Services Partners Company
Knowledge Base


Article

Restrict google authentication to specific domain

« Go Back

Information

 
EnvironmentProduct: Sitefinity
Version: 10.x
OS: All supported OS versions
Database: All supported Microsoft SQL Server versions
Question/Problem Description
How to configure the Google Authentication provider so it allows only users with accounts in a specific domain?
Steps to Reproduce
Clarifying Information
For information about the hd parameter refer to the Google API Google Developers, OpenID Connect Authentication URI Parameters, https://developers.google.com/identity/protocols/OpenIDConnect#authenticationuriparameters
Error Message
Defect/Enhancement Number
Cause
Resolution
To achieve this the hd parameter needs to be set in the request to Google.

1. Create a custom GoogleAuthenticationProvider
 
using Microsoft.Owin.Security.Google;
using Telerik.Sitefinity.Authentication.IdentityServer.ExternalProviders;

namespace SitefinityWebApp
{
    public class CustomSitefinityGoogleAuthenticationProvider : SitefinityGoogleAuthenticationProvider
    {
        public override void ApplyRedirect(GoogleOAuth2ApplyRedirectContext context)
        {
            context.Response.Redirect(context.RedirectUri + "&hd=domain.com");
        }
    }
}

2. Create a custom AuthenticationProviderInitializer that will use the custom provider
 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols;
using Microsoft.Owin;
using Microsoft.Owin.Security.Google;
using Microsoft.Owin.Security.Notifications;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using Telerik.Sitefinity.Authentication;
using Telerik.Sitefinity.Authentication.Configuration.SecurityTokenService.ExternalProviders;
using Telerik.Sitefinity.Security.Claims;

namespace SitefinityWebApp
{
    public class CustomAuthenticationProviderInitializer : AuthenticationProvidersInitializer
    {
        public override Dictionary<string, Action<IAppBuilder, string, AuthenticationProviderElement>> GetAdditionalIdentityProviders()
        {
            var providers = base.GetAdditionalIdentityProviders();
            if (providers.Any(p => p.Key == "Google"))
            {
                providers.Remove("Google");
            }

            providers.Add("Google", (app, signInAsType, providerConfig) =>
            {
                var googleConfig = providerConfig as GoogleAuthenticationProviderElement;

                if (googleConfig != null)
                {
                    var opt = new GoogleOAuth2AuthenticationOptions
                    {
                        AuthenticationType = googleConfig.Name,
                        Caption = googleConfig.Title,
                        SignInAsAuthenticationType = signInAsType,
                        ClientId = googleConfig.AppId,
                        ClientSecret = googleConfig.AppSecret,
                        Provider = new CustomSitefinityGoogleAuthenticationProvider()
                    };

                    app.UseGoogleAuthentication(opt);
                }
            });

            return providers;
        }
    }
}

3. Register the custom initializer in the Global.asax
 
using System;
using System.Web;
using Telerik.Microsoft.Practices.Unity;
using Telerik.Sitefinity.Abstractions;
using Telerik.Sitefinity.Authentication;
using Telerik.Sitefinity.Data;
using Telerik.Sitefinity.Services;
using Telerik.Sitefinity.Web.Events;

namespace SitefinityWebApp
{
    public class Global : HttpApplication
    {
        protected void Application_Start(object sender, EventArgs e)
        {
            SystemManager.ApplicationStart += this.SystemManager_ApplicationStart;
        }

        private void SystemManager_ApplicationStart(object sender, EventArgs e)
        {
            ObjectFactory.Container.RegisterType<AuthenticationProvidersInitializer, CustomAuthenticationProviderInitializer>(new ContainerControlledLifetimeManager());
        }
    }
}
Workaround
Notes
Last Modified Date4/21/2017 2:44 PM
Disclaimer

The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.



Feedback
 
Was this article helpful?

   

Your feedback is appreciated.

Please tell us how we can make this article more useful.



Characters Remaining: 255