<1> Setup Entra ID for CMS
Following the steps in the docs below to config Entra ID (formerly Azure AD) with CMS
https://support.optimizely.com/hc/en-us/articles/20767067525773
<2> Integrated CD with Entra ID into CMS site
Step 1: Install JwtBearer and content delivery API package:
Note: You can add the package directly to “.csproj” file to install like this
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.23" />
<PackageReference Include="EPiServer.ContentDeliveryApi.Cms" Version="3.9.0" />
<PackageReference Include="EPiServer.ContentDefinitionsApi" Version="3.9.0" />
<PackageReference Include="EPiServer.ContentManagementApi" Version="3.9.0" />
Step 2: Update Startup.cs file
// AAD Auth info
var clientId = _configuration["Authentication:AzureClientID"];
var clientSecret = "YOUR CLIENT SECRET ";
var callbackPath = "/signin-oidc";
var azureAuthority = _configuration["Authentication:azureAuthority"];
var cookieSchema = "azure-cookie";
var challengeSchema = "azure";
var oidcConfig = new ConfigurationManager<OpenIdConnectConfiguration>($"{azureAuthority}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever()).GetConfigurationAsync().Result;
// Authentication Config
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = cookieSchema;
options.DefaultChallengeScheme = challengeSchema;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme,
options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = azureAuthority,
ValidateIssuer = true,
ValidAudience = clientId,
ValidateAudience = true,
ValidateLifetime = true,
IssuerSigningKeys = oidcConfig.SigningKeys,
ValidateIssuerSigningKey = true
};
})
.AddCookie(cookieSchema, options =>
{
//same as last docs~~~
})
.AddOpenIdConnect(challengeSchema, options =>
{
//same as last docs~~~
})
// Add content delivery config
services.AddContentDeliveryApi(JwtBearerDefaults.AuthenticationScheme)
.WithFriendlyUrl()
.WithSiteBasedCors();
services.AddContentDefinitionsApi(c =>
{
c.DisableScopeValidation = true;
});
services.AddContentManagementApi(c =>
{
c.DisableScopeValidation = true;
});
Step 3: Try to test the CD API
- Make sure you can log in to the CMS using the Entra ID account from Section 1
- After accessing Admin mode, set up a page that is not visible to Everyone but Administrators only
- This page has ID = 9 so we will send a request to get this content in Postman but with no authentication first. It should return a 401 Unauthorized error as this content will not be visible for Everyone Query: https://localhost:5000/api/episerver/v3.0/content/9
- In this example, we will get the JWT to communicate with CD using the URL: https://login.microsoftonline.com/{TENNANTID}/oauth2/v2.0/token For more information: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth-ropc#authorization-request In this case, we will use the id_token to authenticate. Decode the token we can see that has 3 roles
- Try to get the content again with the Bearer token and the content should return now
Please sign in to leave a comment.