Hello all,
I am trying to setup OpenIdConnect to connect to an Azure environment to authenticate my localhost cms.
I am following the main example provided by Optimizely (with some tweaking for my specific Azure environment):
https://docs.developers.optimizely.com/content-cloud/v12.0.0-content-cloud/docs/integrate-azure-ad-using-openid-connect
Now the problem was after accessing "https://localhost:8001/episerver" and logged in, I get redirected to /Account/AccessDenied?ReturnUrl=%2Fepiserver.
However, if I access "https://localhost:8001/episerver/cms", there's no problem, I can login without any issues.
I tried setuping the OpenIdConnect in a bare-bone CMS 12 project and got the same behavior. Here's the whole startup class:
public class Startup
{
private readonly IWebHostEnvironment _webHostingEnvironment;
private readonly IConfiguration _configuration;
public Startup(IWebHostEnvironment webHostingEnvironment, IConfiguration configuration)
{
_webHostingEnvironment = webHostingEnvironment;
_configuration = configuration;
}
public void ConfigureServices(IServiceCollection services)
{
if (_webHostingEnvironment.IsDevelopment())
{
//Add development configuration
}
services.AddTransient<IPageService, PageService>();
services.AddTransient<ISearchService, SearchService>();
services.AddTransient<ISiteContext, SiteContext>();
services.AddMvc();
services.AddCms();//.AddCmsAspNetIdentity<ApplicationUser>();
services.AddFind();
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = "/util/Login";
});
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "azure-cookie";
options.DefaultChallengeScheme = "azure";
})
.AddCookie("azure-cookie", options =>
{
options.Events.OnSignedIn = async ctx =>
{
if (ctx.Principal?.Identity is ClaimsIdentity claimsIdentity)
{
// Syncs user and roles so they are available to the CMS
var synchronizingUserService = ctx
.HttpContext
.RequestServices
.GetRequiredService<ISynchronizingUserService>();
await synchronizingUserService.SynchronizeAsync(claimsIdentity);
}
};
})
.AddOpenIdConnect("azure", options =>
{
options.SignInScheme = "azure-cookie";
options.SignOutScheme = "azure-cookie";
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.CallbackPath = "/callback";
options.ClientSecret = _configuration.GetValue<string>("OpenId_ClientSecret");
options.Authority = string.Format(CultureInfo.InvariantCulture, _configuration.GetValue<string>("OpenId_InstanceId"), _configuration.GetValue<string>("OpenId_Authority"));
options.ClientId = _configuration.GetValue<string>("OpenId_ClientId");
options.SignedOutRedirectUri = _configuration.GetValue<string>("OpenId_PostLogoutRedirectUri");
options.TokenValidationParameters = new TokenValidationParameters
{
RoleClaimType = ClaimTypes.Role,
ValidateIssuer = false,
};
options.Events.OnAuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.BodyWriter.WriteAsync(Encoding.ASCII.GetBytes(context.Exception.Message));
return Task.CompletedTask;
};
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapContent();
});
}
}Does anyone have an idea of what would be wrong in my setup?
Thank you,