Xperience by Kentico – Configure Authentication

Creating a restricted area on your website or build a full portal for users.

By Danny Paul van Iersel, 07-05-2024

Restricting pages

When going through the UI of Kentico we came across the properties section of a page.

Under “Security” there is the option “Require authentication”. With the information “Only authenticated members can access this item.”

As curious Developers we need to try this feature out. By checking the box and trying to access the page.

Admin UI restrict pages

There are some implementations we need to do to make it all work. The upside is that we can no longer access this page:

Access Denied page

Login with External Authentication (aka Social login)

For authentication we can use all sorts of libraries that can use OAuth logins.

Most of the Social platforms provide an option to register your application and have your application use their users to access your system.

Some of the most used implementations are:

  • Google
    • Using: “AspNetCore.Authentication.Google
  • Facebook
    • Using: “AspNetCore.Authentication.Facebook
  • X (before known as Twitter and some code still use it as Twitter)
    • Using: “AspNetCore.Authentication.Twitter
  • Microsoft
    • Using: “AspNetCore.Authentication.MicrosoftAccount
  • Azure B2C
    • Using: “AspNetCore.Authentication.OpenIdConnect
  • WeChat

For our example we have a connection with Microsoft Active Directory.

We use the “Microsoft.AspNetCore.Authentication.MicrosoftAccount” package. To find out more about the package and dependencies you can look at the NuGet package: https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.MicrosoftAccount/8.0.4


Starting with registration of your application at the External Provider

In your Azure Subscription go to your Microsoft Entra ID (previous Azure Active Directory).

Microsoft Entra ID

At the “App registrations” add a new registration to enable your application to use this active directory.

Fill in the form by providing the Name, Supported account types and Redirect URI:
Register application at Microsoft Entra ID

Then press the register button at the bottom of the screen.

At the Authentication section of your app make sure you enable the Access Token and ID Token:

Configure Authentication Microsoft Entra ID

On the “Certificates & Secrets” create a new Client Secret. Make sure once you have created this Secret to store your Secret value on a safe place.

Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page.

You can read the steps from the official website of Microsoft at: (here you will also find the implementation of other providers)


Register authentication in your application

Inside the “Program.cs” of your application:

We need to configure the Identity.

Code configure identity

Next, we need to add our Authenticator middleware.

Important note: below code only shows where the location of your key needs to be placed. It is strongly advised that you make sure the secrets are stored in a safe place. See recommendations from Kentico:

A good way to store this info would be to use Azure Key vault: https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-8.0#secret-storage-in-the-production-environment-with-azure-key-vault

Code Microsoft Account Options

If you want to use more authentication providers, you can easily add them. Just make sure you add the correct NuGet package for “Microsoft.AspNetCore.Authentication.*

Code multiple providers

We have started from a clean solution but one thing you must not forget is to have the routes configured correctly.

Code configure route

Create and use an Account component

We created an Account component. A page where all our login options are displayed, and the handling of our authentication requests will be configured.

For demo purposes we have kept the login as a separate page. We could also make this a component and reuse it on other pages.

Create a new Content Type: Account.

Create a new View with the following code:

Code view Sign in providers

The output will show all the possible providers we have configured. Your users can then select which provider they want to use to login.

Sample view list of providers output

Once we click on 1 of the buttons we are redirected to the login page of that provider.

The user then fills in their account information and login.

It redirects us back to our site where we will handle our user sign in.

In our “AccountContoller.cs”:

(The full code of the account controller can be found on the Kentico website: https://docs.kentico.com/developers-and-admins/development/registration-and-authentication/external-authentication#implement-the-authentication-flow)


We have our Post method to redirect to the authentication provider:

Code handle provider External Sign In

And our Callback when we get back to our website to sync the user info:

Code handle Provider Callback

We made 1 additional code change for when we are not yet logged in and navigate to a restricted page, we get an access denied. Our URL “https://YOUR.Domain/Account/AccessDenied”.

We created a new AccessDenied page in Kentico and redirect to this page that we can then give the content and styling that we want.

Code redirect access denied page


Once the Authentication Providers have been configured and your Account controller is setup, it is easy to maintain, add or remove providers.

Every Provider has their own way of registrations for your application, but in general they use the same principles.

Do you want to start your own website and have a restricted area for your users? At Blastic we are happy to help you out and get your Portal configured correctly.

Get in Touch

Ready to take your digital experience to the next level? Feel free to contact us to learn more about our services and how we can help you leverage the full potential of your digital marketing.

Tell us about your project

And we'll come up with a tailor-made solution

Get in touch with one of our consultants to find the perfect match that fits your needs and enables you to grow.

Cookie Policy

Our site uses cookies to improve the website experience. By using our website, you agree to our use of cookies. Click here for more information.

Save preferences