Migration of Database Users using Auth0 and Kentico 12 MVC | Part 3 - Exposing the World of Auth 0

By Darian Bonnell on April 22, 2019

Migration of Database Users using Auth0 and Kentico 12 MVC | Part 3 - Exposing the World of Auth 0

Exposing the World of Auth0

Recap

Before we begin on this part of the series, let’s quickly take a look back at what we talked about before. If you remember, part 1 of the series, Introduction, showed the end result of this whole process and part 2, Behind the Curtain - ASP.NET 2.0 Membership, covered the setup of the database we were migrating from, which leads us now to part 3 of our series, Auth0. 

Auth0

Auth0 is one of the easier authentication/authorization platforms on the market today and was pretty easy to set up. While the setup not that difficult, as you will soon find out, I did have some trouble understanding the entire workflow of the authentication process.

The Workflow

This is using two unique applications to show a Single Sign-On flow between the two using Auth0.



Let me walk through each step individually here, and then we will concentrate on just a few of them.
  1. User Calls a Web Application (or any type of application that has a resource that requires authorization, such as a Controller route in MVC in your Kentico 12 instance)
  2. Web App redirects to Auth0 for Authentication
  3. Auth0 checks if a token (or a cookie) is available. If not, the application will force the user to login. Auth0 provides some great documentation on cookie and token-based authentication.
  4. On login via the Universal Login hosted by Auth0, check if the user exists in the Auth0 database. If the user does not exist, go to an external database and check for that user with matching password and migrate them into Auth0
  5. Return token from Auth0 to calling web application
  6. Authenticate the calling web application
  7. Store the token as a secure cookie
  8. User browses to a Kentico Web Application using Auth0 and attempts to login
  9. Kentico redirects to Auth0 for Authentication
  10. Auth0 checks if a token is available, if a token is not available force the user to login
  11. On login, check if the user exists in the Auth0 database. If the user does not exist, go to an external database and check for that user with matching password and migrate them into Auth0
  12. Return token from Auth0 to calling web application
  13. Authenticate the calling web application
  14. Create the User in Kentico if they do not exist already
  15. Update the Role of the User that is passed in the Token. If the role doesn’t exist, create it first before assigning the user.
  16. Store the token as a secure cookie for SSO purposes
Now that I have walked through the entire process, we will first set up an Auth0 instance and then concentrate on steps 10 and 11.

Initializing Auth0

Before we can dive too deep into the magical parts of Auth0, we first need to set up an instance to use. Auth0 has lots of documentation on how to do this, so we will not spend too much time here, but I will make note of a couple of areas. 

When creating a new application, we will also need to create a new database connection. While there is one out of the box, I like to start fresh when I set these things up. The most important part of our newly created database is making sure that we turn on the Use my own Database option under the Custom Database tab ... 



and the Import Users to Auth0 option under the Settings tab.



Once we turn on these features, we now have the ability to setup Custom Database Action Scripts. We are going to be looking at the Login script in just a short bit. Before we get there, we need to make sure we set up one other item. The database we just setup needs to be associated with the application that was set up. To do this, make sure you enable the database under the Connections tab.

Scripting Magic

As we saw in the workflow above, once a user logs into the database using Auth0, a couple of scripts will run that will create the user in Auth0 if they do not exist, and will also associate a role for that user that was passed from the ASP.NET 2.0 Membership database. Let’s take a  look at these scripts now. 
 

Login Script

The first script that will execute is the Login script associated with the database connection that we set up in the steps above. This script is written in Node.js, and will execute IF and ONLY IF the user does not currently exist in the Auth0 database. This script will connect to our ASP.NET Membership database and grab the existing user and their password and then migrate them into the Auth0 database. 



The connection information in the script is what is necessary to connect to the ASP.NET 2.0 Membership database, including the server it is located on, and a username and password that is required to connect to the database.

Set Role to a User

The second script that will execute will be located under the Rules section. We will have to create a new rule. Make sure the rule is enabled once it has been created.



If you want, you can choose a rule template at this time. I chose the Set Roles to User template. Much of this will be changed with the script that is added here. 



Conclusion

Now that we have successfully setup Auth0, once we login to our Auth0 tenant from a web application with a user that exists in the ASP.NET 2.0 Membership database, the user will be created in Auth0 and their associated role will also be created. 



In part 4 of the series, I will show you how we can tie this all together with our Kentico 12 MVC application. We will do this by creating the user we just added to Auth0, creating the user’s role if it does not exist, and then assigning the user to that role. 

Share This Post:

Twitter Pinterest Facebook Google+
Click here to read more Kentico posts
Start a Project with Us

About the author

An outgoing and energetic individual, Darian has been working in the tech industry for over 20 years. In that time, he has worn many hats including quality assurance, development, sales, and architecture. While his goal is to continually make his job enjoyable for the clients and co-workers he works with, Darian knows when and how to get the important tasks completed to move projects forward. When not working, Darian loves going on dates with his wife and playing with his three, young daughters.

View other posts by Darian

Subscribe to Email

Enter your email address to subscribe to the BizStream Newsletter and receive updates by email.



‚Äč