CasperTDK · November 19, 2018 08:16
diff --git a/Azure.auth.cs b/Azure.auth.cs
        private void ConfigureBackOfficeAzureActiveDirectoryAuth(IAppBuilder app)
        {

            string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
            string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
            string caption = ConfigurationManager.AppSettings["ida:Caption"];
            var uri = GeneralConfiguration.AppSettingValueOrDefault("customDomainName", ConfigurationManager.AppSettings["bindingurl"]);
            var loginRedirectUri = new UriBuilder(uri)
            {
                Port = -1,
                Path = "umbraco",
                Scheme = GeneralConfiguration.AppSettingValueOrDefault("MW.Umbraco.forceHttps", false) ? Uri.UriSchemeHttps : Uri.UriSchemeHttp
            };
            var postLoginRedirectUri = loginRedirectUri;
            var issuerId = new Guid(tenantId);

            string style = "btn-microsoft";
            string icon = "fa-windows";

            var authority = string.Format(
                CultureInfo.InvariantCulture,
                "https://login.windows.net/{0}",
                tenantId);


            var adOptions = new OpenIdConnectAuthenticationOptions
            {
                SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
                ClientId = clientId,
                Authority = authority,
                RedirectUri = postLoginRedirectUri.ToString(),
                AuthenticationMode = AuthenticationMode.Passive,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenValidated = SecurityTokenValidated,
                    AuthorizationCodeReceived = AuthorizationCodeReceived
                }
            };

            adOptions.ForUmbracoBackOffice(style, icon);
            adOptions.Caption = caption;
            //Need to set the auth tyep as the issuer path
            adOptions.AuthenticationType = string.Format(
                CultureInfo.InvariantCulture,
                "https://sts.windows.net/{0}/",
                issuerId);

            adOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(true, defaultUserGroups: null, defaultCulture: ConfigurationManager.AppSettings["umbracoDefaultUILanguage"]));

            app.UseOpenIdConnectAuthentication(adOptions);
        }

        private async Task AuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
        {
            var userService = ApplicationContext.Current.Services.UserService;

            var emailClaim = context.JwtSecurityToken.Claims.FirstOrDefault(x => x.Type == "email") ?? context.JwtSecurityToken.Claims.FirstOrDefault(x => x.Type == "upn");
            var email = emailClaim.Value.Replace("mediaworkers.dk", "kruso.dk");
            var issuer = context.JwtSecurityToken.Claims.First(x => x.Type == "iss").Value;
            var providerKey = context.JwtSecurityToken.Claims.First(x => x.Type == "sub").Value;
            var name = context.JwtSecurityToken.Claims.First(x => x.Type == "name").Value;
            var userManager = context.OwinContext.GetUserManager<BackOfficeUserManager>();

            var user = userService.GetByEmail(email);

            if (user == null)
            {
                //todo
                IReadOnlyUserGroup userGroupByAlias;

                if (email.EndsWith("kruso.dk"))
                {
                    userGroupByAlias = userService.GetUserGroupByAlias("admin") as IReadOnlyUserGroup;
                }
                else
                {
                    userGroupByAlias = userService.GetUserGroupByAlias("employee") as IReadOnlyUserGroup;
                }
                user = userService.CreateUserWithIdentity(email, email);
                user.AddGroup(userGroupByAlias);
                userService.Save(user);
            }

            var identity = await userManager.FindByEmailAsync(email);
            if (identity.Logins.All(x => x.ProviderKey != providerKey))
            {
                identity.Logins.Add(new IdentityUserLogin(issuer, providerKey, user.Id));
                identity.Name = name;
                await userManager.UpdateAsync(identity);
            }
        }

        private async Task<int> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> n)
        {
            var identityUser = n.AuthenticationTicket.Identity;

            var newIdentityUser = new ClaimsIdentity(identityUser.AuthenticationType, ClaimTypes.GivenName, ClaimTypes.Role);

            newIdentityUser.AddClaim(new Claim(ClaimTypes.Email, identityUser.Name));
            newIdentityUser.AddClaim(new Claim(ClaimTypes.Upn, identityUser.Name));
            newIdentityUser.AddClaim(identityUser.FindFirst(ClaimTypes.NameIdentifier));
            newIdentityUser.AddClaim(identityUser.FindFirst(ClaimTypes.GivenName));

            n.AuthenticationTicket = new AuthenticationTicket(newIdentityUser, n.AuthenticationTicket.Properties);

            return await Task.FromResult(0);
        }
	private void ConfigureBackOfficeAzureActiveDirectoryAuth(IAppBuilder app)
	{

	string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
	string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
	string caption = ConfigurationManager.AppSettings["ida:Caption"];
	var uri = GeneralConfiguration.AppSettingValueOrDefault("customDomainName", ConfigurationManager.AppSettings["bindingurl"]);
	var loginRedirectUri = new UriBuilder(uri)
	{
	Port = -1,
	Path = "umbraco",
	Scheme = GeneralConfiguration.AppSettingValueOrDefault("MW.Umbraco.forceHttps", false) ? Uri.UriSchemeHttps : Uri.UriSchemeHttp
	};
	var postLoginRedirectUri = loginRedirectUri;
	var issuerId = new Guid(tenantId);

	string style = "btn-microsoft";
	string icon = "fa-windows";

	var authority = string.Format(
	CultureInfo.InvariantCulture,
	"https://login.windows.net/{0}",
	tenantId);


	var adOptions = new OpenIdConnectAuthenticationOptions
	{
	SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
	ClientId = clientId,
	Authority = authority,
	RedirectUri = postLoginRedirectUri.ToString(),
	AuthenticationMode = AuthenticationMode.Passive,
	Notifications = new OpenIdConnectAuthenticationNotifications
	{
	SecurityTokenValidated = SecurityTokenValidated,
	AuthorizationCodeReceived = AuthorizationCodeReceived
	}
	};

	adOptions.ForUmbracoBackOffice(style, icon);
	adOptions.Caption = caption;
	//Need to set the auth tyep as the issuer path
	adOptions.AuthenticationType = string.Format(
	CultureInfo.InvariantCulture,
	"https://sts.windows.net/{0}/",
	issuerId);

	adOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(true, defaultUserGroups: null, defaultCulture: ConfigurationManager.AppSettings["umbracoDefaultUILanguage"]));

	app.UseOpenIdConnectAuthentication(adOptions);
	}

	private async Task AuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
	{
	var userService = ApplicationContext.Current.Services.UserService;

	var emailClaim = context.JwtSecurityToken.Claims.FirstOrDefault(x => x.Type == "email") ?? context.JwtSecurityToken.Claims.FirstOrDefault(x => x.Type == "upn");
	var email = emailClaim.Value.Replace("mediaworkers.dk", "kruso.dk");
	var issuer = context.JwtSecurityToken.Claims.First(x => x.Type == "iss").Value;
	var providerKey = context.JwtSecurityToken.Claims.First(x => x.Type == "sub").Value;
	var name = context.JwtSecurityToken.Claims.First(x => x.Type == "name").Value;
	var userManager = context.OwinContext.GetUserManager<BackOfficeUserManager>();

	var user = userService.GetByEmail(email);

	if (user == null)
	{
	//todo
	IReadOnlyUserGroup userGroupByAlias;

	if (email.EndsWith("kruso.dk"))
	{
	userGroupByAlias = userService.GetUserGroupByAlias("admin") as IReadOnlyUserGroup;
	}
	else
	{
	userGroupByAlias = userService.GetUserGroupByAlias("employee") as IReadOnlyUserGroup;
	}
	user = userService.CreateUserWithIdentity(email, email);
	user.AddGroup(userGroupByAlias);
	userService.Save(user);
	}

	var identity = await userManager.FindByEmailAsync(email);
	if (identity.Logins.All(x => x.ProviderKey != providerKey))
	{
	identity.Logins.Add(new IdentityUserLogin(issuer, providerKey, user.Id));
	identity.Name = name;
	await userManager.UpdateAsync(identity);
	}
	}

	private async Task<int> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> n)
	{
	var identityUser = n.AuthenticationTicket.Identity;

	var newIdentityUser = new ClaimsIdentity(identityUser.AuthenticationType, ClaimTypes.GivenName, ClaimTypes.Role);

	newIdentityUser.AddClaim(new Claim(ClaimTypes.Email, identityUser.Name));
	newIdentityUser.AddClaim(new Claim(ClaimTypes.Upn, identityUser.Name));
	newIdentityUser.AddClaim(identityUser.FindFirst(ClaimTypes.NameIdentifier));
	newIdentityUser.AddClaim(identityUser.FindFirst(ClaimTypes.GivenName));

	n.AuthenticationTicket = new AuthenticationTicket(newIdentityUser, n.AuthenticationTicket.Properties);

	return await Task.FromResult(0);
	}