You can use external login providers such as ADFS for Active Directory (AD) or social such as Google or Facebook.
You can add links to a third-party service on the login page that can be used for logging in to Litium. If a user logging in with an external provider is not recognised in Litium, a new user account will be created based on the credentials used with the external provider.
To use external login providers on your site you need to do the following:
To be able to use the startup class that you will create you need to add the assemblies below, otherwise the project will not compile. The easiest way to install the assemblies is to use the Nuget Package Manager Console. Select Litium.Studio.Accelerator as default project and run the following commands to install the assemblies needed:
Install-Package Owin
Install-Package Microsoft.Owin.Security.Cookies
Install-Package Microsoft.AspNet.Identity.Core
Install-Package Microsoft.AspNet.Identity.Owin
Install-Package Microsoft.Owin.Host.SystemWeb
Back to the top
Install the packages of the third-party providers you want to use through the Nuget Package Manager Console. A full list of providers that Microsoft already built can be found on http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity. Remember to select the project where the startup class is located before running the commands, otherwise you will not be able to register the provider.
Install-Package Microsoft.Owin.Security.Google
Install-Package Microsoft.Owin.Security.Facebook
Back to the top
3. Register and enable the external login proivders in the IOwinStartupConfiguration interface
In the following example Facebook and Google has been registered as external authentication providers. You can register Microsoft and other providers in the same way. The information that can be claimed from the external login providers is determined by what the users have allowed, and needs to be configured individually for each provider.
- OnAuthenticated: Callback method sent to the external login provider.
- Scope: The information claimed from the external login provider.
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using Litium.Common;
using Litium.Foundation.GUI.Constants;
using Litium.Owin.Lifecycle;
using Microsoft.Owin.Security.Facebook;
using Owin;
namespace Litium.Accelerator.Mvc.App_Start
{
internal class SsoSetup : IOwinStartupConfiguration
{
private readonly SettingService _settingServise;
public SsoSetup(SettingService settingServise)
{
_settingServise = settingServise;
}
public void Configuration(IAppBuilder app)
{
app.UseExternalSignInCookie();
// Enable Google third party authentication providers
var googleClientId = ConfigurationManager.AppSettings["GoogleApplicationId"];
var googleSecretKey = ConfigurationManager.AppSettings["GoogleApplicationSecret"];
if (!string.IsNullOrEmpty(googleClientId) && !string.IsNullOrEmpty(googleSecretKey))
{
app.UseGoogleAuthentication(googleClientId, googleSecretKey);
}
// Enable Facebook third party authentication providers
var facebookAppId = ConfigurationManager.AppSettings["FacbookApplicationId"];
var facebookAppSecret = ConfigurationManager.AppSettings["FacbookApplicationSecret"];
if (!string.IsNullOrWhiteSpace(facebookAppId) && !string.IsNullOrWhiteSpace(facebookAppSecret))
{
var facebookAuthenticationOptions = new FacebookAuthenticationOptions
{
AppId = facebookAppId,
AppSecret = facebookAppSecret,
Provider = new FacebookAuthenticationProvider
{
// Get the access token fron FB and store it as a claim, use FacebookC# SDK to get more information from facebook.
OnAuthenticated = context =>
{
context.Identity.AddClaim(new Claim("FacebookAccessToken", context.AccessToken));
return Task.CompletedTask;
}
},
Scope = { "email", "public_profile" }
};
app.UseFacebookAuthentication(facebookAuthenticationOptions);
}
}
}
}
Back to the top
Create a controller for the third-party login providers and mark it as a login page.
using Litium.Accelerator.Definitions.PageTypes;
using Litium.ComponentModel;
using Litium.Customers;
using Litium.Security;
using Litium.Web.Mvc;
using Litium.Web.Security.Identity;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
namespace Litium.Accelerator.Mvc.Controllers
{
public class SsoLoginController : Controller
{
private readonly AuthenticationService _authenticationService;
private readonly PersonService _personService;
private readonly SecurityContextService _securityContextService;
public SsoLoginController(AuthenticationService authenticationService, PersonService personService, SecurityContextService securityContextService)
{
_authenticationService = authenticationService;
_personService = personService;
_securityContextService = securityContextService;
}
// GET: SsoLogin
[PageTemplate(typeof(LoginPage), "~/Site/Images/Login.png", Name = "SSO Login")]
public async Task<ActionResult> Index(string redirectUrl)
{
var owinContext = HttpContext.GetOwinContext();
var userManager = owinContext.Get<ApplicationUserManager>();
var authenticationManager = owinContext.Authentication;
var connectedServices = (User.Identity.IsAuthenticated
? (await userManager.GetLoginsAsync(new Guid(User.Identity.GetUserId())).ConfigureAwait(false))
: new List<UserLoginInfo>()).Select(x => x.LoginProvider);
var providers = authenticationManager.GetExternalAuthenticationTypes()
.Where(t => !connectedServices.Contains(t.AuthenticationType))
.Select(t => new SsoProviderModel
{
ProviderName = t.AuthenticationType,
Url = Url.Action(nameof(RedirectToProvider), new { provider = t.AuthenticationType, redirectUrl })
}).ToList();
return View(model: new SsoLoginModel { Providers = providers });
}
public ActionResult RedirectToProvider(string provider, string redirectUrl)
{
var owinContext = HttpContext.GetOwinContext();
var properties = new AuthenticationProperties
{
RedirectUri = Url.Action(nameof(ProviderLogin), new { redirectUrl })
};
owinContext.Authentication.Challenge(properties, provider);
return Content("OK");
}
public async Task<ActionResult> ProviderLogin(string redirectUrl)
{
var url = redirectUrl.NullIfEmpty() ?? "/";
var owinContext = HttpContext.GetOwinContext();
var userManager = owinContext.Get<ApplicationUserManager>();
var authenticationManager = owinContext.Authentication;
var loginInfo = await authenticationManager.GetExternalLoginInfoAsync().ConfigureAwait(false);
if (loginInfo == null)
{
return Redirect(url);
}
var identityUser = userManager.Find(loginInfo.Login);
if (identityUser == null)
{
var externalIdentity = await authenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie).ConfigureAwait(false);
var loginName = externalIdentity.FindFirstValue(ClaimTypes.Email)
?? externalIdentity.FindFirstValue(ClaimTypes.Name)
?? externalIdentity.FindFirstValue(ClaimTypes.NameIdentifier);
Guid personSystemId = Guid.Empty;
if (User.Identity.IsAuthenticated)
{
personSystemId = new Guid(User.Identity.GetUserId());
}
else
{
var email = externalIdentity.FindFirstValue(ClaimTypes.Email);
var person = _personService.Get(email);
if (person == null)
{
person = new Person(CMS.Settings.WebsiteSettings.Instance.PersonTemplateId);
var surename = externalIdentity.FindFirstValue(ClaimTypes.Surname);
var givenName = externalIdentity.FindFirstValue(ClaimTypes.GivenName);
if (string.IsNullOrEmpty(surename) && string.IsNullOrEmpty(givenName))
{
var displayName = externalIdentity.FindFirstValue("urn:facebook:name")
?? externalIdentity.FindFirstValue(ClaimTypes.Name);
var displayNamePart = displayName.Split(new[] { '.', ' ' });
if (displayNamePart.Length > 0)
{
givenName = displayNamePart.First();
surename = displayNamePart.Last();
}
}
person.FirstName = givenName;
person.LastName = surename;
person.Email = email;
person.Id = email;
person.LoginCredential.Username = email;
using (_securityContextService.ActAsSystem(extraInfo: "Create person from SSO"))
{
_personService.Create(person);
}
}
personSystemId = person.SystemId;
}
var result = await userManager.AddLoginAsync(personSystemId, loginInfo.Login).ConfigureAwait(false);
if (!result.Succeeded)
{
return Redirect(url);
}
}
_authenticationService.ExternalSignIn(loginInfo.Login.LoginProvider, loginInfo.Login.ProviderKey);
return Redirect(url);
}
[HttpGet]
public RedirectResult Logout(string redirectUrl = "")
{
if (string.IsNullOrWhiteSpace(redirectUrl))
{
redirectUrl = "~/";
}
_authenticationService.SignOut();
return new RedirectResult(redirectUrl);
}
}
public class SsoLoginModel
{
public List<SsoProviderModel> Providers { get; set; }
}
public class SsoProviderModel
{
public string ProviderName { get; set; }
public string Url { get; set; }
}
}
Then display the links to the external login providers on the login page by adding the following code to the view:
@model Litium.Accelerator.Mvc.Controllers.SsoLoginModel
<ul>
@foreach (var provider in Model.Providers)
{
<li><a href="@provider.Url">@provider.ProviderName</a></li>
}
</ul>
Back to the top
In general you need to set a re-direct URI and get the client ID and client secret from the external provider. Refer to the documentation of the login provider you will use, for example the following:
Back to the top
Change the login page template in back office so that it uses the new controller.
- Click Settings > Websites > Page types and templates.
- Select your login page in the list and click Templates.
- Either create a new template (New template) or change an existing template (select the template > Edit).
- Select the new controller in the Controller drop-down list, change any other settings, and click Save.
Back to the top
- Build the site and go to the start page of the accelerator.
- Click Log in. The new login page with the external providers should be displayed.
- Click the name of the external provider. You will be re-directed to the provider's login page. If you are already logged in on the third-party service you will be immediately re-directed back to the Litium site. If you are not logged in, you will be asked to log in, and then you will be re-directed back to the Litium site.
Troubleshooting
- If the old login page is displayed, try clearing your cache.
- If the external providers are not displayed on the login page, make sure that you have setup the IOwinStartupConfiguration interface correctly.
Back to the top