volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More
AI OnAI Offsmart_toy

Windows Authentication in CMS 12

Par Holten
Par Holten
Vote:
expand_less 0 expand_more

Has anyone managed to make a good implementation with Windows Authentication on CMS 12

I am trying to upgrade an intranet website to CMS 12 that has personalized content and ImageVault. And I am having a hard time making this work good. 

I have read the following articles and manage Authenticate users.

https://world.optimizely.com/forum/developer-forum/cms-12/thread-container/2022/8/using-on-prem-active-directory-integration-in-version-12/
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-8.0&tabs=visual-studio

But I get a lot of claims that do not make any sense to the end users. 



I managed to translate this and add new claims with the correct name. However, I am unable to remove the old ones with the IDs.

services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
    .AddNegotiate(options =>
            options.Events = new NegotiateEvents()
            {
                OnAuthenticated = async context =>
                {
                    foreach (ClaimsIdentity identity in context.Principal.Identities)
                    {
                        List<string> claimNameList = context.Principal.Claims.Where(a => a.Type == ClaimTypes.GroupSid).Select(a => a.Value).ToList();

                        foreach (var name in claimNameList)
                        {
                            var claim = identity.Claims.FirstOrDefault(x => x.Type == ClaimTypes.GroupSid && x.Value == name);
                            if (claim != null)
                            {
                                string translateClaim = null;
                                if (claim.Type == ClaimTypes.GroupSid)
                                {
                                    SecurityIdentifier securityIdentifier = new System.Security.Principal.SecurityIdentifier(claim.Value);
                                    translateClaim =  securityIdentifier.Translate(typeof(System.Security.Principal.NTAccount))?.ToString();
                                }
                                identity.AddClaim(new Claim(ClaimTypes.GroupSid, translateClaim));
                                //identity.RemoveClaim(claim); - do not work
                            }
                        }
                    }

                    

                    var synchronizingUserService = context
                        .HttpContext
                        .RequestServices
                        .GetRequiredService<ISynchronizingUserService>();

                    await synchronizingUserService.SynchronizeAsync(context.Principal.Identity as ClaimsIdentity);
                }
            });

Also, it looks like Imagevault does not work without ASP.NET Core Identity provider, but I am not sure there. 

#316537
Feb 02, 2024 8:33
Martin Betz
Martin Betz
Vote:
expand_less 0 expand_more

Did you get this to work? 

#322488
May 22, 2024 8:20
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.