Vulnerability in EPiServer.Forms
We have a client who is currently using Azure AD OpenID Connect for their employees to access the back-end. They now want the customers browsing the site to be able to sign in as well, I thought it would as simple as configuring EPiServer AspNetIdentity, but that doesn't seem to be the case. As I was reading the documentation for Azure AD, it is mentioned that the nuget package EPiServer.CMS.UI.AspNetIdentity and EPiServer.CMS need to be uninstalled. Otherwise, the user interface may not look for synchronized users when setting access rights. Below is the link to it:
Integrate Azure AD using OpenID Connect
And for AspNetIdentity I will need the EPiServer.CMS.UI.AspNetIdentity nuget package installed which is going against the Azure AD authentication mechanism.
Any ideas or tips to get around this or an alternative approach is highly appreciated.
This might be of help:
Is your client looking to also use Azure AD (i.e. B2C) for the customers or the standard Episerver based AspNetIdentity provider?