WordPress SSO using ASP.NET as OAuth Server | WP SSO

WordPress is a free and open-source content management system (CMS) which is used to built websites using templates available in WordPress. One can have secure access into WordPress applications by configuring WordPress Single Sign-On (SSO) using ASP.NET as OAuth Server. By the end of this guide, you would be able to SSO into WordPress using ASP.NET as OAuth Server. To know more about other features we provide in ASP.NET SSO plugin, you can click here.

Pre-requisites: Download and Installation

1. Installation Steps for ASP.NET OAuth

• Extract the asp-net-oauth-openid-server.zip after which you will see the following files
  

1. mo_asp_net_oauth_server.dll - Add this DLL file in the "bin" folder (where other DLL files exist). Follow the steps in the integration.md file to register the mo_asp_net_oauth_server module in your application.
2. oauth.config - Add this configuration file in your application's root directory.
3. integration.md - An integration file with instructions for integrating the module into your application.

• After the integration, open your browser and go to the URL below to view the module's dashboard:
  https://<your-application-url>?ssoaction=config
• If the registration or login page appears, you have successfully integrated the miniOrange OAuth SSO module with your application.

• Register or login after configuring the SSO module.

2. Installation Steps for WordPress OAuth Single Sign-On (SSO) plugin

• Log into your WordPress instance" B " as an admin.
• Go to the WordPress Dashboard -> Plugins and click on Add New.
• Search for a WordPress OAuth Single Sign-On (SSO) plugin and click on Install Now.
• Once installed click on Activate.

Steps to configure WordPress SSO using ASP.NET as OAuth Server

1. Connect ASP.NET module with Database

• To connect the module with the database, click on Database Settings, fill in all the required fields and click on Connect.

2. Configure ASP.NET as OAuth Server

• Under Plugin Settings click on Add Client to add a new OAuth client.

• Enter the Client Name and Redirect/Callback URL from your WordPress application in the respective fields and hit Save.

• Note down the Client ID and Client Secret to configure your OAuth Client and paste these values here.

3. Login Setup

• Click on Login Setup to fill App login URL and Encryption Key fields and hit Save.

• In the Login Setup tab, you can fill the details as follow:

A] App Login URL:

• This will be the URL of your page where you authenticate your users. Basically the login page of your website.
• After authentication in your application you have to store the userdata in An authentication cookie “authusercookie”. This cookie will be used to make OAuth tokens and send the data to WordPress.
• Please refer to the “Sample Code” as below:
protected void AuthenticateUser(object sender, EventArgs args)
 {   if(User.IsAuthenticated)   {   string redirect_to = "";   HttpCookie cookie = Request.Cookies["authusercookie"];   if (cookie == null)   {    cookie = new HttpCookie("authusercookie");   }   cookie.Values["username"] = encrypt(User.username);   cookie.Values["email"] = encrypt(User.email);   cookie.Values["firstname"] = encrypt(User.firstname);   cookie.Values["lastname"] = encrypt(User.lastname);   cookie.Values["uid"] = encrypt(User.ID);   cookie.Expires = DateTime.UtcNow.AddMinutes(10);
  // overwrite the cookie   Response.Cookies.Add(cookie);   if (Session["redirect_to"] != null)   {   redirect_to = Session["redirect_to"].ToString();   Response.Redirect(redirect_to);   Response.End();   }   Session["userauthenticated"] = "true";   if (Session["redirectUrl"] != null)   redirect_to = Session["redirectUrl"].ToString();   Response.Redirect(redirect_to);   Response.End();   }   else   {   Response.Write("Username or Password isinvalid");   Response.End();   }  }

B] Encryption Key:

• For encrypting the data inside the cookie use the following code:
static public string encrypt(string data) {   string encryptionKey =   "AudUWDAIm4BC2MijzRKDndSOEJwwdYemGm/hihuchxl5ORgwnuT3mQ==".Trim();   encryptionKey = encryptionKey.Substring(0, 24);   byte[] resultArray;   byte[] inputArray;   inputArray = UTF8Encoding.UTF8.GetBytes(data);   TripleDESCryptoServiceProvider tdes = newTripleDESCryptoServiceProvider();   tdes.Key = UTF8Encoding.UTF8.GetBytes(encryptionKey);   tdes.Mode = CipherMode.ECB;   tdes.Padding = PaddingMode.PKCS7;   ICryptoTransform itrans = tdes.CreateEncryptor();   resultArray = itrans.TransformFinalBlock(inputArray,0,inputArray.Length);   tdes.Clear();   return Convert.ToBase64String(resultArray, 0,resultArray.Length); }
• You will be required to use the same encryption key to be used as the Encryption Key in Login Setup tab.

4. Attribute Mapping

• Once the user is authenticated, you will be required to store the user data in the session variables. In the ASP.NET plugin, enter the session keys under the Attribute Mapping section that you will require on your WordPress site. Then click on Save Attribute Mapping.

• Note:All mapped attributes will be stored in the session so that you can access them in the application.

5. Configure WordPress as OAuth Client

• Install WordPress Single Sign-On (SSO) as OAuth Client plugin from here.
• Go to Configure OAuth tab and click Add New Application to add a new client application.

• In the setup wizard, search for "Custom OAuth" and select Custom OAuth 2.0

• After selecting the provider copy the Callback URL which needs to be configured in OAuth Provider's SSO application configuration.
• Enter the Client Credentials like Client ID & Client Secret which you will get from the ASP.NET SSO application.
• Please refer the below table for configuring the scope & endpoints for ASP.NET in the plugin.

Application Name:	ASP NET
Client ID & Secret:	Click here
Authorize Endpoint:	https://<your-aspnet-app-url>/api/moserver/authorize
Token Endpoint:	https://<your-aspnet-app-url>/api/moserver/token
User Info Endpoint:	https://<your-aspnet-app-url>/api/moserver/userinfo
Scope:	profile, email

• Click Next.

• Verify the configuration details and click on Finish to save the configuration.

6. Test Configuration

• After you've saved your setup, click the Test Configuration button to see if you've done everything correctly.

7. User Attribute Mapping

• User Attribute Mapping is mandatory for enabling users to successfully login into WordPress. We will be setting up user profile attributes for WordPress using below settings.
• Go to Attribute / Role Mapping tab, under Username dropdown, select the unique user attribute from ASP.NET to create SSO users in wordpress.

In this Guide, you have successfully configured WordPress Single Sign-On (SSO) using ASP.NET as OAuth Server and WordPress as OAuth Client using our ASP.NET OAuth Server plugin. This solution ensures that you are ready to roll out secure access to your ASP.NET application using your WordPress site credentials within minutes.