Sitecore Federated Authentication – Part 1 – Authentication with Google and Facebook Identity Providers

Hello Sitecorians,

Hope you all are enjoying the Sitecore Experience 🙂

Sitecore has brought about a lot of exciting features in Sitecore 9. One of the features available out of the box is Federated Authentication. I will show you a step by step procedure for implementing Facebook and Google Authentication in Sitecore 9. Before we dive in, it’s always good to understand how the system works and the basic of Federated Authentication System.

So, what’s Authentication?

Authentication is the act of confirming the truth of an attribute of a single piece of data claimed true by an entity. In contrast with identification, which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing’s identity, authentication is the process of actually confirming that identity. It might involve confirming the identity of a person by verifying the authenticity of a website with a digital certificate.

wikipedia

What is OAuth?

OAuth is an Authorization Protocol. It’s an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third-party applications or websites.

wikipedia

What’s OWIN Middleware?

It stands for Open Web Interface for .Net. It is a new standardized interface between web servers and applications. It stands as a middleware to be used in a pipeline to handle requests and associated responses. OWIN provides a decoupling layer that allows two frameworks with disparate object models to be used together.

What’s Federated Authentication?

It is also called as Federated Identity or SSO (Single Sign-On)

A federated identity in information technology is the means of linking a person’s electronic identity and attributes, stored across multiple distinct identity management systems.

wikipedia

Sitecore uses the ASP.NET Membership provider for the Sitecore user login. Now we can integrate external identity provider login easily by writing few lines of code. ASP.NET Provides the external identity functionality based on OWIN-Middleware. Sitecore has implemented the OWIN Pipeline very nicely directly into the core platform.

How it works?

Read More