November Happy Hour will be moved to Thursday December 5th.
AI OnAI Off
November Happy Hour will be moved to Thursday December 5th.
This topic might help you to select the correct scheme when authenticating https://docs.developers.optimizely.com/content-cloud/v12.0.0-content-cloud/docs/mixed-mode-authentication
We are trying to implement multiplex login in Optimizely CMS 12 with .NET Core 5. We want our users to be able to login with either Azure AD users or Optimizely DB users. We have used this article as a starting point, but this is for .NET framework and Optimizely CMS 11. Below you can see our code for configuring login in Startup.cs. The problem is that when we navigate to /episerver/cms it is only the last login provider that is being checked in the Challenge. In other words, with this code only the AAD-cookie is checked. And if we swap them only the cookie for regular Optimizely login is checked.
From Configuration() method in Startup.cs
//regular Optimizely DB-login
.AddCmsAspNetIdentity<ApplicationUser>();
services.AddCmsHost();
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = "/util/Login";
});
//Ad-login
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(
options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ClientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
options.Authority = "https://login.microsoftonline.com/" + "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + "/v2.0";
options.CallbackPath = "/signin-oidc";
options.Scope.Add("email");
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
RoleClaimType = ClaimTypes.Role,
NameClaimType = ClaimTypes.Email
};
options.Events.OnAuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.BodyWriter.WriteAsync(Encoding.ASCII.GetBytes(context.Exception.Message));
return Task.FromResult(0);
};
options.Events.OnTokenValidated = (ctx) =>
{
var redirectUri = new Uri(ctx.Properties.RedirectUri, UriKind.RelativeOrAbsolute);
if (redirectUri.IsAbsoluteUri)
{
ctx.Properties.RedirectUri = redirectUri.PathAndQuery;
}
ServiceLocator.Current.GetInstance<ISynchronizingUserService>().SynchronizeAsync(ctx.Principal.Identity as ClaimsIdentity);
return Task.FromResult(0);
};
}
);