Custom external authentication providers

Sitefinity ships out of box with external authentication providers for popular Identity Providers like Google, Facebook, Microsoft. For more information, see Configure external identity providers.
It also has one configurable generic external identity provider for authenticating with systems that follow the OpenID Connect authentication protocol. For more information on customizing the OpenID Connect provider, see Implement custom external identity providers.

If you cannot use any of the out of the box external authentication providers, you can implement a fully custom one by following the samples below.

IMPORTANT: The samples here are not for production use, there are additional security implementations that are omitted.

The job of the external authentication provider is to authenticate the user and then pass a claims based identity to Sitefinity with a few required claims. The samples here cover two scenarios - one where the login page is on a remote server (Remote Login) and one where the login page is in Sitefinity and the credentials provided by the user are sent to a remote server for verification (Local Login).

All the samples are also available in GitHub.

Remote login implementation

  1. Create the configuration class.
    It contains custom settings that you might want to configure via the advanced settings view in Sitefinity CMS.
  2. Create the authentication handler class.
    This is where all the custom logic resides, the class should derive from AuthenticationHandler<RemoteLoginExternalAuthenticationProviderOptions>.
  3. Create a serializer class for the authentication properties.
    The authentication handler class depends on this serializer class.
  4. Create the custom authentication middleware class.
  5. Register the custom authentication middleware with Sitefinity.
  6. Including in the global.asax file.

  7. In Sitefinity CMS, navigate to Administration » Settings » Advanced » Authentication » SecurityTokenService » Authentication Providers.
  8. Click Create new.
  9. Select AuthenticationProviderElement.
  10. Fill out the fields.
    For Name, use the same name that you used when you registered the custom authentication provider in the AuthenticationProvidersInitializerExtender. In this sample it was CustomIP.
  11. Select Parameters under the authentication provider you just added.
  12. Click Create new.
  13. Add the properties that you want to be able to configure via advanced settings and that you have added to the RemoteLoginExternalAuthenticationProviderOptions class.
    In this tutorial we only want to be able to configure the address of the external identity provider. In the Key field, add the IdentityProviderAddress key and in the Value field add the address.

Local login implementation

If you want to host the login page locally and only send the credentials to the identification provider for verification, use this sample for the authentication handler class. Here for the purpose of the demo we host the login page in the handler itself.

IMPORTANT: This example shows a highly custom scenario with a narrow scope of applicability. A possible use case is when you are building a login against an external authentication provider which does not support OAuth OpenIDConnect-like flows and does not provide its own login UI but provides an API. This sample is a simplified demo showing you how to get credentials from the site visitor, relay the credentials to the authentication provider, handle the response, and login in Sitefinity after that. You need to write additional plumbing code to integrate such local login within the authentication UI of Sitefinity CMS.

Dummy identity provider

You can use this sample to test the above custom authentication providers.

IMPORTANT: Keep in mind that nothing here is production ready and needs further security checks and encryption.

You also need to create a startup class to register the dummy identity provider and register the startup class in the web.config file.

To register the startup class in the web.config file, perform the following:

  1. Open the web.config file.
  2. In the <appSettings> section, add the following line: <add key=”owin:appStartup” value=”AuthenticationSamples.Startup” />

Want to learn more?

Sign up for our free beginner training. Boost your credentials through advanced courses and certification.
Register for Sitefinity training and certification.

Was this article helpful?