INDIVIRTUAL - TECHNISCH PARTNER IN DIGITALE DIENSTVERLENING

Umbraco 7.3+ and OAuth 2.0

October 28, 2015

Umbraco 7.3+ and OAuth 2.0

This document details how to set up Umbraco 7.3+ with OAuth 2.0.

Before we can start we need to set up our project:

  1. Start with a new MVC5 project.
  2. Add Umbraco 7.3 or higher to the project.
  3. Run the project and set up Umbraco.
  4. Create a Google app on the Google developer console (https://console.developers.google.com)
After creating the App on the Google developer console make sure to add the proper redirect URI. This is the address of your server followed by /signin-google.

step14.png

Once the project is set up we need to make some changes. After installing Umbraco, the standard Startup class is no longer executed. Instead, Umbraco it’s own UmbracoDefaultOwinStartup class is executed. We are going to take back control by making the Startup class inherit from UmbracoDefaultOwinStartup and then changing the web.config file to execute our class instead of the UmbracoDefaultOwinStartup class.

First make the Startup class inherit from UmbracoDefaultOwinStartup and add the following code to it:

    
base.Configuration(app);
ConfigureAuth(app);

    ```
    

It’s important that <em>base.Configuration</em> is called before setting the OAUTH cookies with<em> ConfigureAuth.</em>

``` csharp
    
[assembly: OwinStartupAttribute(typeof(umbracotestproject.Startup))]
namespace umbracotestproject
{
    public partial class Startup : UmbracoDefaultOwinStartup 
    {
        public override void Configuration(IAppBuilder app)
        {
            base.Configuration(app);
            ConfigureAuth(app);
        }
    }
}

    ```
    

Now we need to change the <em>owin:appStartup</em> key. Instead of the <em>UmbracoDefaultOwinStartup</em> class we have to add our own <em>Startup</em> class.

``` xml
    
&lt;appSettings&gt;
 &lt;add key=&quot;umbracoConfigurationStatus&quot; value=&quot;7.3.0&quot; /&gt;
 &lt;add key=&quot;umbracoReservedUrls&quot; value=&quot;~/config/splashes/booting.aspx,~/install/default.aspx,~/config/splashes/noNodes.aspx,~/VSEnterpriseHelper.axd&quot; /&gt;
 &lt;add key=&quot;umbracoReservedPaths&quot; value=&quot;~/umbraco,~/install/&quot; /&gt;
 &lt;add key=&quot;umbracoPath&quot; value=&quot;~/umbraco&quot; /&gt;
 &lt;add key=&quot;umbracoHideTopLevelNodeFromPath&quot; value=&quot;true&quot; /&gt;
 &lt;add key=&quot;umbracoUseDirectoryUrls&quot; value=&quot;true&quot; /&gt;
 &lt;add key=&quot;umbracoTimeOutInMinutes&quot; value=&quot;20&quot; /&gt;
 &lt;add key=&quot;umbracoDefaultUILanguage&quot; value=&quot;en&quot; /&gt;
 &lt;add key=&quot;umbracoUseSSL&quot; value=&quot;false&quot; /&gt;
 &lt;add key=&quot;ValidationSettings:UnobtrusiveValidationMode&quot; value=&quot;None&quot; /&gt;
 &lt;add key=&quot;webpages:Enabled&quot; value=&quot;false&quot; /&gt;
 &lt;add key=&quot;enableSimpleMembership&quot; value=&quot;false&quot; /&gt;
 &lt;add key=&quot;autoFormsAuthentication&quot; value=&quot;false&quot; /&gt;
 &lt;add key=&quot;log4net.Config&quot; value=&quot;config\log4net.config&quot; /&gt;
 &lt;add key=&quot;owin:appStartup&quot; value=&quot;umbracotestproject.Startup&quot; /&gt;
 &lt;/appSettings&gt;

    ```
    

Now that our own <em>Startup</em> class is executed, we can enable OAUTH. In order to do this we need to uncomment some code that is already present in the Startup.Auth file.

``` csharp
    
 //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
 //{
 // ClientId = &quot;&quot;,
 // ClientSecret = &quot;&quot;
 //});

    ```
    

Uncomment the<em> app.UseGoogleAuthentication </em>code and fill in the <em>ClientId</em> and <em>ClientSecret</em> of your Google App.

``` csharp
    
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = &quot;&quot;,
ClientSecret = &quot;&quot;
});

    ```
    

Change the <em>AccountController </em>so that it inherits from the Umbraco <em>SurfaceController</em>.

``` csharp
    

[Authorize]
public class AccountController : SurfaceController
{
private ApplicationSignInManager _signInManager;
private ApplicationUserManager _userManager;

// Removed code for improved readability for this tutorial
}

    ```
    

In my own project I had to remove the forms authentication code from the <em>Web.Config</em> file.

``` xml
    
&lt;!-- &lt;authentication mode=&quot;Forms&quot;&gt;
&lt;forms name=&quot;yourAuthCookie&quot; loginUrl=&quot;login.aspx&quot; protection=&quot;All&quot; path=&quot;/&quot; /&gt;
&lt;/authentication&gt; --&gt;
&lt;authorization&gt;
&lt;allow users=&quot;?&quot; /&gt;
&lt;/authorization&gt;

    ```
    

In order to show the Google login button we can add the following code to our master template:

``` csharp
    
if (Members.IsLoggedIn())
{
Html.RenderPartial(&quot;~/Views/Account/_ExternalLoggedInPartial.cshtml&quot;, Model);
}
else
{
&lt;section id=&quot;socialLoginForm&quot;&gt;
@Html.Partial(&quot;~/Views/Account/_ExternalLoginsListPartial.cshtml&quot;, new ExternalLoginListViewModel { ReturnUrl = Model.Url })
&lt;/section&gt;
}

    ```
    

Build and run the project and see if you can login using Google.

Martin de Boer