Persist Login Across Sites


In a multisite environment with Azure B2C for login, we were tasked with persisting a user’s login across sites. The plan to accomplish this involves determining when we’re linking to another site in a link provider, appending and passing (securely) the current logged in user when linking over, and determining when we’re coming from another site in a request pipeline.

The first step is to determine when our link is pointing to an item on a different site, and then appending our user information as part of an encrypted query string. We start out by creating a custom link provider, inheriting from Sitecore.Links.LinkProvider.

public class CrossSiteSsoLinkProvider : LinkProvider

 

Our logic will go in the GetItemUrl override. Store the base GetItemUrl first so we can return this if any of our checks fail along the way, otherwise we’ll use it to append our encrypted user later. Then, run through any necessary fail early checks: making sure we’re on CD, the user is logged in etc.

public override string GetItemUrl(Item item, UrlOptions options)
{
    if (item == null)
    {
        Log.Error("CrossSiteSsoLinkProvider.GetItemUrl() - Item is null.", this);
        return string.Empty;
    }

    var baseUrl = base.GetItemUrl(item, options);
    if (Sitecore.Context.Site == null || Sitecore.Context.Site.ContentDatabase != null || !Sitecore.Context.User.IsAuthenticated ||
        Sitecore.Context.Site != null && (Sitecore.Context.PageMode.IsPreview || Sitecore.Context.PageMode.IsExperienceEditorEditing) ||
        item.Name == "__Standard Values")
        return baseUrl;

 

Next, we need to get the current item’s site. How you do this depends on your Sitecore setup. Once you have that, compare with the context site and return the base url if they are the same.

if (itemSite == null || itemSite.Site == Sitecore.Context.Site.SiteInfo)
    return baseUrl;

 

Now that we know we’re linking to another site, we take what we need from the user profile, serialize and encode it, append to a query parameter and return.

var authData = Sitecore.Context.User.Profile.SerializedData as Dictionary;

if (authData == null || authData.Count == 0)
    return baseUrl;

var token = Base64UrlEncoder.Encode(JsonConvert.SerializeObject(authData));

return baseUrl + "?token=" + token;

 

Don’t forget to patch the link provider.


    
      crossSiteSso
      
        
      
    
  

 

With links to our other sites providing the encoded user, we now need to a way to receive that token when the user follows the link. We need to create a request processor.


    
        
            
        
    

...
public class SiteSwitchLoginProcessor : HttpRequestProcessor

 

In our Process override, do some of our standard checks again, and return early if the query parameter we used in the link provider is not present.

public override void Process(HttpRequestArgs args)
{
    if (!Sitecore.Context.PageMode.IsNormal || Sitecore.Context.Database == null || Sitecore.Context.Database.Name != "web")
    {
        return;
    }

    var token = GetQueryString("token", args);

    // If there is no token, then we don't need to do anything.
    if (string.IsNullOrEmpty(token))
    {
        return;
    }

 

Next, we decode and deserialize the user object so it's not exposed.

var identityClaim = JsonConvert.DeserializeObject(Base64UrlEncoder.Decode(token));

 

Once we have this, we can run our normal Sitecore login to authenticate the user. Finally, call our RemoveTokenQuery method, mentioned earlier, to redirect to the requested page minus the encoded user query parameter.

private static void RemoveTokenQuery(HttpRequestArgs args)
{
    var queryString = HttpUtility.ParseQueryString(args.RequestUrl.Query);
    queryString.Remove("token");
    var redirectUrl = args.RequestUrl.AbsolutePath + (queryString.Count == 0 ? string.Empty : "?" + queryString);
    args.HttpContext.Response.Redirect(redirectUrl);
}

 

Now a user can log in on one site, link over to any of our other sites in the same instance and not worry about having to log in again.

 

View more blogs and tutorials about Sitecore

 

Learn about our Sitecore work

 

 

SEARCH ARTICLES

CATEGORIES

Sitecore 144
Commerce 100
Web Development 100
Sitecore Commerce 83
Sitecore Experience Commerce 9 64
Sitecore Experience Commerce 59
Content Management 55
eCommerce 48
B2B eCommerce 42
Sitecore Experience Platform 39
Sitecore Platinum Partner 39
Architecture 34
Insite 29
User Experience 26
Strategy 22
B2C eCommerce 21
B2B Commerce Blogs 21
commerceconnect 21
CloudCraze 20
SaaS (Software as a Service) 20
Cloud 17
Commerce Server 17
Salesforce B2B Commerce Cloud 16
Mobile 13
Search 13
Plugins 12
Analytics 12
Application Development 12
Digital Transformation 11
Sitecore Symposium 11
SPEAK 10
Helix 10
DMS 8
Social 8
Business Process 7
Authentication 7
5 Reasons 7
BI and Big Data 6
Data Visualization 6
Sitecore Presentation 6
Coveo 6
NET Development 5
Microsoft Azure 5
Automation 5
Front-End Development 4
SaaS (Software as a Service) 4
Digital Strategy 4
Brightcove 4
Press Release 4
Avalara Tax 3
Sitecore Experience Accelerator (SXA) 3
Sitecore Layouts 3
Video 3
SPE 3
Multi-site 3
Multi-lingual 3
Accessibility 3
Habitat 3
Vault 3
Identity 2
Managed Services 2
CDN 2
SMB 2
Cryptocurrency 2
Sitecore Forms 2
Sitecore Experience Commerce 9 Promotions 2
Uncategorized 2
EXM 2
Conversational Commerce 2
Sitecore SaaS 2
Security 2
Unit Testing 2
Headless Architecture 2
Sitecore Experience Awards 2
Google 1
Content Delivery Network 1
Configure Price Quote 1
CPQ 1
Blockchain 1
Coupons 1
Sitecore Rss 1
Artificial Intelligence 1
Machine Learning 1
Okta 1
RFP Process 1
NoSQL 1
Flex Accelerator for Sitecore 1
Reviews 1
SEO 1
Page Labels 1