2

I am trying to integrate Azure AD for authentication with a Piranha CMS.

This is my configuration so far:

Startup

public IServiceProvider ConfigureServices(IServiceCollection services) {
    services.AddPiranhaImageSharp();
    services.AddPiranhaEF(options => options.UseMySql(Configuration["ConnectionStrings:DefaultConnection"]));
    services.AddPiranhaIdentityWithSeed<IdentityMySQLDb>(
                options => options.UseMySql(Configuration["ConnectionStrings:DefaultConnection"]));
    services.AddPiranhaManager();

    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    }).AddOpenIdConnect(options =>
    {
        options.Authority = "https://login.microsoftonline.com/" + this.TenantId;
        options.ClientId = this.ClientId;
        options.ResponseType = OpenIdConnectResponseType.IdToken;
        options.CallbackPath = "/signin-callback";
        options.SignedOutRedirectUri = "https://localhost:5001/";
        options.SaveTokens = true;
        options.Events.OnTokenValidated = async context => { await TokenValidated(context); };
    }).AddCookie(); 
}

With the above configuration, I managed to use Azure AD to authenticate users for the public website.

When i am trying to access the manager area, i am unable to access it using the default user/pass combo. This is where i would need a bit of help.

Later Edit:

In order to get both working i have made the following changes:

services.AddAuthentication(/*specify no options, leave defaults*/)
    .AddOpenIdConnect(options =>
        {
            options.Authority = "https://login.microsoftonline.com/" + this.TenantId;
            options.ClientId = this.ClientId;
            options.ResponseType = OpenIdConnectResponseType.IdToken;
            options.CallbackPath = "/signin-callback";
            options.RemoteSignOutPath = "/signout-oidc";
            options.SignedOutRedirectUri = "https://localhost:5001/";
            options.SignedOutCallbackPath = "/signout-callback";
            options.SignOutScheme = OpenIdConnectDefaults.AuthenticationScheme;
            options.Events.OnTokenValidated = async context => { await TokenValidated(context); };
        })
    .AddCookie(options => options.Cookie.SameSite = SameSiteMode.None);

Then when I try and login/logout, I have created a SecurityController as follows:

public class SecurityController : Controller
{
    public IActionResult Login()
    {
        return Challenge(new AuthenticationProperties
        {
            RedirectUri = "/about"
        }, OpenIdConnectDefaults.AuthenticationScheme);
    }


    public async Task<IActionResult> Logout()
    {
        await HttpContext.SignOutAsync("Identity.External");

        return Redirect("/");
    }
}
Mihai Tibrea
  • 641
  • 5
  • 23

1 Answers1

1

The method AddPiranhaIdentityWithSeed has two optional parameters for setting Identity Options and Cookie Options, but as you're not providing these the method is setting the default options. As these might interfere with the options you're adding later you might want to override these settings, take a look at the Docs here:

http://piranhacms.org/docs/components/authentication/identity-security

Also, in order for the user to access the manager there's a whole bunch of claims that specifies what the user can do that you need to add to the local Identity User. You can read about them here:

http://piranhacms.org/docs/components/authentication

Best regards

Håkan

Håkan Edling
  • 2,723
  • 1
  • 12
  • 15
  • 1
    Hi Hakan, thanks for the reply. I've managed to get it working using both mechanisms. I've left `IdentityWithSeed` as it is, with default, and I've changed other bits in the OIDC protocol – Mihai Tibrea Feb 05 '19 at 09:10