The DNN Platform distribution includes four optional Authentication Providers that conform to the OAuth V2 standard
. Using these third party Authentication Services for your site leverages the controls these large companies have put into place to verify users and combat spammers, in some cases with the additional benefit of two factor authentication.
If you choose to disable the Default Authentication, make sure you authorize User's who have logged on with one of these providers and added to the Admin group for the portal, and promoted one to Super Users for the Host. Otherwise you will need to edit some SQL tables later.
DNN Set Up
The modules can be installed from the Host Extensions menu option, then selecting the Available Extensions tab and scrolling down to Authentication Systems. Other DNN OAuth V2 Authentication System providers may be available on either https://www.dnnsoftware.com/forge or http://store.dnnsoftware.com.
Once the extension is installed, it must be setup for each portal under the Admin Extensions menu options, using the "edit this extension" feature. The provider will need, at minimum, an App ID and App Secret supplied from the third party authentication system, and the provider will need to be marked as enabled. In order to get an app id and app secret, your site will need to be added as an application on the authentication system. Each authentication system's setup is a little different, documented further below
is a short description of how to setup the app for each of the standard Authentication Providers.
Configuration of Registration Options in Site Settings
All Current DNN Versions
Users who authenticate on DNN through an OAuth V2 security provider, whether by selecting the Register or Login option, are automatically added to the DNN User Accounts, regardless of the registration option, once the other system has verified the user as valid on that system. There are some differences in how these accounts are treated in different versions of DNN , and there are some variations between types of OAuth V2 accounts.
DNN 7.4.0 User Registration: None
results in the user being added to the User Accounts as un-Authorized
. User is returned to home screen the first time they try to login without being logged in. Subsequent attempts to login either returns them to the login screen as not logged in, or to the home screen as not logged in and the message is displayed that a critical system error has occurred. User Registration: Private
results in the user being added to the User Accounts as un-Authorized
. The user sees a message that an email has been sent to the System Administrator with their details for approval. If the user attempts to log in before it is approved
, they will not be logged in and may see a message that 'a critical system error has occurred.'User Registration: Public
the user is added to the User Accounts as Authorized
. User can login at any point now, with the default roles assigned to authorized users.User Registration: Verified
the user is added to the User Accounts as un-Authorized
. They see a message that an email has been sent to them for verification. If they try to login before they verify their account, they are able to login but only see pages for unverified users. After clicking the link sent to them in email, their account is Authorized
and they have the default roles assigned to authorized users. Note that the only advantage of this approach versus public, is that you are assured that the user does received emails at the email address associated with their Authorization Service.
Authentication Service Instructions
1) Login to facebook and goto http://developers.facebook.com/
2) From My Apps select Add a New App
3) In the popup select Website
4) Type in an app name (i.e. dnndev.me) and in the pop up select a category
5) Enter the URL of your site (i.e. www.contoso.com), click next
6) Select Skip Quickstart
7) Select Settings
8) On the basic tab, copy the App ID and App Secret which you will paste into the DNN Facebook Authentication Provider settings
9) Select the Advanced Tab
10) (Currently Optional) Add a return url to the Valid OAuth redirect URIs. This is normally http://yourwebsiteurl/login (e.g. http://www.contoso.com/login)
11) SAVE CHANGES
You are now ready to configure the settings for the DNN Facebook Authentication Provider
1) Logon to https://code.google.com/apis/console with your google credentials
2) Goto APIs & auth -> Credentials
3) Create new Client ID
4) Select Web application
4a) Provide your domain (e.g. http://www.contoso.com)
4b) Provide your redirect uri(s) (e.g. http://www.contoso.com/Login) - Note that Login is case sensitive. If in doubt, you can add several URIs (http://www.contoso.com/Login http://www.contoso.com etc)
5) Copy the Client Id (i.e. 5793752905.apps.googleusercontent.com) to your module App ID setting
6) Copy the Client Secret to your module App Secret setting
If you provided the wrong URI for you DNN implementation, a user will see an error screen after
providing that states the redirect uri was incorrect and will display the uri Google was expecting to see. Copy this and paste it into the redirect uri in the google console screen.
1) Login to https://dev.live.com with Microsoft Account (windows live) user id and password
2) Click on Dashboard Link at top of page.
3) Create a new application (default screen if you do not already have applications)
4) Fill out the optional information on the Basic Information tab (Application Logo, TOS & Privacy URLs)
5) IMPORTANT : Select API Settings and add Redirect URLsURL is where Live is called from, on DNN this is usually http://yourdomain/login (e.g. http://www.contoso.com/login)
6) Copy Client ID from App Settings Tab to your DNN settings
7) Copy Client secret from App Settings Tab to your DNN settings
An Invalid Redirect URL can result in user's receiving the error before
being able to type in a user id and password.
We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later
1) Logon to twitter and navigate to https://dev.twitter.com/apps
2) Select option to create an app
3) Enter a unique (to twitter) Application Name
4) Enter a Description of that will be shown to users signing in
5) Enter the url of your website (eg http://www.contoso.com)
Note: localhost will not work, but 127.0.0.1 will
6) Enter the Callback url, normally yourdomain/login (eg. http://www.contoso.com/login)
7) Agree to the Developer Agreement
8) Navigate to the Keys and Access Tokens page
9) Copy the API Key and API Secret to the DNN app settings
Note: Twitter does not return an email address and will result in errors if your portal settings are configured to send notifications to the user. Therefore Twitter should only be used with the Public registration option, as of DNN 7.4, this results in an exception being displayed the first time the user log's in, however they are able to login afterwards.