Clarification: How do I use this package?

[John-Blair]

I am confused - I initially thought this package would be used to allow MEMBERS to login to umbraco using Google/Facebook etc via Oauth and OId - but all the comments appear to mention that is it for use for Back Office USERS. This makes no sense to me e.g. why would you need this and how would you assign permissions to such users e.g. to access a new plugin section.

Am I missing something?

Can it b used for Member login? If so, how does the Umbraco Member get initialised?

Also, in the package readme - why not put a clear set of instructions of the steps needed to make this work e.g. config steps and code steps - along the lines if a "hello world" example?

Sorry, but just saying take a look in the code is not very helpful to those unfamiliar with the code.

Better still, why not create a video showing how it should be done - for Google/Facebook/Apple as a minimum?

Thanks.

Label: Category/Question

[John-Blair]

Ah Umbraco Members uses the Membership Provider and not ASP.Net Identity - the latter is used for back office Users only.

I am still curious as to how you would setup permissions for these users given you don't know in advance who they would be?

[Shazwazza]

Yes, this is used for the back office users, it is to assist with enabling external login providers (OAuth) for the back office.

I entirely agree that documentation on this is very sparse and needs a lot of work. Some of that is being worked on for 8.9 which is all about improving these features of external login providers for the back office. For now unfortunately, the documentation is basically with the code installed in this package. Installing this package will add code to your project that you can read, use and tweak there's also readme's that are shown after package installation.

I have an example on my own blog https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco/

Also ASP.Net Identity is a beast on it's own and this package along with Umbraco itself just allows ASP.Net identity code to be used but you still need to write that integration code and understand how it works. If you haven't setup external login provider with ASP.Net Identity outside of Umbraco (like in a normal MVC website) you'll need to do that first and understand how it works since you'll need that knowledge in order to plug these providers into Umbraco in the same way.

Members are different and to enable ASP.NET Identity for members (front-end) in Umbraco you need to use my community package: https://github.com/shazwazza/UmbracoIdentity

I have a similar example for that on my blog too https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco-members/

[John-Blair]

Thanks a lot for the quick reply. I'll take a look at your links.

I found this article which helped a lot. Just pasting it here in case its of use to anyone else. It became much clearer when I saw in that article that you create a user account as normal and then link it to say your google account! Which makes a lot of sense now. And I also see you can also avoid creating users and assign them default roles e.g. admin.

https://umbraco.com/blog/log-into-umbraco-with-google-authentication/?_ga=2.240193857.397920218.1602583027-1210310562.1557930005

[John-Blair]

@Shazwazza , FYI I've managed to get Google Authentication working on my live site for back office users - thanks for your help. Thought i'd do that first before looking at the members.

It works really well - good job by the umbraco team.

One thing that puzzles me is the CallbackPath setting in UmbracoGoogleAuthExtensions.cs - its configured to be the same in the OAuth Client Credentials (screenshot below), but doesn't seem to get used. Once logged in by Google - I get redirected to the backoffice content tree as I usually would. Was wondering what the point of this CallbackPath is?

Is there a handler or module behind that path that does the umbraco user login? Thanks.

`//  By default this is '/signin-google', you will need to change that default value in your
                //  Google developer settings for your web-app in the "REDIRECT URIS" setting
                CallbackPath = new PathString("/umbraco-google-signin")`

[John-Blair]

Ah found it - it logs in the umbraco user associated with external login and redirects to /umbraco

[Shazwazza]

Hi @John-Blair, some more info for you:

It became much clearer when I saw in that article that you create a user account as normal and then link it to say your google account! Which makes a lot of sense now

That is the typical way this can be used but we also have an AutoLinking feature for more corporate scenarios like when you have Azure Active Directory enabled and you want to control from your external login provider. In which case you want the local users created automatically. In the simplistic case, you can just enable autolinking and tell it to by default assign a user to one specific hard coded group. Else you can use the OnAutoLinking callback to modify the back office user instance that is being created, so you can dynamically modify that instance and it's groups based on the Claims returned from your external login provider. Unfortunately the documentation isn't great on this one either and is missing more info but you can find it here https://our.umbraco.com/Documentation/Reference/Security/auto-linking

There's also another callback called OnExternalLogin which executes whenever a user is successfully logged in with an external provider. This provides the ability to sync data from the external login to the user being logged in, such as their name, etc... or maybe you want to re-align their groups.

These sorts of things are being enhanced in 8.9, there's some info on the blog about it here https://umbraco.com/blog/umbraco-89-release-candidate/

[John-Blair]

Hi @Shazwazza ,

For others I created a video to guide them through the coding and setup of a simple linking of a Backoffice User to a Google Sign In using OAuth - and added it the the Our Umbraco community videos page. https://www.youtube.com/watch?v=OO9WFeWr5yw&list=PLzjlY-50t_3VQFKymxk3NnhPYaKkjK1nZ&index=28

I am thinking of taking a look at Member login using your UmbracoIdentity package - but instead of using Active Directory as External Provider - I just wanted to use Google Sign In in a similar manner to backoffice users by linking a Member to a Google Account - is that possible? I couldn't see an obvious way of linking a member account to a google sign in account - like i did for backoffice users?

Ideally, I'd like this member Goggle Sign In to work in tandem with my already configured Google sign in for backoffice Users - do you foresee any conflicts or gotchas that I should be aware of - e.g. is there something i need to do to link both? I understand the need to configure securityStamp for member types.

Thanks!

[Shazwazza]

Hi @John-Blair

Nice work, please feel free to add this link to the readme of this project and/or the https://github.com/umbraco/UmbracoDocs project. Also note that with 8.9 there's some docs being updated here: https://github.com/umbraco/UmbracoDocs/pull/2788

For members, like I mentioned above:

Members are different and to enable ASP.NET Identity for members (front-end) in Umbraco you need to use my community package: https://github.com/shazwazza/UmbracoIdentity

I have a similar example for that on my blog too https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco-members/

Please follow the instructions here https://github.com/shazwazza/UmbracoIdentity for members, install the package and access the accounts page and you can see how it works. Members are basically all custom with ASP.NET identity because member implementation in Umbraco on your front-end is basically up to you . This package installs all the boilerplate code that you might need with a fully working example of an accounts page that lets you register, sign in, link external logins, login with external logins, update profile, etc...

[John-Blair]

Thanks @Shazwazza , I did actually take a look at your UmbracoIdentity package documentation, and A/D link, before asking my previous questions 😂. I'll try and get an accounts page working and see if I can figure it out. Thanks for your help.

[yasserpadia]

@Shazwazza We implemented the following successfully on 8.6.5 > https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco/ Since upgrading to 8.9.1 and 8.10.1 the umbraco profile is not displaying any information. Is there a fix for this, see the attached.