Umbraco CMS
13.latest (LTS)
Ask or search…
K
Links

Add Azure Active Directory authentication (Members)

Learn how to use Azure Active Directory credentials to login to Umbraco as a member.
This tutorial takes you through configuring Azure Active Directory (Azure AD) for the member login on your Umbraco CMS website.
Azure AD conflicts with Umbraco ID which is the main authentication method used on all Umbraco Cloud projects.
Due to this, we highly recommend not using Azure AD for backoffice authentication on your Umbraco Cloud projects.
It is still possible to use other External Login Providers like Google Auth and OpenIdConnect, with Umbraco Cloud.

Prerequisites

  • A project with a setup for Members.
  • Visual Studio, or another Integrated Development Environment (IDE).

Step 1: Configure Azure AD

Before your applications can interact with Azure AD B2C, they must be registered with a tenant that you manage. For more information, see Microsoft's Tutorial: Create an Azure Active Directory B2C tenant.

Step 2: Install the NuGet package

You need to install the Microsoft.AspNetCore.Authentication.MicrosoftAccount NuGet package. There are two approaches to installing the packages:
  1. 1.
    Use your favorite Integrated Development Environment (IDE) and open up the NuGet Package Manager to search and install the packages.
  2. 2.
    Use the command line to install the package.

Step 3: Implement the Azure AD Authentication

  1. 1.
    Create a new class for custom configuration options: AzureB2CMembersExternalLoginProviderOptions.cs.
AzureB2CMembersExternalLoginProviderOptions.cs
1
using Microsoft.Extensions.Options;
2
using Umbraco.Cms.Core;
3
using Umbraco.Cms.Web.Common.Security;
4
5
namespace MyApp;
6
7
public class AzureB2CMembersExternalLoginProviderOptions : IConfigureNamedOptions<MemberExternalLoginProviderOptions>
8
{
9
public const string SchemeName = "ActiveDirectoryB2C";
10
11
public void Configure(string? name, MemberExternalLoginProviderOptions options)
12
{
13
if (name != Constants.Security.MemberExternalAuthenticationTypePrefix + SchemeName)
14
{
15
return;
16
}
17
18
Configure(options);
19
}
20
21
public void Configure(MemberExternalLoginProviderOptions options)
22
{
23
// The following options are relevant if you
24
// want to configure auto-linking on the authentication.
25
options.AutoLinkOptions = new MemberExternalSignInAutoLinkOptions(
26
27
// Set to true to enable auto-linking
28
autoLinkExternalAccount: true,
29
30
// [OPTIONAL]
31
// Default: The culture specified in appsettings.json.
32
// Specify the default culture to create the Member as.
33
// It can be dynamically assigned in the OnAutoLinking callback.
34
defaultCulture: null,
35
36
// [OPTIONAL]
37
// Specify the default "IsApproved" status.
38
// Must be true for auto-linking.
39
defaultIsApproved: true,
40
41
// [OPTIONAL]
42
// Default: "Member"
43
// Specify the Member Type alias.
44
defaultMemberTypeAlias: Constants.Security.DefaultMemberTypeAlias
45
46
)
47
{
48
// [OPTIONAL] Callbacks
49
OnAutoLinking = (autoLinkUser, loginInfo) =>
50
{
51
// Customize the Member before it's linked.
52
// Modify the Members groups based on the Claims returned
53
// in the external login info.
54
},
55
OnExternalLogin = (user, loginInfo) =>
56
{
57
// Customize the Member before it is saved whenever they have
58
// logged in with the external provider.
59
// Sync the Members name based on the Claims returned
60
// in the external login info
61
62
// Returns a boolean indicating if sign-in should continue or not.
63
return true;
64
}
65
};
66
}
67
}
  1. 2.
    Create a new static extension class called MemberAuthenticationExtensions.cs.
MemberAuthenticationExtensions.cs
1
namespace MyApp;
2
3
public static class MemberAuthenticationExtensions
4
{
5
public static IUmbracoBuilder ConfigureAuthenticationMembers(this IUmbracoBuilder builder)
6
{
7
builder.Services.ConfigureOptions<AzureB2CMembersExternalLoginProviderOptions>();
8
builder.AddMemberExternalLogins(logins =>
9
{
10
builder.Services.ConfigureOptions<AzureB2CMembersExternalLoginProviderOptions>();
11
builder.AddMemberExternalLogins(logins =>
12
{
13
logins.AddMemberLogin(
14
membersAuthenticationBuilder =>
15
{
16
membersAuthenticationBuilder.AddMicrosoftAccount(
17
18
// The scheme must be set with this method to work for the external login.
19
membersAuthenticationBuilder.SchemeForMembers(AzureB2CMembersExternalLoginProviderOptions.SchemeName),
20
options =>
21
{
22
// Callbackpath: Represents the URL to which the browser should be redirected to.
23
// The default value is /signin-oidc.
24
// This needs to be unique.
25
options.CallbackPath = "/umbraco-b2c-members-signin";
26
27
//Obtained from the AZURE AD B2C WEB APP
28
options.ClientId = "YOURCLIENTID";
29
//Obtained from the AZURE AD B2C WEB APP
30
options.ClientSecret = "YOURCLIENTSECRET";
31
32
options.SaveTokens = true;
33
});
34
});
35
});
36
});
37
return builder;
38
});
39
}
40
}
Ensure to replace YOURCLIENTID and YOURCLIENTSECRET in the code with the values from the Azure AD tenant.
  1. 4.
    Add the Members authentication configuration in the Program.cs file:
Program.cs
1
builder.CreateUmbracoBuilder()
2
.AddBackOffice()
3
.AddWebsite()
4
.AddDeliveryApi()
5
.AddComposers()
6
//Add Members ConfigureAuthentication
7
.ConfigureAuthenticationMembers()
8
.Build();
  1. 5.
    Build the project.
  2. 6.
    Run the website.
AD Login Screen