Kentico Xperience + MojoAuth (OIDC)
This guide shows how to integrate MojoAuth with Kentico Xperience (.NET Core) using OpenID Connect. The setup is similar to any ASP.NET Core OIDC client.
- Product: Kentico Xperience (formerly Kentico EMS)
- Protocol: OpenID Connect (OIDC)
- Flow: Authorization Code
- Runtime: ASP.NET Core (.NET 6/7/8)
References
- Kentico Xperience external authentication (OpenID Connect): https://docs.xperience.io/ (opens in a new tab)
- ASP.NET Core OpenID Connect auth: https://learn.microsoft.com/aspnet/core/security/authentication/openid-connect (opens in a new tab)
- MojoAuth Hosted Login Page: https://docs.mojoauth.com/hosted-login-page/ (opens in a new tab)
Prerequisites
- Kentico Xperience ASP.NET Core site
- MojoAuth OIDC application (Client ID, Client Secret, Redirect URI)
- HTTPS domain for your site (required for callback)
Recommended Redirect URI: https://your-site.com/signin-oidc
1) Configure Authentication in Program.cs
Register Cookie and OpenID Connect authentication and wire it with Kentico/ASP.NET Core middleware.
using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.IdentityModel.Protocols.OpenIdConnect; var builder = WebApplication.CreateBuilder(args); var oidc = builder.Configuration.GetSection("Authentication:MojoAuth"); builder.Services .AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme) .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options => { options.Authority = oidc["Authority"]; // https://api.mojoauth.com options.ClientId = oidc["ClientId"]; options.ClientSecret = oidc["ClientSecret"]; options.CallbackPath = oidc["CallbackPath"]; // /signin-oidc options.ResponseType = OpenIdConnectResponseType.Code; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Clear(); options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("email"); options.TokenValidationParameters.NameClaimType = "name"; options.TokenValidationParameters.RoleClaimType = "role"; }); builder.Services.AddControllersWithViews(); var app = builder.Build(); app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.MapDefaultControllerRoute(); app.Run();2) appsettings.json
{ "Authentication": { "MojoAuth": { "Authority": "https://api.mojoauth.com", "ClientId": "your-client-id", "ClientSecret": "your-client-secret", "CallbackPath": "/signin-oidc" } } }Use environment variables or user secrets to store secrets securely.
3) Configure MojoAuth OIDC App
In MojoAuth Dashboard → OIDC App settings:
- Allowed Callback:
https://your-site.com/signin-oidc - Allowed Logout:
https://your-site.com/signout-callback-oidc - Allowed Origins (CORS):
https://your-site.com - Scopes:
openid profile email
4) Trigger Login/Logout
Create simple endpoints or actions to sign-in/out:
[Route("/login")] public IActionResult Login(string returnUrl = "/") => Challenge(new AuthenticationProperties { RedirectUri = returnUrl }, OpenIdConnectDefaults.AuthenticationScheme); [Route("/logout")] public IActionResult Logout() => SignOut(new AuthenticationProperties { RedirectUri = "/" }, CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme);5) Test the Flow
- Navigate to
/login - Authenticate on MojoAuth Hosted Login Page
- You’ll be redirected back and signed in
Troubleshooting
- 404 on
/signin-oidc: Ensure CallbackPath matches and is allowed in MojoAuth - Invalid issuer/audience: Confirm Authority and client settings
- Missing claims: Ensure
profileandemailscopes are requested
Next Steps
- Map OIDC claims to Kentico user/membership
- Protect specific routes/controllers via [Authorize]
- Add role-based authorization via claims