Integrate Auth0 with Umbraco 7 for member authentication

Question

I'd like to integrate Auth0 with Umbraco 7 for authentication of members (members are users of the public website rather than backend CMS users).

What are the steps required to integrate the two?

Answer 1

For a clean solution I created an empty ASP.NET MVC project and added Umbraco using NuGet. I also pulled in Auth0 using NuGet.

1) Override UmbracoDefaultOwinStartup

Add Startup.cs to the solution, inheriting from UmbracoDefaultOwinStartup so we can still let Umbraco do it's thing:

using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Owin;
using System.Configuration;
using System.Web.Mvc;
using System.Web.Routing;

[assembly: OwinStartup("MyStartup", typeof(MySolution.MyStartup))]
namespace MySolution
{
    public class MyStartup : Umbraco.Web.UmbracoDefaultOwinStartup
    {
        public override void Configuration(IAppBuilder app)
        {
            // Let Umbraco do its thing
            base.Configuration(app);

            // Call the authentication configration process (located in App_Start/Startup.Auth.cs)
            ConfigureAuth(app);

            // Hook up Auth0 controller
            RouteTable.Routes.MapRoute(
                "Auth0Account",
                "Auth0Account/{action}",
                new
                {
                    controller = "Auth0Account"
                }
            );
        }

        private void ConfigureAuth(IAppBuilder app)
        {
            // Enable the application to use a cookie to store information for the signed in user
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Member/Login") // Use whatever page has your login macro lives on
            });

            // Use a cookie to temporarily store information about a user logging in with a third party login provider
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            app.UseAuth0Authentication(
                clientId: ConfigurationManager.AppSettings["auth0:ClientId"],
                clientSecret: ConfigurationManager.AppSettings["auth0:ClientSecret"],
                domain: ConfigurationManager.AppSettings["auth0:Domain"]);
        }
    }
}

You'll notice that we hook up the Auth0AccountController added by the Auth0 NuGet package. If we don't do this we'll get 404's once Auth0 returns the user to our site after authenticating.

Change the owin startup in web.config to use our new startup class:

<add key="owin:appStartup" value="MyStartup" />

2) Add ~/signin-auth0 to umbracoReservedPaths

We don't want Umbraco CMS to handle the ~/signin-auth0 used by Auth0 so we update the umbracoReservedPaths appSetting to tell it to ignore it:

<add key="umbracoReservedPaths" value="~/umbraco,~/install/,~/signin-auth0" />

3) Modify Auth0AccountController

You'll need to modify the Auth0AccountController to use redirects that are friendly to your Umbraco setup and pages you've configured / created. If you don't do this you'll start seeing "No route in the route table matches the supplied values" errors after a user has authenticated. You may want to inherit from Umbraco.Web.Mvc.SurfaceController or Umbraco.Web.Mvc.RenderMvcController instead of the standard Controller in order to expose Umbraco friendly properties and methods to your code.

You can then hook up any code you need in Auth0AccountController to automatically create new Members for new users, automatically login Members for existing users, etc. Or if you prefer you can simply bypass the use of Umbraco Members and handle the authenticated user in a different manner.