Umbraco 7.3+ and OAuth 2.0

This document details how to set up Umbraco 7.3+ with OAuth 2.0

Before we can start we need to set up our project:

  1. Start with a new MVC5 project.
  2. Add Umbraco 7.3 or higher to the project.
  3. Run the project and set up Umbraco.
  4. Create a Google app on the Google developer console (https://console.developers.google.com)

After creating the App on the Google developer console make sure to add the proper redirect URI.
This is the address of your server followed by /signin-google.

step14

Once the project is set up we need to make some changes. After installing Umbraco, the standard Startup class is no longer executed. Instead, Umbraco it’s own UmbracoDefaultOwinStartup class is executed. We are going to take back control by making the Startup class inherit from UmbracoDefaultOwinStartup and then changing the web.config file to execute our class instead of the UmbracoDefaultOwinStartup class.

First make the Startup class inherit from UmbracoDefaultOwinStartup and add the following code to it:

base.Configuration(app);
ConfigureAuth(app);

It’s important that base.Configuration is called before setting the OAUTH cookies with ConfigureAuth.

[assembly: OwinStartupAttribute(typeof(umbracotestproject.Startup))]
namespace umbracotestproject
{
    public partial class Startup : UmbracoDefaultOwinStartup 
    {
        public override void Configuration(IAppBuilder app)
        {
            base.Configuration(app);
            ConfigureAuth(app);
        }
    }
}

Now we need to change the owin:appStartup key. Instead of the UmbracoDefaultOwinStartup class we have to add our own Startup class.

<appSettings>
 <add key="umbracoConfigurationStatus" value="7.3.0" />
 <add key="umbracoReservedUrls" value="~/config/splashes/booting.aspx,~/install/default.aspx,~/config/splashes/noNodes.aspx,~/VSEnterpriseHelper.axd" />
 <add key="umbracoReservedPaths" value="~/umbraco,~/install/" />
 <add key="umbracoPath" value="~/umbraco" />
 <add key="umbracoHideTopLevelNodeFromPath" value="true" />
 <add key="umbracoUseDirectoryUrls" value="true" />
 <add key="umbracoTimeOutInMinutes" value="20" />
 <add key="umbracoDefaultUILanguage" value="en" />
 <add key="umbracoUseSSL" value="false" />
 <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
 <add key="webpages:Enabled" value="false" />
 <add key="enableSimpleMembership" value="false" />
 <add key="autoFormsAuthentication" value="false" />
 <add key="log4net.Config" value="config\log4net.config" />
 <add key="owin:appStartup" value="umbracotestproject.Startup" />
 </appSettings>

Now that our own Startup class is executed, we can enable OAUTH. In order to do this we need to uncomment some code that is already present in the Startup.Auth file.

 //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
 //{
 // ClientId = "",
 // ClientSecret = ""
 //});

Uncomment the app.UseGoogleAuthentication code and fill in the ClientId and ClientSecret of your Google App.

app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = "",
ClientSecret = ""
});

Change the AccountController so that it inherits from the Umbraco SurfaceController.


[Authorize]
public class AccountController : SurfaceController
{
private ApplicationSignInManager _signInManager;
private ApplicationUserManager _userManager;

// Removed code for improved readability for this tutorial
}

In my own project I had to remove the forms authentication code from the Web.Config file.

<!-- <authentication mode="Forms">
<forms name="yourAuthCookie" loginUrl="login.aspx" protection="All" path="/" />
</authentication> -->
<authorization>
<allow users="?" />
</authorization>

In order to show the Google login button we can add the following code to our master template:

if (Members.IsLoggedIn())
{
Html.RenderPartial("~/Views/Account/_ExternalLoggedInPartial.cshtml", Model);
}
else
{
<section id="socialLoginForm">
@Html.Partial("~/Views/Account/_ExternalLoginsListPartial.cshtml", new ExternalLoginListViewModel { ReturnUrl = Model.Url })
</section>
}

Build and run the project and see if you can login using Google.

Martin de Boer

Martin de Boer

Martin de Boer is a .NET developer at Indivirtual. Currently specializing himself in the magical art of Umbraco.