dibble-james/UmbracoADAuthExtensions.cs

## UmbracoADAuthExtensions.cs
public static class UmbracoADAuthExtensions
{

    ///  <summary>
    ///  Configure ActiveDirectory sign-in
    ///  </summary>
    ///  <param name="app"></param>
    ///  <param name="tenant"></param>
    ///  <param name="clientId"></param>
    ///  <param name="postLoginRedirectUri">
    ///  The URL that will be redirected to after login is successful, example: http://mydomain.com/umbraco/;
    ///  </param>
    ///  <param name="issuerId">
    ///
    ///  This is the "Issuer Id" for you Azure AD application. This a GUID value and can be found
    ///  in the Azure portal when viewing your configured application and clicking on 'View endpoints'
    ///  which will list all of the API endpoints. Each endpoint will contain a GUID value, this is
    ///  the Issuer Id which must be used for this value.
    ///
    ///  If this value is not set correctly then accounts won't be able to be detected
    ///  for un-linking in the back office.
    ///
    ///  </param>
    /// <param name="caption"></param>
    /// <param name="style"></param>
    /// <param name="icon"></param>
    /// <remarks>
    ///  ActiveDirectory account documentation for ASP.Net Identity can be found:
    ///  https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
    ///  </remarks>
    public static void ConfigureBackOfficeAzureActiveDirectoryAuth(this IAppBuilder app,
        string tenant, string clientId, string postLoginRedirectUri, Guid issuerId,
        string caption = "Active Directory", string style = "btn-microsoft", string icon = "fa-windows")
    {
        var authority = string.Format(
            CultureInfo.InvariantCulture,
            "https://login.windows.net/{0}",
            tenant);

        var adOptions = new OpenIdConnectAuthenticationOptions
        {
            SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
            ClientId = clientId,
            Authority = authority,
            RedirectUri = postLoginRedirectUri,
            AuthenticationMode = AuthenticationMode.Passive,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthorizationCodeReceived = async context =>
                {
                    var userService = ApplicationContext.Current.Services.UserService;

                    var email = context.JwtSecurityToken.Claims.First(x => x.Type == "email").Value;
                    var issuer = context.JwtSecurityToken.Claims.First(x => x.Type == "iss").Value;
                    var providerKey = context.JwtSecurityToken.Claims.First(x => x.Type == "sub").Value;
                    var name = context.JwtSecurityToken.Claims.First(x => x.Type == "name").Value;
                    var userManager = context.OwinContext.GetUserManager<BackOfficeUserManager>();

                    var user = userService.GetByEmail(email);

                    if (user == null)
                    {
                        var writerUserType = userService.GetUserTypeByName("writer");
                        user = userService.CreateUserWithIdentity(email, email, writerUserType);
                    }

                    var identity = await userManager.FindByEmailAsync(email);
                    if (identity.Logins.All(x => x.ProviderKey != providerKey))
                    {
                        identity.Logins.Add(new IdentityUserLogin(issuer, providerKey, user.Id));
                        identity.Name = name;
                        await userManager.UpdateAsync(identity);
                    }
                }
            }
        };

        adOptions.ForUmbracoBackOffice(style, icon);
        adOptions.Caption = caption;
        //Need to set the auth tyep as the issuer path
        adOptions.AuthenticationType = string.Format(
            CultureInfo.InvariantCulture,
            "https://sts.windows.net/{0}/",
            issuerId);
        adOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(autoLinkExternalAccount: true));
        app.UseOpenIdConnectAuthentication(adOptions);
    }

}
	public static class UmbracoADAuthExtensions
	{

	/// <summary>
	/// Configure ActiveDirectory sign-in
	/// </summary>
	/// <param name="app"></param>
	/// <param name="tenant"></param>
	/// <param name="clientId"></param>
	/// <param name="postLoginRedirectUri">
	/// The URL that will be redirected to after login is successful, example: http://mydomain.com/umbraco/;
	/// </param>
	/// <param name="issuerId">
	///
	/// This is the "Issuer Id" for you Azure AD application. This a GUID value and can be found
	/// in the Azure portal when viewing your configured application and clicking on 'View endpoints'
	/// which will list all of the API endpoints. Each endpoint will contain a GUID value, this is
	/// the Issuer Id which must be used for this value.
	///
	/// If this value is not set correctly then accounts won't be able to be detected
	/// for un-linking in the back office.
	///
	/// </param>
	/// <param name="caption"></param>
	/// <param name="style"></param>
	/// <param name="icon"></param>
	/// <remarks>
	/// ActiveDirectory account documentation for ASP.Net Identity can be found:
	/// https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
	/// </remarks>
	public static void ConfigureBackOfficeAzureActiveDirectoryAuth(this IAppBuilder app,
	string tenant, string clientId, string postLoginRedirectUri, Guid issuerId,
	string caption = "Active Directory", string style = "btn-microsoft", string icon = "fa-windows")
	{
	var authority = string.Format(
	CultureInfo.InvariantCulture,
	"https://login.windows.net/{0}",
	tenant);

	var adOptions = new OpenIdConnectAuthenticationOptions
	{
	SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
	ClientId = clientId,
	Authority = authority,
	RedirectUri = postLoginRedirectUri,
	AuthenticationMode = AuthenticationMode.Passive,
	Notifications = new OpenIdConnectAuthenticationNotifications
	{
	AuthorizationCodeReceived = async context =>
	{
	var userService = ApplicationContext.Current.Services.UserService;

	var email = context.JwtSecurityToken.Claims.First(x => x.Type == "email").Value;
	var issuer = context.JwtSecurityToken.Claims.First(x => x.Type == "iss").Value;
	var providerKey = context.JwtSecurityToken.Claims.First(x => x.Type == "sub").Value;
	var name = context.JwtSecurityToken.Claims.First(x => x.Type == "name").Value;
	var userManager = context.OwinContext.GetUserManager<BackOfficeUserManager>();

	var user = userService.GetByEmail(email);

	if (user == null)
	{
	var writerUserType = userService.GetUserTypeByName("writer");
	user = userService.CreateUserWithIdentity(email, email, writerUserType);
	}

	var identity = await userManager.FindByEmailAsync(email);
	if (identity.Logins.All(x => x.ProviderKey != providerKey))
	{
	identity.Logins.Add(new IdentityUserLogin(issuer, providerKey, user.Id));
	identity.Name = name;
	await userManager.UpdateAsync(identity);
	}
	}
	}
	};

	adOptions.ForUmbracoBackOffice(style, icon);
	adOptions.Caption = caption;
	//Need to set the auth tyep as the issuer path
	adOptions.AuthenticationType = string.Format(
	CultureInfo.InvariantCulture,
	"https://sts.windows.net/{0}/",
	issuerId);
	adOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(autoLinkExternalAccount: true));
	app.UseOpenIdConnectAuthentication(adOptions);
	}

	}