EPiServer CMS UI AspNetIdentity OWIN authentication

You can configure the application to use EPiServer AspNetIdentity as the authentication module for managing users and roles. This configuration requires the following NuGet package as a dependency: EPiServer.CMS.UI.AspNetIdentity.

To use and configure EPiServer AspNetIdentity OWIN-based authentication:

1. Set the authentication mode in the system.web section of the web.config file as shown:
   

   <authentication mode="None"></authentication>

2. Clear the membership and rolemanager providers from web.config as shown:
   

   <membership><providers><clear /></providers></membership>
   <roleManager><providers><clear /></providers></roleManager>

3. Because OWIN pipeline is a startup class needed to configure the application, add the following code to the startup class:
   

   using EPiServer.Cms.UI.AspNetIdentity;
   using Microsoft.AspNet.Identity;
   using Microsoft.AspNet.Identity.Owin;
   using Microsoft.Owin;
   using Microsoft.Owin.Security.Cookies;
   using Owin;
   using System; 
   
   [assembly: OwinStartup(typeof(Startup))]
   
   public void Configuration(IAppBuilder app)
   {
      // Add CMS integration for ASP.NET Identity
      app.AddCmsAspNetIdentity<ApplicationUser>();   
      // Use cookie authentication
      app.UseCookieAuthentication(new CookieAuthenticationOptions
      {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString(login-path),
        Provider = new CookieAuthenticationProvider
        {
                OnValidateIdentity = 
                   SecurityStampValidator.OnValidateIdentity<ApplicationUserManager<ApplicationUser>,ApplicationUser>(
                       validateInterval: TimeSpan.FromMinutes(30),
                       regenerateIdentity: (manager, user) => manager.GenerateUserIdentityAsync(user))
        }
      });
   }

The EPiServer.CMS.UI.AspNetIdentity NuGet package implements the UIUsersManager, UIRoleManager, SecurityEntityProvider and SignInManager providers, which need to be integrated with the Episerver user interface. This means the users, roles and access rights can be managed from admin view. And, the Episerver user interface login page ("/util/login.aspx") can be used for login.

Custom user database

By default, the ApplicationContext uses the EPiServerDB as a connection string name to save AspNet Users and roles. You can override it like this: 

app.AddCmsAspNetIdentity<ApplicationUser>(new ApplicationOptions() { ConnectionStringName = " connection string name" });

Custom user model

There are two ways to define a custom user model.

• Inherit from EPiServer.Cms.UI.AspNetIdentity.ApplicationUser, like this:
  

  public class CustomUser : ApplicationUser
  {
     //your custom properites
  }

• Inherit from Microsoft.AspNet.Identity.EntityFramework.IdentityUser and the EPiServer.Shell.Security.IUIUser interfaces, like this:
  

   public class CustomUser : IdentityUser, IUIUser
      {
          public string Comment { get; set; }
          public bool IsApproved { get; set; }
          public bool IsLockedOut { get; set; }
  
          [Column(TypeName = "datetime2")]
          public DateTime CreationDate { get; set; }
          
          [Column(TypeName = "datetime2")]
          public DateTime? LastLockoutDate { get; set; }
          
          [Column(TypeName = "datetime2")]
          public DateTime? LastLoginDate { get; set; }
  
          public string PasswordQuestion{get;set;}
  
          public string ProviderName
          {
              get { return "MyProviderName"; }
          }
  
          [NotMapped]
          public string Username 
          { 
              get { return base.UserName; } 
              set { base.UserName = value; }
          }
      }

After defining a custom user model, you need to configure it in the OWIN startup class, like this:

    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            // Add CMS integration for ASP.NET Identity             
            app.AddCmsAspNetIdentity<CustomUser>();

            // Use cookie authentication
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString(YourLoginPath or "/Util/Login.aspx"),
                Provider = new CookieAuthenticationProvider
                {
                 OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager<CustomUser>, CustomUser>(
                   validateInterval: TimeSpan.FromMinutes(30),
                   regenerateIdentity: (manager, user) => manager.GenerateUserIdentityAsync(user))
                }
            });
        }
    }

SecurityEntityProvider 

The EPiServer.CMS.UI.AspNetIdentity implements and registers the UIUserProvider, UIRoleProvider, UISignInManager and SecurityEntity provider in the container. To override them, you need to programmatically register it in the InitializeModule, like this:

    [EPiServer.Framework.InitializableModule]
    [EPiServer.Framework.ModuleDependency(typeof(EPiServer.Cms.UI.AspNetIdentity.ApplicationSecurityEntityInitialization))]
    [EPiServer.Framework.ModuleDependency(typeof(EPiServerUIInitialization))]
    public class MyInitializeModule : EPiServer.ServiceLocation.IConfigurableModule
    {
        public void ConfigureContainer(EPiServer.ServiceLocation.ServiceConfigurationContext context)
        {
           //Configure your providers
        }
        public void Initialize(EPiServer.Framework.Initialization.InitializationEngine context) { }
        public void Uninitialize(EPiServer.Framework.Initialization.InitializationEngine context) { }

Last updated: Jul 14, 2016