ASP.NET OAuth SSO using WildApricot as OAuth Server

ASP.NET OAuth Single Sign-On (SSO) module gives the ability to enable OAuth Single Sign-On for your ASP.NET applications. Using Single Sign-On you can use only one password to access your ASP.NET application and services. Our module is compatible with all the OAuth compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between ASP.NET and WildApricot as OAuth Provider.

Pre-requisites: Download And Installation

• Download the ASP.NET middleware OAuth 2.0
• Add the miniOrange-sso-configuration folder in your application root directory containing the configuration.json file.
• Add the miniorange-oauth-middleware.dll dependency in your application or just add it to your bin folder of your application.
• Configure the Startup.cs/Program.cs file:
• Add the namespace oauthssomiddleware:
using miniOrange.OAuth;
using Newtonsoft.Json;
• Add the following code snippet in the Startup.ConfigureServices method for using session services:
services.AddSession();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
• Add the following code snippet lines in Startup.Configure method
app.UseCookiePolicy();
app.UseSession();
app.UseAuthentication();
app.UseminiOrangeOAuthSSOMiddleware();
• Run the application when the configuration is done.

Steps to configure ASP.NET Core Single Sign-On (SSO) using Auth0 as IDP

1. Configure Plugin Dashboard

• After integration, open your browser and browse the connector dashboard with the URL below:
https://<your-application-base-url>/?ssoaction=config
• If the registration page or login page pops up, you have successfully added the miniOrange ASP.NET middleware authentication SAML SSO connector to your application.
• Register or log in with your account by clicking the Register/Login button to configure the middleware.

2. Setup WildApricot as OAuth Server

• First of all, Login/Signup in Wild Apricot.
• Login using Admin credentials.
• Under the Apps tab, click on the Authorized applications option to continue.

• Click on Authorize Application as shown below image.

• From the list available select Server Application and click on continue.

• Enter Application name and then click on generate client secret.
• Copy your Client ID and Client Secret and save it in your miniOrange OAuth Client Plugin/Module. (under client id and client secret field respectively).

• Now, scroll down and enter the redirect url which you will get from the miniOrange ASP.NET OAuth Single Sign-On (SSO) plugin.

• Now click on the save button above.
• To collect your account Id, click on the Account tab as shown below image. Copy your account Id under the Billing field to enter it into User Info Endpoint in your miniOrange OAuth Client Plugin/Module.

You have successfully configured Wild Apricot as OAuth Provider for achieving Wild Apricot Single Sign-On (SSO) with ASP.NET for user authentication.

3. Configure OAuth Client

• Configure your OAuth/JWT Server. While configuring your OAuth/JWT server provide the Redirect/Callback URL to your OAuth/JWT Client.
• You will get the Client ID, Client Secret, Authorize Endpoint, Access Token Endpoint, and Get User Info Endpoint from your OAuth/JWT Server. You need to verify the supported scope with the OAuth/JWT Server.
• Please refer to the below table for configuring the scope & endpoints in the plugin.

Scope:	auto
Authorize Endpoint:	https://<your_account_url>/sys/login/OAuthLogin Ex your_account_url is the URL <organization_name.wildapricot.org>
Token Endpoint:	https://oauth.wildapricot.org/auth/token
User Info Endpoint:	https://api.wildapricot.org/v2.1/accounts/<account_id>/contacts/me
Group User Info Endpoint: (Optional)	https://api.wildapricot.org/publicview/v1/accounts/<account_id>/contacts/<contact_id>

• Once you have added this information in the miniOrange ASP.NET OAuth plugin, please click on SAVE and then on Test Configuration. If your Test-Configuration is successful! You will receive your WildApricot attribute as below:

4. Attribute Mapping

• Map Attribute Names provided by your OAuth/JWT Server with your ASP.NET application Attributes given under Attribute Mapping Section and click on Save Attribute Mapping.

5. WildApricot Configuration

• Provide your WildApricot Admin Credentials to fetch the custom data from WildApricot APIs, Checking Forms Authentication will provide user details in User Claims after SSO or you will receive it in Session Variables.

6. Integration Code

• Use the below Integration code to retrieve user information in your application after a successful SSO.
• User Claims (Forms Authentication Checked) [Recommended]:
string name="";
string claimtype="";
string claimvalue="";
if(User.Identity.IsAuthenticated) {
name= User.Identity.Name;
foreach( var claim in User.Claims) {
claimtype = claim.Type;
claimvalue = claim.Value;
}
}

7. Add the following link into your application for Single Sign-On (SSO)

• Use the following URL as a link in the application from where you want to perform SSO:
https://base-url/?ssoaction=login
• For example, you can use it as:
<a href=”https://base-url/?ssoaction=login”>Log in</a>

You have successfully configured ASP.NET OAuth Middleware using WildApricot as OAuth Server.

You can even configure the ASP.NET OAuth Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.

Additional Resources

• DNN SAML Single Sign-On (SSO)
• Umbraco SAML Single Sign-On (SSO)
• ASP.NET SAML Single Sign-On (SSO)
• Web3 login for ASP.NET Applications
• nopCommerce SAML Single Sign-On (SSO)
• DNN REST API Authentication