Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols;
using Microsoft.Owin;
using Microsoft.Owin.Security.Notifications;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using Telerik.Sitefinity.Authentication;
using Telerik.Sitefinity.Authentication.Configuration.SecurityTokenService.ExternalProviders;
using Telerik.Sitefinity.Security.Claims;
namespace SitefinityWebApp.ExternalAuth
{
public class CustomAuthenticationProvidersInitializer : AuthenticationProvidersInitializer
{
public override Dictionary<string, Action<IAppBuilder, string, AuthenticationProviderElement>> GetAdditionalIdentityProviders()
{
var providers = base.GetAdditionalIdentityProviders();
// 'CustomSTS' is the name of the external authentication provider as configured in the Advanced settings
providers.Add("CustomSTS", (IAppBuilder app, string signInAsType, AuthenticationProviderElement providerConfig) =>
{
// You can add any parameter in the configuration. We use this as an example.
var clientId = providerConfig.GetParameter("clientId");
var options = new OpenIdConnectAuthenticationOptions()
{
ClientId = clientId,
Authority = "https://external-sts-address/",
AuthenticationType = providerConfig.Name,
SignInAsAuthenticationType = signInAsType,
// you can change the 'signin-customsts' part
CallbackPath = new PathString("/Sitefinity/Authenticate/OpenID/signin-customsts"),
RedirectUri = "http://yoursitefinitysite/Sitefinity/Authenticate/OpenID/signin-customsts",
PostLogoutRedirectUri = "http://yoursitefinitysite/",
ResponseType = "id_token",
Scope = "openid profile email",
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = n => this.SecurityTokenValidatedInternal(n),
}
};
app.UseOpenIdConnectAuthentication(options);
});
return providers;
}
private Task SecurityTokenValidatedInternal(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
// We have to enhance the identity, because the local STS works only with the following claims:
// SitefinityClaimTypes.ExternalUserEmail
// SitefinityClaimTypes.ExternalUserId
// SitefinityClaimTypes.ExternalUserName
// SitefinityClaimTypes.ExternalUserPictureUrl
// Note that only the SitefinityClaimTypes.ExternalUserEmail is required for successful authentication. The rest are optional.
var identity = notification.AuthenticationTicket.Identity;
var externalUserEmail = identity.FindFirst("email");
if (externalUserEmail != null)
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserEmail, externalUserEmail.Value));
var externalUserId = identity.FindFirst("sub");
if (externalUserId != null)
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserId, externalUserId.Value));
var externalUserName = identity.FindFirst("name");
if (externalUserName != null)
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserName, externalUserName.Value));
var externalUserPicture = identity.FindFirst("picture");
if (externalUserPicture != null)
identity.AddClaim(new Claim(SitefinityClaimTypes.ExternalUserPictureUrl, externalUserPicture.Value));
return Task.FromResult(0);
}
}
}
// Register the initializer the following way:
public class Global : System.Web.HttpApplication
{
protected void Application_Start(object sender, EventArgs e)
{
SystemManager.ApplicationStart += SystemManager_ApplicationStart;
}
private void SystemManager_ApplicationStart(object sender, EventArgs e)
{
ObjectFactory.Container.RegisterType<AuthenticationProvidersInitializer, CustomAuthenticationProvidersInitializer>(new ContainerControlledLifetimeManager());
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment