Note: This guide describes Kentico CMS version 7. Unfortunately, we cannot support this guide from version 8 forward. Go to latest documentation

Skip to end of metadata
Go to start of metadata

External authentication services

Kentico supports several external authentication methods out of the box. To use them on your site, you have to configure them first (click on respective links for instructions) and place a corresponding web part on a page in your website.

Authenticating users against an external database

You can customize the authentication process to check the submitted user names and passwords against an external database outside of Kentico. For this purpose you can use the SecurityEvents class, which provides these events:

  • Authenticate - fired upon user authentication.

  • AuthorizeResource - fired upon security check for particular module permission.

  • AuthorizeClass - fired upon security check for particular object type or document type permission.
  • AuthorizeUIElement - fired upon permission check for particular UI element.


Using the Authenticate event, you can customize the authentication process by extending the CMSModuleLoader partial class:

public partial class CMSModuleLoader
    private class SampleAuthenticationModuleLoader : CMSLoaderAttribute
        public override void Init()
            SecurityEvents.Authenticate.Execute += Authenticate_Execute;

  private void Authenticate_Execute(object sender, AuthenticationEventArgs e)
            // Check if the user was authenticated by the system
            if (e.User != null)
            UserInfo externalUser = null;
            string username = SqlHelperClass.GetSafeQueryString(e.UserName);
            string password = SqlHelperClass.GetSafeQueryString(e.Password);

            // Path to XML database file
            string xmlPath = HttpContext.Current.Server.MapPath("~/userdatabase.xml");

            // Read data from external source
            DataSet dset = new DataSet();

            // Sample external user credentials
            DataRow[] rows = dset.Tables[0].Select("UserName = '" + username + "' AND Password='" + password + "'");

            // If external user was found, set the UserInfo parameter and authenticate the user
            if (rows.Length > 0) 
                externalUser = new UserInfo();
                externalUser.IsExternal = true;
                externalUser.UserName = username;
                externalUser.FullName = username;
                externalUser.Enabled = true;
            e.User = externalUser;

The crucial in this example is the e.User parameter, which represents the UserInfo parameter of the user being authenticated. Depending on its value, the authentication process can have these outcomes:

  • If the user is found in the Kentico database, then the UserInfo parameter is not null and the user is authenticated normally.
  • If the user is NOT found in the Kentico database (the UserInfo parameter is null), then the system looks into the external database. If the user is found there, the system sets the UserInfo parameter and authenticates this user.
  • If the user is NOT found even in the external database, then the UserInfo parameter remains null and the user is not authenticated.

You can find more information about event handlers in the Global events topic.

Importing users into Kentico

For importing users from external databases into Kentico, you have these options:

  • Using external authentication
    • When a user signs in to Kentico using an external authentication service (e.g., Facebook), the system creates their account in the Kentico database and imports their profiles. See the respective links at the beginning of this page.

  • Importing users using Kentico AD Import Utility
  • Importing users using the Kentico Import Toolkit
In this section