sergiutesu/BackofficeAuthenticationExtensions.cs

## BackofficeAuthenticationExtensions.cs

    using Microsoft.AspNetCore.Authentication.Cookies;
    using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
    using Microsoft.AspNetCore.Authentication.OpenIdConnect;
    using Microsoft.Identity.Web;
    using Microsoft.IdentityModel.Protocols.OpenIdConnect;
    using System.Security.Claims;

    namespace AzureAD
    {
        public static class BackofficeAuthenticationExtensions
        {
            public static IUmbracoBuilder ConfigureAuthentication(this IUmbracoBuilder builder)
            {
                builder.Services.ConfigureOptions<AzureB2CBackofficeExternalLoginProviderOptions>();


                builder.AddBackOfficeExternalLogins(logins =>
                {
                    //const string schema = MicrosoftAccountDefaults.AuthenticationScheme;

                    logins.AddBackOfficeLogin(
                        backOfficeAuthenticationBuilder =>
                        {
                            backOfficeAuthenticationBuilder.AddOpenIdConnect(
                        backOfficeAuthenticationBuilder.SchemeForBackOffice(AzureB2CBackofficeExternalLoginProviderOptions.SchemeName),
                        options =>
                        {
                            //options.ResponseMode = "query";
                            options.ResponseType = "id_token token";

                            options.Scope.Add("https://sergiuazureadb2c.onmicrosoft.com/api/demo.read");
                            options.Scope.Add("https://sergiuazureadb2c.onmicrosoft.com/api/demo.write");
                            options.Scope.Add("email");
                            options.Scope.Add("openid");
                            options.Scope.Add("offline_access");


                            options.RequireHttpsMetadata = true;


                            //Obtained from the AZURE AD B2C WEB APP
                            options.ClientId = "85f11fbf-6807-4285-8b3f-9ef5e35b4983";
                            //Obtained from the AZURE AD B2C WEB APP
                            options.ClientSecret = "0bfe7f12-fef9-4b5b-8ce5-4f207c911660";
                            //Callbackpath - Important! The CallbackPath represents the URL to which the browser should be redirected to and the default value is /signin-oidc.
                            options.CallbackPath = "/umbraco-b2c-signin";

                            //Obtained from user flows in your Azure B2C tenant
                            options.MetadataAddress = "https://sergiuazureadb2c.b2clogin.com/sergiuazureadb2c.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signin";

                            options.TokenValidationParameters.SaveSigninToken = true;
                            options.SaveTokens = true;
                            options.GetClaimsFromUserInfoEndpoint = true;

                            // It’s important to have the correct claims set up in Azure.
                            // Once you are authenticated to Azure AD B2C, it validates the request. If the token is validated it triggers this event.
                            // The token coming back from Azure AD B2C, contains several properties and one of the properties is the claims, containing information about the email address and name, and these are used by Umbraco to create and link the user.

                            options.Events.OnTokenValidated = async context =>
                            {
                                ClaimsPrincipal? principal = context.Principal;
                                if (principal is null)
                                {
                                    throw new InvalidOperationException("No claims found.. :(");
                                    return;
                                }

                                var claims = principal.Claims.ToList();

                                Claim? email = claims.SingleOrDefault(x => x.Type == "emails");
                                if (email is not null)
                                {
                                    claims.Add(new Claim(ClaimTypes.Email, email.Value));
                                }

                                Claim? name = claims.SingleOrDefault(x => x.Type == "name");
                                if (name is not null)
                                {
                                    claims.Add(new Claim(ClaimTypes.Name, name.Value));
                                }

                                var authenticationType = principal.Identity?.AuthenticationType;
                                context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, authenticationType));
                            };
                        });
                        });
                });

                return builder;

            }
        }
    }

	using Microsoft.AspNetCore.Authentication.Cookies;
	using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
	using Microsoft.AspNetCore.Authentication.OpenIdConnect;
	using Microsoft.Identity.Web;
	using Microsoft.IdentityModel.Protocols.OpenIdConnect;
	using System.Security.Claims;

	namespace AzureAD
	{
	public static class BackofficeAuthenticationExtensions
	{
	public static IUmbracoBuilder ConfigureAuthentication(this IUmbracoBuilder builder)
	{
	builder.Services.ConfigureOptions<AzureB2CBackofficeExternalLoginProviderOptions>();



	builder.AddBackOfficeExternalLogins(logins =>
	{
	//const string schema = MicrosoftAccountDefaults.AuthenticationScheme;

	logins.AddBackOfficeLogin(
	backOfficeAuthenticationBuilder =>
	{
	backOfficeAuthenticationBuilder.AddOpenIdConnect(
	backOfficeAuthenticationBuilder.SchemeForBackOffice(AzureB2CBackofficeExternalLoginProviderOptions.SchemeName),
	options =>
	{
	//options.ResponseMode = "query";
	options.ResponseType = "id_token token";

	options.Scope.Add("https://sergiuazureadb2c.onmicrosoft.com/api/demo.read");
	options.Scope.Add("https://sergiuazureadb2c.onmicrosoft.com/api/demo.write");
	options.Scope.Add("email");
	options.Scope.Add("openid");
	options.Scope.Add("offline_access");


	options.RequireHttpsMetadata = true;



	//Obtained from the AZURE AD B2C WEB APP
	options.ClientId = "85f11fbf-6807-4285-8b3f-9ef5e35b4983";
	//Obtained from the AZURE AD B2C WEB APP
	options.ClientSecret = "0bfe7f12-fef9-4b5b-8ce5-4f207c911660";
	//Callbackpath - Important! The CallbackPath represents the URL to which the browser should be redirected to and the default value is /signin-oidc.
	options.CallbackPath = "/umbraco-b2c-signin";

	//Obtained from user flows in your Azure B2C tenant
	options.MetadataAddress = "https://sergiuazureadb2c.b2clogin.com/sergiuazureadb2c.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signin";

	options.TokenValidationParameters.SaveSigninToken = true;
	options.SaveTokens = true;
	options.GetClaimsFromUserInfoEndpoint = true;

	// It’s important to have the correct claims set up in Azure.
	// Once you are authenticated to Azure AD B2C, it validates the request. If the token is validated it triggers this event.
	// The token coming back from Azure AD B2C, contains several properties and one of the properties is the claims, containing information about the email address and name, and these are used by Umbraco to create and link the user.

	options.Events.OnTokenValidated = async context =>
	{
	ClaimsPrincipal? principal = context.Principal;
	if (principal is null)
	{
	throw new InvalidOperationException("No claims found.. :(");
	return;
	}

	var claims = principal.Claims.ToList();

	Claim? email = claims.SingleOrDefault(x => x.Type == "emails");
	if (email is not null)
	{
	claims.Add(new Claim(ClaimTypes.Email, email.Value));
	}

	Claim? name = claims.SingleOrDefault(x => x.Type == "name");
	if (name is not null)
	{
	claims.Add(new Claim(ClaimTypes.Name, name.Value));
	}

	var authenticationType = principal.Identity?.AuthenticationType;
	context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, authenticationType));
	};
	});
	});
	});

	return builder;

	}
	}
	}