Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.Identity.Web;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System.Security.Claims;
namespace AzureAD
public static class BackofficeAuthenticationExtensions
public static IUmbracoBuilder ConfigureAuthentication(this IUmbracoBuilder builder)
builder.AddBackOfficeExternalLogins(logins =>
//const string schema = MicrosoftAccountDefaults.AuthenticationScheme;
backOfficeAuthenticationBuilder =>
options =>
//options.ResponseMode = "query";
options.ResponseType = "id_token token";
options.RequireHttpsMetadata = true;
//Obtained from the AZURE AD B2C WEB APP
options.ClientId = "85f11fbf-6807-4285-8b3f-9ef5e35b4983";
//Obtained from the AZURE AD B2C WEB APP
options.ClientSecret = "0bfe7f12-fef9-4b5b-8ce5-4f207c911660";
//Callbackpath - Important! The CallbackPath represents the URL to which the browser should be redirected to and the default value is /signin-oidc.
options.CallbackPath = "/umbraco-b2c-signin";
//Obtained from user flows in your Azure B2C tenant
options.MetadataAddress = "";
options.TokenValidationParameters.SaveSigninToken = true;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
// It’s important to have the correct claims set up in Azure.
// Once you are authenticated to Azure AD B2C, it validates the request. If the token is validated it triggers this event.
// The token coming back from Azure AD B2C, contains several properties and one of the properties is the claims, containing information about the email address and name, and these are used by Umbraco to create and link the user.
options.Events.OnTokenValidated = async context =>
ClaimsPrincipal? principal = context.Principal;
if (principal is null)
throw new InvalidOperationException("No claims found.. :(");
var claims = principal.Claims.ToList();
Claim? email = claims.SingleOrDefault(x => x.Type == "emails");
if (email is not null)
claims.Add(new Claim(ClaimTypes.Email, email.Value));
Claim? name = claims.SingleOrDefault(x => x.Type == "name");
if (name is not null)
claims.Add(new Claim(ClaimTypes.Name, name.Value));
var authenticationType = principal.Identity?.AuthenticationType;
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, authenticationType));
return builder;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment