U4-7907 - With non OAuth external login providers we should have an 'auto-link' / 'auto-create' callback option

Created by Shannon Deminick 05 Feb 2016, 10:18:06 Updated by Stephan 28 Jul 2017, 07:56:13

Relates to: U4-10138

Relates to: U4-10181

Relates to: U4-7032

Subtask of: U4-8632

For example, if you wanted to authenticate with Active Directory by using this technique: https://our.umbraco.org/Documentation/Reference/Security/ - "Replacing the basic username/password check", we currently require that the user exists locally before this method is executed.

It would be nice if we could add an additional callback that is easily configured for developers to assign during startup that could allow them to lookup a user in their external user store if they don't exist locally and have a local user created, then the password check can execute.


Rodney Greenfield 24 Feb 2016, 01:53:19

In the meantime there seem to be work-arounds:

Shannon Deminick 07 Mar 2016, 12:34:12

Those threads are for OAuth providers, this issue is regarding not using OAuth providers and pluging in a custom IBackOfficeUserPasswordChecker

Shannon Deminick 19 Jul 2017, 04:29:48

This will now be possible in 7.7. The IBackOfficeUserPasswordChecker will now be invoked even if the user doesn't exist locally and can then auto-link (create a local user) itself. I've added a task to update the built in active directory one: http://issues.umbraco.org/issue/U4-10181 to do the auto linking

Stephan 28 Jul 2017, 07:56:08

so, fixed w/ U4-10138

Priority: Normal

Type: Feature (request)

State: Fixed


Difficulty: Normal


Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.7.0

Sprint: Sprint 64

Story Points: 1