Ucommerce
  • Ucommerce Next Gen
    • Getting Started
      • Prerequisites
      • Licensing
      • Ucommerce Templates
      • Headless Template
      • MVC Template
    • Headless
      • Postman Collection
      • Headless API Authentication
        • Token endpoint - Authorization Header
        • Authorization Scopes
        • Refreshing the Access Token
      • Reference
        • Cart
        • Cart / Order Line Items
        • Shipment
        • Billing
        • Promotion Codes
        • Price Groups
        • Payment Methods
        • Countries
        • Shipping Methods
        • Catalogs
        • Cart Custom Properties
        • Line Item Custom Properties
        • Orders
        • Views for Cart modifying operations
      • Custom Headless APIs
      • Error Handling
      • Pagination
      • Deprecation
    • Backoffice Authentication
      • Microsoft Entra ID Example
      • Auth0 Authentication Example
    • Definitions
      • What is a Definition
    • Search and indexing
      • Configuration
      • Indexing
        • Index Definitions
        • Facets
        • Indexing Prices
        • Suggestions
        • Custom Data
      • Searching
    • Payment Providers
      • Stripe Provider Integration
      • Implementing a custom payment provider
    • Data Import
    • Miscellaneous
      • Media
      • Price Group Inheritance
      • Price Group Criteria
      • Soft Deletion Of Entities
      • Logging
      • OpenTelemetry
    • Extensions
      • Extending Pipelines
        • Order Processing Pipelines
        • Checkout Pipelines
      • Changing Service Behavior
        • Images
        • Content
      • Custom Headless APIs
      • Extend the Backoffice
        • Custom UI Components
      • Custom Editor UI
      • Custom Promotion Criteria
      • Custom Price Group Criteria
    • How-To
      • Migrate from Classic
        • Common database issues
      • Entities from code
        • Bootstrapping data on startup
        • Product Definitions & Fields
      • Discover pipelines and their tasks
      • Executing a pipeline
    • Integrations
      • Umbraco Media Delivery API
      • App Slices
        • Product Picker
  • Release Notes
  • Contact Us
Powered by GitBook
On this page
  • Prerequisites
  • Setting up Ucommerce Backoffice
  • Create your Azure application
  • Related Articles

Was this helpful?

  1. Ucommerce Next Gen
  2. Backoffice Authentication

Microsoft Entra ID Example

This is a quick guide on setting up Backoffice authentication with Microsoft Entra ID.

Prerequisites

In this example, you will need the following NuGet packages

Microsoft.Identity.Web
Microsoft.Identity.Web.TokenCache

Setting up Ucommerce Backoffice

Setting up Ucommerce backoffice with Microsoft Entra ID requires you to set up an external authentication scheme when calling .AddBackOffice()

To set up the authentication, use a helper method from the above packages to add all the required services to the AuthenticationBuilder. We highly recommend looking into some of these methods, as they do much of the groundwork to set up OpenID.

var ucommerceBuilder = builder.Services
    .AddUcommerce(builder.Configuration)
    .AddBackOffice(securitySettings =>
        {
            securitySettings.AddExternalIdentityProvider<MyExternalClaimsMapper>(
                OpenIdConnectDefaults.AuthenticationScheme,
                authenticationBuilder =>
                {
                    IEnumerable<string>? initialScopes = builder.Configuration["DownstreamApi:Scopes"]
                        ?.Split(' ');
                    // Use the AuthenticationBuilder from ASP.NET to set up authentication
                    authenticationBuilder.AddMicrosoftIdentityWebApp(builder.Configuration,
                            cookieScheme: null) // Ucommerce will handle the cookie session
                        .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
                        .AddInMemoryTokenCaches();
                });
            // Configure Ucommerce to use your scheme from code
            securitySettings.UseExternalIdentityProvider(OpenIdConnectDefaults.AuthenticationScheme);
        }
    )
    ...

Remember to create your external claims mapper to map the claims from Azure to Ucommerce.

Create your Azure application

Follow this guide from Microsoft to set up your Azure App and appsettings.json. After following the guide, appsettings.json should look something like this

 ...
 "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "{Your-Tenant-Id}",
    "ClientId": "{Your-Client-Id}",
    "ClientCertificates": [
      {
        "SourceType": "StoreWithThumbprint",
        "CertificateStorePath": "CurrentUser/My",
        "CertificateThumbprint": "{Your-Certificate-Thumbprint}"
      }
    ],
    "CallbackPath": "/signin-oidc"
  },
  "DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0/me",
    "Scopes": "user.read"
  },
...

Notice that the sources in ClientCertificates may change between environments. See the Using Certificates documentation for details.

Related Articles

PreviousBackoffice AuthenticationNextAuth0 Authentication Example

Last updated 7 months ago

Was this helpful?

Quickstart: Sign in users and call the Microsoft Graph API from an ASP.NET Core web app - Microsoft EntraMicrosoftLearn
Logo