Sitefinity AzureAD Integration

Azure AD Setup

1. Go to you Azure Active Directory → App Registrations → New Registration

2. Give a name to the application, you can leave the Redirect URI as blank now. Then click Register.

3. Go to Authentication Tab → Add a platform → Web

4. Redirect URIs: http:/Sitefinity Instance/Sitefinity/Authenticate/OpenID/signin-custom

5. Select the tokens you would like to be issued by the authorization endpoint: Check ID Tokens

Sitefinity Setup

1. Spin up (If you haven’t) and run the Sitefinity Instance

2. Login to Sitefinity backend → Go to Administration → Advanced → Authentication → SecurityTokenService → AuthenticationProviders → OpenIDConnect

3. Do the following settings:

4. Restart Sitefinity

5. Verification a. Visit http://Sitefinity Instance/Sitefinity → Click Azure Login

   
   

   

   b. It will prompt you a permission request for first time login, simply press Accept.

   
   

   

   c. It will prompt for your username + password. Fulfill it and it will route you back to Sitefinity dashboard

   
   

   

   d. Then go to Administration → Users, you will see an unknown user and a default user while both having same email address.

   
   

   

   e. It is working!

Further Enhancement

• Intercept AzureAD callback response, and create necessary users with proper profile
• Hide the default login method completely
  1. Create a file under /Content/Pages/login.html
  2. Comment unnecessary blocks: login.html (github.com)
  3. Restart Sitefinity, and you will see only Azure Login button
  4. Consider to write a script to redirect on page load

References

• Sitefinity KB - Configure Sitefinity with Azure AD B2C Authentication
• Sitefinity - Administration configure the OpenId connect provider
• Sitefinity KB - How to hide the external identity providers buttons