Ucommerce
  • Ucommerce Next Gen
    • Getting Started
      • Prerequisites
      • Licensing
      • Ucommerce Templates
      • Headless Template
      • MVC Template
    • Headless
      • Postman Collection
      • Headless API Authentication
        • Token endpoint - Authorization Header
        • Authorization Scopes
        • Refreshing the Access Token
      • Reference
        • Cart
        • Cart / Order Line Items
        • Shipment
        • Billing
        • Promotion Codes
        • Price Groups
        • Payment Methods
        • Countries
        • Shipping Methods
        • Catalogs
        • Cart Custom Properties
        • Line Item Custom Properties
        • Orders
        • Views for Cart modifying operations
      • Custom Headless APIs
      • Error Handling
      • Pagination
      • Deprecation
    • Backoffice Authentication
      • Microsoft Entra ID Example
      • Auth0 Authentication Example
    • Definitions
      • What is a Definition
    • Search and indexing
      • Configuration
      • Indexing
        • Index Definitions
        • Facets
        • Indexing Prices
        • Suggestions
        • Custom Data
      • Searching
    • Payment Providers
      • Stripe Provider Integration
      • Implementing a custom payment provider
    • Data Import
    • Miscellaneous
      • Media
      • Price Group Inheritance
      • Price Group Criteria
      • Soft Deletion Of Entities
      • Logging
      • OpenTelemetry
    • Extensions
      • Extending Pipelines
        • Order Processing Pipelines
        • Checkout Pipelines
      • Changing Service Behavior
        • Images
        • Content
      • Custom Headless APIs
      • Extend the Backoffice
        • Custom UI Components
      • Custom Editor UI
      • Custom Promotion Criteria
      • Custom Price Group Criteria
    • How-To
      • Migrate from Classic
        • Common database issues
      • Entities from code
        • Bootstrapping data on startup
        • Product Definitions & Fields
      • Discover pipelines and their tasks
      • Executing a pipeline
    • Integrations
      • Umbraco Media Delivery API
      • App Slices
        • Product Picker
  • Release Notes
  • Contact Us
Powered by GitBook
On this page
  • Prerequisites
  • Setting up Ucommerce Backoffice
  • Create your Azure application
  • Related Articles

Was this helpful?

  1. Ucommerce Next Gen
  2. Backoffice Authentication

Microsoft Entra ID Example

This is a quick guide on setting up Backoffice authentication with Microsoft Entra ID.

PreviousBackoffice AuthenticationNextAuth0 Authentication Example

Last updated 6 months ago

Was this helpful?

Prerequisites

In this example, you will need the following NuGet packages

Microsoft.Identity.Web
Microsoft.Identity.Web.TokenCache

Setting up Ucommerce Backoffice

Setting up Ucommerce backoffice with Microsoft Entra ID requires you to set up an external authentication scheme when calling .AddBackOffice()

To set up the authentication, use a helper method from the above packages to add all the required services to the . We highly recommend looking into some of these methods, as they do much of the groundwork to set up OpenID.

var ucommerceBuilder = builder.Services
    .AddUcommerce(builder.Configuration)
    .AddBackOffice(securitySettings =>
        {
            securitySettings.AddExternalIdentityProvider<MyExternalClaimsMapper>(
                OpenIdConnectDefaults.AuthenticationScheme,
                authenticationBuilder =>
                {
                    IEnumerable<string>? initialScopes = builder.Configuration["DownstreamApi:Scopes"]
                        ?.Split(' ');
                    // Use the AuthenticationBuilder from ASP.NET to set up authentication
                    authenticationBuilder.AddMicrosoftIdentityWebApp(builder.Configuration,
                            cookieScheme: null) // Ucommerce will handle the cookie session
                        .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
                        .AddInMemoryTokenCaches();
                });
            // Configure Ucommerce to use your scheme from code
            securitySettings.UseExternalIdentityProvider(OpenIdConnectDefaults.AuthenticationScheme);
        }
    )
    ...

Create your Azure application

 ...
 "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "{Your-Tenant-Id}",
    "ClientId": "{Your-Client-Id}",
    "ClientCertificates": [
      {
        "SourceType": "StoreWithThumbprint",
        "CertificateStorePath": "CurrentUser/My",
        "CertificateThumbprint": "{Your-Certificate-Thumbprint}"
      }
    ],
    "CallbackPath": "/signin-oidc"
  },
  "DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0/me",
    "Scopes": "user.read"
  },
...

Related Articles

Remember to create your to map the claims from Azure to Ucommerce.

Follow from Microsoft to set up your Azure App and appsettings.json. After following the guide, appsettings.json should look something like this

Notice that the sources in ClientCertificates may change between environments. See the documentation for details.

AuthenticationBuilder
this guide
Using Certificates
external claims mapper
LogoQuickstart: Sign in users and call the Microsoft Graph API from an ASP.NET Core web app - Microsoft EntraMicrosoftLearn