search

mattbrailsford / umbraco-authu

An Umbraco plugin to add an OAuth API endpoint to allow authenticated Members/Users via OAuth
MIT License
71 stars 22 forks source link

It's possible to use with AD authentication? #8

Closed biapar closed 7 years ago

biapar commented 7 years ago

It's possible to use with AD authentication?

mattbrailsford commented 7 years ago

Sorry, but i'm going to need a little more context? What are you actually trying to achieve?

biapar commented 7 years ago

Hi, I've configured identity in Umbraco ( see https://github.com/Shazwazza/UmbracoIdentity ) and configured for Active Directory authentication for backoffice. This step works. Now, I activated the OAuth integrated server, but I wish an OAuth server for Umbraco membership and user.

Into UmbracoIdentityStartup: `app.ConfigureUserManagerForUmbracoBackOffice<BackOfficeUserManager, BackOfficeIdentityUser>( ApplicationContext, (options, context) => { var membershipProvider = MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider(); var userManager = BackOfficeUserManager.Create(options, ApplicationContext.Services.UserService, ApplicationContext.Services.ExternalLoginService, membershipProvider);

                // Call custom passowrd checker.
                userManager.BackOfficeUserPasswordChecker = new BackofficeMembershipProviderPasswordChecker();

                return userManager;
            });

`

Into a my class: `public class BackofficeMembershipProviderPasswordChecker : IBackOfficeUserPasswordChecker { public Task CheckPasswordAsync(BackOfficeIdentityUser user, string password) { // Access provider. if (Membership.Providers["BackofficeMembershipProvider"] == null) { throw new InvalidOperationException("Provider 'BackofficeMembershipProvider' is not defined."); } var adProvider = Membership.Providers["BackofficeMembershipProvider"];

        // Check the user's password.
        var validUser = adProvider.ValidateUser(user.UserName, password) ? Task.FromResult(BackOfficeUserPasswordCheckerResult.ValidCredentials) : Task.FromResult(BackOfficeUserPasswordCheckerResult.InvalidCredentials);

        return validUser;
    }
}

`

Into web.config: <add name="BackofficeMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="DOMINIO\ABCXYZ" connectionPassword="password"/>

mattbrailsford commented 7 years ago

Hi, Thanks for the extra info. I can't say I've really tried using AuthU with the UmbracoIdentity add on. The aim of AuthU was to be a simpler implementation not requiring the use of OWIN as IMO this just makes things really complicated (as you are finding).

AuthU does come with "UserService" for both Umbraco user and members, so it is possible to configure it for both (see the docs here https://github.com/mattbrailsford/umbraco-authu). If you want to connect AD though, then you have two options, either try and get UmbracoIdentity to work with AuthU so you can just call umbraco API's, or create a custom AuthU UserService to access AD directly. Unfortunately neither of these are out of the box and so would require you to do some custom development.

You'd need to implement the IOAuthUserService interface which you can find here https://github.com/mattbrailsford/umbraco-authu/blob/master/src/Our.Umbraco.AuthU/Interfaces/IOAuthUserService.cs, and you can find some example implementations here https://github.com/mattbrailsford/umbraco-authu/tree/master/src/Our.Umbraco.AuthU/Services.

Hopefully this will give you a good starting point.

Many thanks

Matt

biapar commented 6 years ago

And for socials?