This example demonstrates the use of OAuth2 authentication in a web application. Users can sign in to the application via Google, Facebook or Microsoft authentication providers.
![]()
You can try this demo "as is" to overview its capabilities, and then try the demonstrated functionality in your own XAF applications according to the instructions below.
How to Run this DemoBefore running this demo, register developer accounts at the services you are going to use:
-
https://console.developers.google.com/-
https://developers.facebook.com/-
https://apps.dev.microsoft.com/ Open the
Web.config file and specify your own client IDs and client secrets for each provider.
[XML]
<appSettings><addkey="GoogleClientID"value="YourGoogleClientID"/><addkey="GoogleClientSecret"value="YourGoogleClientSecret"/><addkey="FacebookClientID"value="YourFacebookClientID"/><addkey="FacebookClientSecret"value="YourFacebookClientSecret"/><addkey="MicrosoftClientID"value="YourMicrosoftClientID"/><addkey="MicrosoftClientSecret"value="YourMicrosoftClientSecret"/>
You can remove keys corresponding to providers that you do not want to use.
Now you can run the application.
Overview of this Demo CapabilitiesIn the logon window, there are buttons for each provider specified in
Web.config:
![]()
Standard XAF authentication with built-in username/password is also supported. When you log in via OAuth authentication, the email is used as a user name. By default, a user object is autocreated for each logon. You can disable autocreation, or specify the auto-assigned role for new users in the
InitializeComponent method (see
WebApplication.cs(vb)):
[C#]
this.securityStrategyComplex1.NewUserRoleName="Default";((AuthenticationStandartWithOAuth)authenticationBase).CreateUserAutomatically=true;
[VB.NET]
Me.securityStrategyComplex1.NewUserRoleName = "Default"CType(authenticationBase, AuthenticationStandartWithOAuth).CreateUserAutomatically = True
When
CreateUserAutomatically is false, the logon is allowed if a user with the email returned by the external service exists in the application database. To grant access to a user with a specific e-mail, use the built-in Admin account, create a user object and set the
UserName to this e-mail.
![]()
If you set the
EnableStandardAuthentication property to true for an auto-created user, this user will be able to login directly, with a user name and password. Note that the password is empty by default, so do not forget to specify it when enabling standard authentication.
![]()
Each user can have several associated email addresses. To add or remove email addresses, use the
OAuth Authorization Emails list in the user's Detail View.
![]()
How to Implement the Demonstrated Functionality in your XAF Application 1. In your solution, open
Package Manager Console.
1.1. Choose the
YourSolutionName.Web project in the
Default project combo box, and execute the following commands to add Owin packages:
Install-Package Microsoft.Owin -Version 3.1.0
Install-Package Microsoft.Owin.Security -Version 3.1.0
Install-Package Microsoft.Owin.Security.Cookies -Version 3.1.0
Install-Package Microsoft.Owin.Host.SystemWeb -Version 3.1.0
Install-Package Microsoft.Owin.Security.Google -Version 3.1.0
Install-Package Microsoft.Owin.Security.Facebook -Version 3.1.0
Install-Package Microsoft.Owin.Security.MicrosoftAccount -Version 3.1.0
1.2. Switch to the
YourSolutionName.Module.Web project and install these two packages:
Install-Package Microsoft.Owin -Version 3.1.0 Install-Package Microsoft.Owin.Host.SystemWeb -Version 3.1.0
2. Open the
Web.config file and specify your own client IDs and client secrets for each provider you are going to use. Refer to the
AuthenticationOwin.Web\Web.config file in the demo solution to see the example. Then, set the authentication mode to "None" and comment or remove settings related to the default XAF authentication:
[XML]
<authenticationmode="None"/></authentication>
3. Copy the following files from the demo solution to the corresponding locations within your solution:
- AuthenticationOwin.Module\AuthenticationStandartWithOAuth.cs(vb)
- AuthenticationOwin.Module\IAuthenticationOAuthUser.cs(vb)
- AuthenticationOwin.Module.Web\Controllers\LogonAuthController.cs
(vb)- AuthenticationOwin.Module.Web\Security\CustomSecurityStrategyComplex.cs(vb)
- AuthenticationOwin.Module.Web\Controllers\LogonAuthController.cs(vb)
- AuthenticationOwin.Module.Web\Images\Facebook.svg
- AuthenticationOwin.Module.Web\Images\Google.svg
- AuthenticationOwin.Module.Web\Images\Microsoft.png- AuthenticationOwin.Web\Startup.cs(vb)-
AuthenticationOwin.Web\LogonTemplateContent1.ascx
- AuthenticationOwin.Web\LogonTemplateContent1.ascx.cs(vb)
- AuthenticationOwin.Web\LogonTemplateContent1.ascx.designer.cs(vb)
Include the copied files to your solution (
Add |
Existing Item...). Update the namespace names in the copied code files to match namespaces you use in your solution. For image files, set the
Build Action property to
Embedded Resource.
4. Edit the
YourSolutionName.Module\Module.cs file. In the overridden
Setup method, handle the
XafApplication.CreateCustomLogonWindowControllers event and add the
LogonAuthController to the
e.Controllers collection passed to this event. Refer to the
AuthenticationOwin.Module.Web\Module.cs(vb) file to see an example.
5. Edit the
YourSolutionName.Web\WebApplication.cs(vb) code and register this custom security strategy:
[C#]
this.securityStrategyComplex1=newAuthenticationOwin.Module.Web.Security.CustomSecurityStrategyComplex();
[VB.NET]
Me.securityStrategyComplex1 = New AuthenticationOwin.Module.Web.Security.CustomSecurityStrategyComplex()
6. Implement the
IAuthenticationOAuthUser interface in your custom user class. You can see an example in the
AuthenticationOwin.Module\BusinessObjects\OAuthUser.cs file. If you use the built-in user, you can copy the
OAuthUser class to your project from the demo and set the
SecurityStrategy.UserType property to
OAuthUser in the
Application Designer.
7. Change the code that creates your predefined users in
YourSolutionName.Module\DatabaseUpdate\Updater.cs. Set
EnableStandardAuthentication to
true for users who can login with standard authentication (username and password). See the example in the
AuthenticationOwin.Module\DatabaseUpdate\Updater.cs file.
8. Register the
LogonTemplateContent1.ascx template in the
YourSolutionName.Web\Global.asax.cs file:
[C#]
WebApplication.Instance.Settings.LogonTemplateContentPath="LogonTemplateContent1.ascx";
[VB.NET]
WebApplication.Instance.Settings.LogonTemplateContentPath = "LogonTemplateContent1.ascx"
9. Copy the
LoginWith* actions customizations and the
AuthenticationStandardLogonParameters_DetailView layout settings from the
AuthenticationOwin.Module.Web\Model.xafml file to the same file in the
YourSolutionName.Web project. If you have no model customizations in
Model.xafml, you can just overwrite it with the file from demo. Ensure that the
IsPostBackRequired property of each
LoginWith* action is set to true.
Tip: You can refer to the
OWIN OAuth 2.0 Authorization Server documentation to learn how to add more authentication providers.
For an example of integrating OAuth2 authentication in a WinForms XAF application, refer to the
XAF - OAuth2 Authentication for WinForms ticket.
Important noteThis example shows how XAF can work with OAuth2, in particular, how XAF can get a user's email from a service that uses this framework, and create (or authenticate) a user based on it (
the AuthenticationStandartWithOAuth.Authenticate method). The API and settings of services (Google, Facebook, and Microsoft) that we use in this example often change and we can't always keep this example up to date with them. Moreover, we often can't handle these changes in our example. For example, Microsoft
requires the '/signin-microsoft' string to the Redirect URI or Google requires to enable the Google+ API. If you face difficulties with the authenticate process in this example, refer to the used OAuth2 service's documentation and make sure that all settings are correct. Feel free to create merge requests to this example if needed.
Question Comments
Added By:
Scott Gross at:
7/14/2017 8:43:09 AM Will this work with XAF Mobile as well?Added By:
Konstantin B (DevExpress) at:
7/16/2017 11:07:04 PM We haven't yet tested this approach with XAF Mobile. However, we will consider including the mobile app project to this demo. I've created a separate ticket on your behalf (
T536304: OAuth2 authentication in XAF Mobile). It has been placed in our processing queue and will be answered shortly.Added By:
Rik Pronk at:
8/1/2017 6:41:49 AM In the sample project, I noticed some errors in the web.config file. Below 'For applications with a security system' the <Authentication> tag is used, but that's supposed to be the <authorization> tag instead.Added By:
Konstantin B (DevExpress) at:
8/1/2017 8:49:03 AM Hello Rik,
Your comment is correct, we have updated this demo. Thanks! Added By:
Martin Svärd at:
8/31/2017 3:40:34 AM Hi Konstantin,
I am not able to try this example, even though I register it with Microsoft.
Am I missing something?
And will this work with Microsoft Azure as well, or is it only Microsofts non O365 accounts? Added By:
Dennis (DevExpress Support) at:
8/31/2017 3:55:20 AM @Martin: Thanks for your interest. I've created a separate ticket on your behalf (
T550911: Difficulties when running the T535280 example (OAuth2 authentication)). It has been placed in our processing queue and will be answered shortly.Added By:
Genesis Supsup (QuickZ) at:
10/23/2017 8:56:59 PM Is it possible to implement this in XAF using Windows Forms?Added By:
Dennis (DevExpress Support) at:
10/24/2017 12:02:24 AM @Genesis Supsup: We will answer you in the
XAF - OAuth2 Authentication for WinForms ticket. Thanks.Added By:
Vince G at:
1/21/2018 11:02:19 AM For Google Authentication you will need to enable the Google+ API otherwise the google authentication won't work, that took me a while to debug.