Custom external authentication providers
Sitefinity ships out of box with external authentication providers for popular Identity Providers like Google, Facebook, Microsoft. For more information, see Configure external identity providers.
It also has one configurable generic external identity provider for authenticating with systems that follow the OpenID Connect authentication protocol. For more information on customizing the OpenID Connect provider, see Implement custom external identity providers.
If you cannot use any of the out of the box external authentication providers, you can implement a fully custom one by following the samples below.
IMPORTANT: The samples here are not for production use, there are additional security implementations that are omitted.
The job of the external authentication provider is to authenticate the user and then pass a claims based identity to Sitefinity with a few required claims. The samples here cover two scenarios - one where the login page is on a remote server (Remote Login) and one where the login page is in Sitefinity and the credentials provided by the user are sent to a remote server for verification (Local Login).
All the samples are also available in GitHub.
Remote login implementation
- Create the configuration class.
It contains custom settings that you might want to configure via the advanced settings view in Sitefinity CMS.
- Create the authentication handler class.
This is where all the custom logic resides, the class should derive from
- Create a serializer class for the authentication properties.
The authentication handler class depends on this serializer class.
- Create the custom authentication middleware class.
- Register the custom authentication middleware with Sitefinity.
Including in the global.asax file.
- In Sitefinity CMS, navigate to Administration » Settings » Advanced » Authentication » SecurityTokenService » Authentication Providers.
- Click Create new.
- Fill out the fields.
For Name, use the same name that you used when you registered the custom authentication provider in the
AuthenticationProvidersInitializerExtender. In this sample it was
- Select Parameters under the authentication provider you just added.
- Click Create new.
- Add the properties that you want to be able to configure via advanced settings and that you have added to the
In this tutorial we only want to be able to configure the address of the external identity provider.
In the Key field, add the
IdentityProviderAddress key and in the Value field add the address.
Local login implementation
If you want to host the login page locally and only send the credentials to the IP for verification use this sample for the authentication handler class. Here for the purpose of the demo we host the login page in the handler itself.
Dummy identity provider
You can use this sample to test the above custom authentication providers.
IMPORTANT: Keep in mind that nothing here is production ready and needs further security checks and encryption.
You also need to create a startup class to register the dummy identity provider and register the startup class in the
To register the startup class in the
web.config file, perform the following:
- Open the
- In the
<appSettings> section, add the following line:
<add key=”owin:appStartup” value=”AuthenticationSamples.Startup” />