extending Umbraco and using the API
    Umbraco 7

    Hi,

    I configured Umbraco with a new OWIN startup like this:

    using Microsoft.Owin;
using Owin;
using Umbraco.Core;
using Umbraco.Core.Security;
using Umbraco.Web;
using Umbraco.Web.Security.Identity;
using Umbraco.Core.Models.Identity;
using Umbraco.IdentityExtensions;
using DocManagement_WorkFlow;


//To use this startup class, change the appSetting value in the web.config called 
// "owin:appStartup" to be "UmbracoStandardOwinStartup"

[assembly: OwinStartup("UmbracoStandardOwinStartup", typeof(UmbracoStandardOwinStartup))]

namespace DocManagement_WorkFlow
{
    /// <summary>
    /// The standard way to configure OWIN for Umbraco
    /// </summary>
    /// <remarks>
    /// The startup type is specified in appSettings under owin:appStartup - change it to "StandardUmbracoStartup" to use this class
    /// </remarks>
    public class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
    {
        public override void Configuration(IAppBuilder app)
        {
            //ensure the default options are configured
            base.Configuration(app);

            /* 
             * Configure external logins for the back office:
             * 
             * Depending on the authentication sources you would like to enable, you will need to install 
             * certain Nuget packages. 
             * 
             * For Google auth:                 Install-Package UmbracoCms.IdentityExtensions.Google
             * For Facebook auth:                   Install-Package UmbracoCms.IdentityExtensions.Facebook
             * For Microsoft auth:                  Install-Package UmbracoCms.IdentityExtensions.Microsoft
             * For Azure ActiveDirectory auth:      Install-Package UmbracoCms.IdentityExtensions.AzureActiveDirectory
             * 
             * There are many more providers such as Twitter, Yahoo, ActiveDirectory, etc... most information can
             * be found here: http://www.asp.net/web-api/overview/security/external-authentication-services
             * 
             * For sample code on using external providers with the Umbraco back office, install one of the 
             * packages listed above to review it's code samples 
             *  
             */

            /*
             * To configure a simple auth token server for the back office:
             *             
             * By default the CORS policy is to allow all requests
             * 
             *      app.UseUmbracoBackOfficeTokenAuth(new BackOfficeAuthServerProviderOptions());
             *      
             * If you want to have a custom CORS policy for the token server you can provide
             * a custom CORS policy, example: 
             * 
             *      app.UseUmbracoBackOfficeTokenAuth(
             *          new BackOfficeAuthServerProviderOptions()
             *              {
             *                  //Modify the CorsPolicy as required
             *                  CorsPolicy = new CorsPolicy()
             *                  {
             *                      AllowAnyHeader = true,
             *                      AllowAnyMethod = true,
             *                      Origins = { "http://mywebsite.com" }                
             *                  }
             *              });
             */

            // active directory authentication
            var applicationContext = ApplicationContext.Current;

            app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>(
                applicationContext,
                (options, context) =>
                {
                    var membershipProvider = Umbraco.Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider();
                    var settingContent = Umbraco.Core.Configuration.UmbracoConfig.For.UmbracoSettings().Content;
                    var userManager = BackOfficeUserManager.Create(
                        options,
                        applicationContext.Services.UserService,
                        applicationContext.Services.EntityService,
                        applicationContext.Services.ExternalLoginService,
                        membershipProvider,
                        settingContent
                    );

                    userManager.BackOfficeUserPasswordChecker = new ActiveDirectoryBackOfficeUserPasswordChecker();
                    return userManager;
                });


        }



    }
}

    and configure web.config and umbracoSettings

    web.config

     <add key="ActiveDirectoryDomain" value="linde.grp" />
  <add connectionString="LDAP://x.y.z.k:389/DC=abc,DC=pippo,DC=grp" name="ADConnectionString" />

 <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
      <providers>
        <clear />
        <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="10" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" allowManuallyChangingPassword="false" />

        <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" />

        <add name="BackofficeMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="PIPPO\UTENTE" connectionPassword="password" />

      </providers>
    </membership>

    umbracoSettings

     <providers>
    <users>
      <DefaultBackofficeProvider>BackofficeMembershipProvider</DefaultBackofficeProvider>
    </users>
  </providers>

    How to authenticate to AD? I create the backoffice user with username=AD login.

    Copy Link
  • David Peck 687 posts 1863 karma points c-trib
    May 24, 2018 @ 06:34
    David Peck
    0

    I'll reply more fully when I'm in the office but I think your web.config but I'd wrong. If you IIS server is controlled by AD then you don't need to set it up in the web.config. you do however have to add your owin class as an app setting (check the documentation).

    Can I suggest you install the nuget package (again mentioned in the documentation)? That's how I always started and it works fine.

    AD users need to match Umbraco user names too.

    Copy Link
  • Biagio Paruolo 1594 posts 1825 karma points c-trib
    May 24, 2018 @ 06:55
    Biagio Paruolo
    0

    Hi,

    I made everything what you said and I follow the guide. The IIS is not into AD. Maybe is not reported something into docs.

    Copy Link
  • David Peck 687 posts 1863 karma points c-trib
    May 24, 2018 @ 08:49
    David Peck
    0

    Gotcha...

    I've not tried connecting to an AD which the computer is not part of.

    Is it an option to use Azure AD? There is a specific package for that: Install-Package UmbracoCms.IdentityExtensions.AzureActiveDirectory

    Copy Link
  • Biagio Paruolo 1594 posts 1825 karma points c-trib
    May 24, 2018 @ 09:18
    Biagio Paruolo
    0

    No Azure

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft