Owin membership and role provider for EPiServer


Owin membership and role provider for EPiServer

Owin membership and role provider for EPiServer


To begin with, I have added a showcase project using Google authentication.

To use the project the moment it's downloaded, you'll need to get yourself a Google ID and secret (and add those to appSettings.config file). For that to work, you'll need to set up a Google project and pay 5$ a year (or a couple of bucks more) to get five included email accounts. In other words, if you just want to play around, you'll need to check Startup.cs file to change the authentication from Google to something else.

Useful links

For anyone who want to understand claims based authentication and Owin middleware better, I'd suggest the following links:

UPDATE 2017: Episerver has released a better support for Owin, which makes this solution obsolete for newer versions of Episerver!

Solution -> projects breakdown

The solution is divided into three projects:

  • EPi.Owin.ShowCase.Web -> empty MVC project with Start page
  • EPi.Owin -> membership/role providers and helper services
  • EPi.Owin.Setup -> OwinStartup class with Google authentication


The most interesting is EPi.Owin. This class library contains only packages used for Owin, there are no dependences to EPiServer. Membership/role providers read from EntityFramework DB and write (if allowed) based on some rules.


EPi.Owin.Setup is there simply to separate the membership/role provider from the choice of underlying identity provider. Hence, this project contains Microsoft.Owin.Security.Google and related packages. Startup.cs is the class to change. This is where the setup occurs.


EPi.Owin.ShowCase.Web is, as the name suggests, a showcase web project with only two controllers - AccountController and StartPageController. Account controller does the login magic. StartPageController is simply there to create a website. Start is protected with a EPi_AllUsers role (that's how I set it up, it's also commited); visiting the site will lead you to /Account.

Additionally, this solution contains:

  • Important appsettings inside web.config - required for the project to work
  • RouteConfig - registers route for /Account
  • Views for Account and StartPage
  • web.config setup for authentication, membership/role providers and Logoff handler for EPiServer logout button to work, as well as EPi_WebAdmins role for locations where applicable.

Before using the project(s)

Before doing any kind of copy/paste (unless you are already very familiar with how Owin works), I'd suggest you read and listen to tutorials listed in the right column. There, you will find a couple of links that helped me understand Owin and claims based authentication better.

Also, please note that account controller doesn't contain all the steps that a default MVC project with authentication contains (choosing the IP for login, confirmation from user to allow the app to use the information from the Identity Provider, two-way authentication...). I didn't need that, so I excluded it. Additional claims transformations in AccountController need to be rewritten based on project requirements.

I'll be blogging more about specific features for logging into admin mode in the next couple of days...