Authentication

The sensenet as a Service offer is all about making your development work easier and simpler - while still maintaining the security standards expected in an enterprise environment.

For securing repositories hosted in our environment we use IdentityServer4 - the Open Source OpenID Connect and OAuth 2.0 framework for .NET. This is what we recommend when hosting sensenet in your own environment too.

To support this scenario, we have an open source web application built on IdentityServer that you can install locally if you choose to. Please visit this GitHub repository for the source code.

This means that developers who are familiar with OAuth 2.0 and OpenID Connect will be able to start working with our APIs in no time, because our service supports the usual protocols and APIs provided by IdentityServer4.

The authentication workflow

In short, clients will need to connect to an authentication service (dedicated to the repository) for an access token. This token than should be sent to the repository service along every request to make authenticated calls and access secured resources.

Client types

There are two main types of clients when you are authenticating:

  • clients that require per-user authentication: web or mobile applications
  • tool-like clients: console or some desktop apps and B2B use cases

Individual users

In the first case users need to sign in to the application by themselves (either using a username and password or a login service like Google or GitHub). In this case requests (and possible content changes in the repository) are made in the name of the currently signed in user. This is the use case of SPAs (single-page or one-page applications) and most mobile apps.

Tools and server-side apps

Tools on the other hand require a clientid and a secret which acts like a username and password for a dedicated technical user. In this case requests are made in the name of this technical user, regardless of who executes the client application. This workflow is used by synchronization or batch operation tools or in server-to-server communication.

 
 

API keys for 3rd party services

Another way to make authenticated requests to a sensenet service is using API keys. This method was designed to let 3rd party services (for example workflow engines or developer tools) connect ot sensenet without having to go through the authentication process above, simply use a token. Check out the article above to learn more about this subject.

Client technologies

JavaScript

The most common use case is to authenticate from a client-side application written in JavaScript or TypeScript. There is a well-known library that implements the OIDC protocol and does the heavy lifting for you. Please take a look at the following article to learn how can you integrate that into your application:

React

We also have a React library for making the client authentication process even more easier. Please visit the following article for details:

.Net

If you are writing a console or desktop application, or want to make server-side requests from an Asp.Net application to the repository service, you should use our client library to connect to the repository. It has an API for connecting to the authority and requesting an access token.

To learn how to connect to sensenet from .Net, please visit the following tutorial: