Vulnerability in EPiServer.Forms
I have a working EPiServer solution where I want to incorporate logon for visiting users. This must be done in Azure AD B2C, with a claims-based approach.
This brings forth quite a big problem. I have to set authentication mode to "None" in web.config, which results in me no longer being able to log in through the EPiServer UI.
The purpose for a user logging in (through Azure) is to provide them with personalized blocks and pages.
The purpose for editors/admins logging in (through EPiServer) is to edit and create content.
Is it possible to keep both types of login functionality?
Possible? Sure. Recommended? Probably not :)
You can read more about federated security here
If you still want to use the old approach you can read my collegues blog about creating an custom owin membership provider
Unfortunately, SSO is not short for simple sign on....adjust your time estimations accordingly :)
Yes, you can. Look into an example here.
You have to remove the old membership provider, but you can handle login as normal as long as you create groups/roles in B2C and use implement OWIN pipline in Episerver.