search

umbraco / UmbracoIdentityExtensions

Code files & installation that enables easy extensibility points for ASP.Net Identity and the Umbraco back office
MIT License
38 stars 23 forks source link

UmbracoCms.IdentityExtensions.Microsoft access denied #32

Closed alessiodecastro closed 5 years ago

alessiodecastro commented 5 years ago

Hello, in my project I am currently using the following nugets:

After the installation/configuration of the Microsoft Identity Extension and related app registration on my live portal I cannot access the cms yet.

On the live portal I registred an App with implicit flow allowed and retunr URI: https://localhost:44325/umbraco-microsoft-signin the clientId and secret have been declared in the UmbracoStandardOwinStartup class as follows:

public class UmbracoStandardOwinStartup : UmbracoDefaultOwinStartup
    {
        public override void Configuration(IAppBuilder app)
        {
            base.Configuration(app);

            app.ConfigureBackOfficeMicrosoftAuth(
                "0c14dd28-f383-4324-aac8-6d0aa80ba2a8",
                "6****************"); 

        }
    }
}

.....

public static void ConfigureBackOfficeMicrosoftAuth(this IAppBuilder app, string clientId, string clientSecret,
            string caption = "Microsoft", string style = "btn-microsoft", string icon = "fa-windows")
        {
            var msOptions = new MicrosoftAccountAuthenticationOptions
            {
                ClientId = clientId,
                ClientSecret = clientSecret,
                SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
                CallbackPath = new PathString("/umbraco-microsoft-signin")
            };

            msOptions.ForUmbracoBackOffice(style, icon);
            msOptions.Caption = caption;
            app.UseMicrosoftAccountAuthentication(msOptions);
        }

The UmbracoStandardOwinStartup has been declared in the web config as owin startup. The execution of this configuration shows correctly the sign in button to access through Microsoft Account, after click it I am able to insert the microsoft account email, password, and grant access to the registred app but after the redirect to the specified URL I get again the login page: https://localhost:44324/umbraco/?error=access_denied#/login which is reporting access denied error. Nothing of explicit appears from umbraco logging, do you have any suggestion about the issue? Thanks in advance

Shazwazza commented 5 years ago

I think we need to remove the Microsoft provider. Are you trying to setup auth with Azure AD? see https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco/

Shazwazza commented 5 years ago

Closing this issue since the question was relating to Azure AD B2C (according to an email thread for this issue which has been removed ) which the Microsoft Provider is not meant for.