Add new or customize existing OpenID Connect authentication provider

By default Sitefinity CMS comes with preinstalled OpenID Connect (OIDC) external authentication provider. You can create or customize additional ones following this sample.

Implement the new provider.

using System;
using System.Collections.Generic;
using Microsoft.Owin;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using Telerik.Sitefinity.Authentication;
using Telerik.Sitefinity.Authentication.Configuration.SecurityTokenService.ExternalProviders;
using Telerik.Sitefinity.Authentication.Owin.OpenId;
using Telerik.Sitefinity.Utilities.TypeConverters;
 
namespace AutehnticationSamples
{
    public class OIDCAuthenticationProvidersInitializerExtender : AuthenticationProvidersInitializer
    {
        public override Dictionary<string, Action<IAppBuilder, string, AuthenticationProviderElement>> GetAdditionalIdentityProviders()
        {
            var providers = base.GetAdditionalIdentityProviders();
 
            // 'MyOIDC' is the name of the external authentication provider as configured in the Advanced settings
            providers.Add("MyOIDC", (IAppBuilder app, string signInAsType, AuthenticationProviderElement config) =>
            {
                var openIDConfig = config as OpenIDConnectAuthenticationProviderElement;
                if (openIDConfig != null)
                {
                    var notificationsType = TypeResolutionService.ResolveType(openIDConfig.NotificationsType);
                    var options = new OpenIdConnectAuthenticationOptions()
                    {
                        ClientId = openIDConfig.ClientId,
                        AuthenticationType = openIDConfig.Name,
                        Caption = openIDConfig.Title,
                        Authority = openIDConfig.Authority,
                        MetadataAddress = openIDConfig.MetadataAddress,
                        SignInAsAuthenticationType = signInAsType,
                        CallbackPath = new PathString(openIDConfig.CallbackPath),
                        RedirectUri = openIDConfig.RedirectUri,
                        PostLogoutRedirectUri = openIDConfig.PostLogoutRedirectUri,
                        ResponseType = openIDConfig.ResponseType,
                        Scope = openIDConfig.Scope,
                        ProtocolValidator = new SitefinityOpenIdConnectProtocolValidator(config),
                        Notifications = (OpenIdConnectAuthenticationNotifications)Activator.CreateInstance(notificationsType, openIDConfig),
                        AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
                        UsePkce = openIDConfig.UsePKCE,
                        ClientSecret = openIDConfig.ClientSecret,
                        RedeemCode = true,
                        UseTokenLifetime = false,
                    };
 
                    app.UseOpenIdConnectAuthentication(options);
                }
            });
 
            return providers;
        }
    }
}

using System;
using AutehnticationSamples;
using Telerik.Microsoft.Practices.Unity;
using Telerik.Sitefinity.Abstractions;
using Telerik.Sitefinity.Authentication;
 
namespace SitefinityWebApp
{
    public class Global : System.Web.HttpApplication
    {
 
        protected void Application_Start(object sender, EventArgs e)
        {
            AuthenticationModule.Initialized += this.AuthenticationModule_Initialized;
        }
 
        private void AuthenticationModule_Initialized(object sender, EventArgs e)
        {
            ObjectFactory.Container.RegisterType<AuthenticationProvidersInitializer, OIDCAuthenticationProvidersInitializerExtender>(new ContainerControlledLifetimeManager());
        }
    }
}

Navigate to Administration » Settings » Advanced » Authentication » SecurityTokenService » AuthetnicationProviders.
Click Create New.
Select OpenIDConnectAuthenticationProviderElement.
Configure a Name and a Title for the provider.
Make sure the Name in the configuration settings matches exactly the name you used when you registered it in the code. In this sample this is MyOIDC.
If the provider is not enabled, enable it.
Click Save changes.

## Extending the default implementation

If you want to extend the default implementation you can do so by implementing a new class and configuring it in the NotificationsType field in the configuration.

Create your handler
Navigate to Administration » Settings » Advanced » Authentication » SecurityTokenService » AuthetnicationProvider » OpenIDConnect.
Configure the name of your handler in the NotifcationsType field. In this example we fill out AuthenticationSamples. MyCustomOIDCHandler.

Save changes.

using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.Owin.Security.Notifications;
using Microsoft.Owin.Security.OpenIdConnect;
using Telerik.Sitefinity.Authentication.Configuration.SecurityTokenService.ExternalProviders;
using Telerik.Sitefinity.Authentication.IdentityServer;
 
namespace AutehnticationSamples
{
    public class MyCustomOIDCHandler : SitefinityOpenIdConnectAuthenticationNotifications
    {
        public MyCustomOIDCHandler(OpenIDConnectAuthenticationProviderElement openIdConfig) : base(openIdConfig)
        {
        }
 
        protected override Task SecurityTokenValidatedHandler(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
        {
            return base.SecurityTokenValidatedHandler(notification);
        }
 
        protected override Task AuthenticationFailedHandler(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
        {
            return base.AuthenticationFailedHandler(notification);
        }
 
        protected override Task AuthorizationCodeReceivedHandler(AuthorizationCodeReceivedNotification notification)
        {
            return base.AuthorizationCodeReceivedHandler(notification);
        }
 
        protected override Task MessageReceivedHandler(MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
        {
            return base.MessageReceivedHandler(notification);
        }
 
        protected override Task RedirectToIdentityProviderHandler(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
        {
            return base.RedirectToIdentityProviderHandler(notification);
        }
 
        protected override Task SecurityTokenReceivedHandler(SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
        {
            return base.SecurityTokenReceivedHandler(notification);
        }
    }
}

Want to learn more?

Enhance your Sitefinity skills by enrolling in free training sessions. Become Sitefinity certified through Progress Education Community to strengthen your professional credentials.

Get started with Integration Hub | Sitefinity Cloud

This free lesson teaches administrators, marketers, and other business professionals how to use Sitefinity Integration Hub to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting your Sitefinity instance and your sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity ASP.NET Core and take advantage of its decoupled architecture and modern development model.