Topics

All topics

Security

Add new or customize existing OpenID Connect authentication provider

NEW TO SITEFINITY?

By default Sitefinity CMS comes with preinstalled OpenID Connect (OIDC) external authentication provider. You can create or customize additional ones following this sample.

  1. Implement the new provider.
    using System;
    using System.Collections.Generic;
    using Microsoft.Owin;
    using Microsoft.Owin.Security.OpenIdConnect;
    using Owin;
    using Telerik.Sitefinity.Authentication;
    using Telerik.Sitefinity.Authentication.Configuration.SecurityTokenService.ExternalProviders;
    using Telerik.Sitefinity.Authentication.Owin.OpenId;
    using Telerik.Sitefinity.Utilities.TypeConverters;
    namespace AutehnticationSamples
    {
    public class OIDCAuthenticationProvidersInitializerExtender : AuthenticationProvidersInitializer
    {
    public override Dictionary<string, Action<IAppBuilder, string, AuthenticationProviderElement>> GetAdditionalIdentityProviders()
    {
    var providers = base.GetAdditionalIdentityProviders();
    // 'MyOIDC' is the name of the external authentication provider as configured in the Advanced settings
    providers.Add("MyOIDC", (IAppBuilder app, string signInAsType, AuthenticationProviderElement config) =>
    {
    var openIDConfig = config as OpenIDConnectAuthenticationProviderElement;
    if (openIDConfig != null)
    {
    var notificationsType = TypeResolutionService.ResolveType(openIDConfig.NotificationsType);
    var options = new OpenIdConnectAuthenticationOptions()
    {
    ClientId = openIDConfig.ClientId,
    AuthenticationType = openIDConfig.Name,
    Caption = openIDConfig.Title,
    Authority = openIDConfig.Authority,
    MetadataAddress = openIDConfig.MetadataAddress,
    SignInAsAuthenticationType = signInAsType,
    CallbackPath = new PathString(openIDConfig.CallbackPath),
    RedirectUri = openIDConfig.RedirectUri,
    PostLogoutRedirectUri = openIDConfig.PostLogoutRedirectUri,
    ResponseType = openIDConfig.ResponseType,
    Scope = openIDConfig.Scope,
    ProtocolValidator = new SitefinityOpenIdConnectProtocolValidator(config),
    Notifications = (OpenIdConnectAuthenticationNotifications)Activator.CreateInstance(notificationsType, openIDConfig),
    AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
    UsePkce = openIDConfig.UsePKCE,
    ClientSecret = openIDConfig.ClientSecret,
    RedeemCode = true,
    UseTokenLifetime = false,
    };
    app.UseOpenIdConnectAuthentication(options);
    }
    });
    return providers;
    }
    }
    }
    view raw OIDCAuthenticationProvidersInitializerExtender.cs hosted with ❤ by GitHub
  2. Register the implementation in Sitefinity CMS.
    using System;
    using AutehnticationSamples;
    using Telerik.Microsoft.Practices.Unity;
    using Telerik.Sitefinity.Abstractions;
    using Telerik.Sitefinity.Authentication;
    namespace SitefinityWebApp
    {
    public class Global : System.Web.HttpApplication
    {
    protected void Application_Start(object sender, EventArgs e)
    {
    AuthenticationModule.Initialized += this.AuthenticationModule_Initialized;
    }
    private void AuthenticationModule_Initialized(object sender, EventArgs e)
    {
    ObjectFactory.Container.RegisterType<AuthenticationProvidersInitializer, OIDCAuthenticationProvidersInitializerExtender>(new ContainerControlledLifetimeManager());
    }
    }
    }
    view raw Global.asax.cs hosted with ❤ by GitHub
  3. Navigate to Administration » Settings » Advanced » Authentication » SecurityTokenService » AuthetnicationProviders.
  4. Click Create New.
  5. Select OpenIDConnectAuthenticationProviderElement.
  6. Configure a Name and a Title for the provider.
    Make sure the Name in the configuration settings matches exactly the name you used when you registered it in the code. In this sample this is MyOIDC.
  7. If the provider is not enabled, enable it.
  8. Click Save changes.

Extending the default implementation

If you want to extend the default implementation you can do so by implementing a new class and configuring it in the NotificationsType field in the configuration.

  1. Create your handler
  2. Navigate to Administration » Settings » Advanced » Authentication » SecurityTokenService » AuthetnicationProvider » OpenIDConnect.
  3. Configure the name of your handler in the NotifcationsType field. In this example we fill out AuthenticationSamples. MyCustomOIDCHandler.
  4. Save changes.
    using System.Threading.Tasks;
    using Microsoft.IdentityModel.Protocols.OpenIdConnect;
    using Microsoft.Owin.Security.Notifications;
    using Microsoft.Owin.Security.OpenIdConnect;
    using Telerik.Sitefinity.Authentication.Configuration.SecurityTokenService.ExternalProviders;
    using Telerik.Sitefinity.Authentication.IdentityServer;
    namespace AutehnticationSamples
    {
    public class MyCustomOIDCHandler : SitefinityOpenIdConnectAuthenticationNotifications
    {
    public MyCustomOIDCHandler(OpenIDConnectAuthenticationProviderElement openIdConfig) : base(openIdConfig)
    {
    }
    protected override Task SecurityTokenValidatedHandler(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
    return base.SecurityTokenValidatedHandler(notification);
    }
    protected override Task AuthenticationFailedHandler(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
    return base.AuthenticationFailedHandler(notification);
    }
    protected override Task AuthorizationCodeReceivedHandler(AuthorizationCodeReceivedNotification notification)
    {
    return base.AuthorizationCodeReceivedHandler(notification);
    }
    protected override Task MessageReceivedHandler(MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
    return base.MessageReceivedHandler(notification);
    }
    protected override Task RedirectToIdentityProviderHandler(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
    return base.RedirectToIdentityProviderHandler(notification);
    }
    protected override Task SecurityTokenReceivedHandler(SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
    return base.SecurityTokenReceivedHandler(notification);
    }
    }
    }
    view raw MyCustomIDCHandler.cs hosted with ❤ by GitHub

Want to learn more?

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

IIS managed handler