How to skip login screens during development for Umbraco 13 Users and Members

When you do development in Umbraco, it's kind of annoying to have to log in on your local development environment. You might be developing with a local Sqlite database and you're really not dealing with any confidential data, or you're developing a plugin and you just have a small website running locally to test on. In those cases it's convenient if you can just skip the login. In this small tutorial, I will show you how to create a "developer login" for backoffice users and for members, so you can log in with just the press of a button.

⚠️ Warning
Be extra careful when following this tutorial. This code is meant to be used for local development only! Make sure you don't accidentally take this code into production.

How does it work?

The result of this tutorial is a button in the backoffice that says "Log in with Developer login". When you press the button, you automatically get logged in as one specific user, specified in code or in your user secrets.

We make this work by pretending as if our developer login is an external login provider. This external login provider loops back to a local authentication handler, which selects a user using a config and logs you in as if you're logged in with an external provider. Umbraco's internal logic will then automatically log you in as that specific user.

To do this, we need the following components:

  • A remote authentication options model
  • An authentication handler
  • Login provider options for Umbraco
  • Extension method to register the necessary components in the dependency injection container

Developer login for the backoffice

We'll start by defining a model, like so:


internal sealed class AutoLoginOptions
    : RemoteAuthenticationOptions
    public const string AuthenticationScheme = "AutoLogin";

    // πŸ‘‡ This will be the email adres of the user that we want to log in as
    public string? UserEmail { get; set; }
Then, we add an authentication handler to handle this type of authentication. Here is where the actual magic happens:


internal sealed class BackofficeAutologinAuthenticationHandler(
    IOptionsMonitor<AutoLoginOptions> options,
    ILoggerFactory logger,
    UrlEncoder encoder,
    IHttpContextAccessor httpContextAccessor,
    IBackOfficeUserManager backOfficeUserManager,
    IBackOfficeSignInManager backOfficeSignInManager,
    IWebHostEnvironment webHostEnvironment)
        : RemoteAuthenticationHandler<AutoLoginOptions>(options, logger, encoder)
    // πŸ‘‡ The challenge is to redirect to our authentication handler.
    protected override Task HandleChallengeAsync(AuthenticationProperties properties)
        HttpContext httpContext = httpContextAccessor.GetRequiredHttpContext();

        return Task.CompletedTask;

    protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
        const string AuthenticationScheme = "Umbraco." + AutoLoginOptions.AuthenticationScheme;
        HttpContext httpContext = httpContextAccessor.GetRequiredHttpContext();

        // πŸ‘‡ Using guard clauses, we make sure that this logic is only run in development mode and only for requests from localhost.
        if (!webHostEnvironment.IsDevelopment()) return HandleRequestResult.NoResult();
        if (!httpContext.Request.IsLocal()) return HandleRequestResult.NoResult();

        // πŸ‘‡ The return URL must ALWAYS be a relative local URL and must always start with /umbraco.
        string originalReturnUrl = httpContext.Request.Query["returnUrl"].FirstOrDefault() ?? "/umbraco";
        if (!originalReturnUrl.StartsWith("/umbraco", StringComparison.OrdinalIgnoreCase)) originalReturnUrl = "/umbraco";
        string returnUrl = originalReturnUrl;

        // πŸ‘‡ We need to make sure that a user is configured for logging in. Alternatively, you can hardcode a user email or user id here
        if (string.IsNullOrWhiteSpace(Options.UserEmail))
            throw new InvalidOperationException("Unable to log in with auto login, because no user email has been specified in config");

        BackOfficeIdentityUser identityUser = await backOfficeUserManager.FindByEmailAsync(Options.UserEmail)
            ?? throw new InvalidOperationException("The user with the configured email address could not be found");

        // πŸ‘‡ Everything below here is what is required to let Umbraco know that we've logged in with an external provider.
        AuthenticationProperties properties = backOfficeSignInManager.ConfigureExternalAuthenticationProperties(AuthenticationScheme, returnUrl, Constants.System.RootString);
        System.Security.Claims.ClaimsPrincipal principal = await backOfficeSignInManager.CreateUserPrincipalAsync(identityUser);

        AuthenticationTicket ticket = new(principal, properties, Constants.Security.BackOfficeExternalAuthenticationType);

        return HandleRequestResult.Success(ticket);
Next, we create an options provider model so that Umbraco knows that this login method exists:


public class BackofficeAutologinProviderOptions
    : IConfigureNamedOptions<BackOfficeExternalLoginProviderOptions>
    public void Configure(string? name, BackOfficeExternalLoginProviderOptions options)
        if (!string.Equals(name, "Umbraco." + AutoLoginOptions.AuthenticationScheme, StringComparison.Ordinal))


    public void Configure(BackOfficeExternalLoginProviderOptions options)
        // πŸ‘‡ You may choose to enable auto-redirect. In that case the login menu is skipped entirely
        options.AutoRedirectLoginToExternalProvider = true;
        options.AutoLinkOptions = new ExternalSignInAutoLinkOptions(true);
Finally, we need to register our custom authentication method in the dependency injection container. For that, we'll make an extension method and then call that extension method in our application startup:


internal static class BackofficeAutologinExtensions
    public static IUmbracoBuilder AddAutoLogin(this IUmbracoBuilder builder)

        // πŸ‘‡ You want to make sure that this value is configured in your secrets
        string? userEmail = builder.Config.GetValue<string>("Autologin:Backoffice:Email");

        // πŸ‘‡ If no user email is configured, it's no use setting this up. In that case: do an early return
        // Thanks to Sven Geusens for the suggestion
        if (string.IsNullOrWhiteSpace(userEmail))
            return builder;

        builder.AddBackOfficeExternalLogins(logins =>
            logins.AddBackOfficeLogin(authBuilder =>
                authBuilder.AddRemoteScheme<AutoLoginOptions, BackofficeAutologinAuthenticationHandler>(authBuilder.SchemeForBackOffice(AutoLoginOptions.AuthenticationScheme)!, "developer login", alOptions =>
                    alOptions.CallbackPath = new PathString("/umbraco-auto-login");
                    alOptions.UserEmail = userEmail;

        return builder;
The call is wrapped inside #if DEBUG to ensure that autologin is only added to your collection when running debug builds. This is yet another layer to ensure that your autologin doesn't accidentally makes its way into production.

If you've done everything correctly, you should now find an additional button in your Umbraco backoffice login screen like this:

Screenshot of Umbraco's login screen with the auto-login button

Developer login for members

You can do the same trick for a login with members. The principles are the same:

  1. Pretend to be an external login provider
  2. Challenge by redirecting to a custom authentication provider
  3. Create an external login cookie
  4. Let Umbraco handle the magic

So let's go through the components once more:


internal sealed class MembersAuthologinAuthenticationHandler(
    IOptionsMonitor<AutoLoginOptions> options,
    ILoggerFactory logger,
    UrlEncoder encoder,
    IHttpContextAccessor httpContextAccessor,
    IWebHostEnvironment webHostEnvironment,
    IMemberManager memberManager,
    IMemberSignInManager memberSignInManager,
    IUmbracoContextFactory umbracoContextFactory)
        // πŸ‘‡ Notice that we're re-using the same options model. We do this, because the options are the same
        : RemoteAuthenticationHandler<AutoLoginOptions>(options, logger, encoder)
    protected override Task HandleChallengeAsync(AuthenticationProperties properties)
        // πŸ‘‡ The challenge is to redirect to our authentication handler url
        HttpContext httpContext = httpContextAccessor.GetRequiredHttpContext();
        httpContext.Response.Redirect(Options.CallbackPath + "?returnUrl=" + HttpUtility.UrlEncode(properties.RedirectUri));

        return Task.CompletedTask;

    protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
        const string AuthenticationScheme = Constants.Security.MemberExternalAuthenticationTypePrefix + AutoLoginOptions.AuthenticationScheme;
        HttpContext httpContext = httpContextAccessor.GetRequiredHttpContext();

        // πŸ‘‡ We ensure that we're running in development mode and the request is from a local source so that we know for certain that this is not used outside of a development environment
        if (!webHostEnvironment.IsDevelopment()) return HandleRequestResult.NoResult();
        if (!httpContext.Request.IsLocal()) return HandleRequestResult.NoResult();
        if (string.IsNullOrWhiteSpace(Options.UserEmail)) return HandleRequestResult.NoResult();

        // πŸ‘‡ In this case, the return URL depends on your application. Make sure you cannot do open redirects to external domains
        string? originalReturnUrl = httpContext.Request.Query["returnUrl"].FirstOrDefault();
        if (originalReturnUrl is null || !originalReturnUrl.StartsWith("/", StringComparison.OrdinalIgnoreCase)) originalReturnUrl = GetDefaultReturnUrl();
        string returnUrl = originalReturnUrl;

        MemberIdentityUser identityUser = await memberManager.FindByEmailAsync(Options.UserEmail)
            ?? throw new InvalidOperationException("It's not possible to automatically log in because the member with the given email adres doesn't exist.");

        // πŸ‘‡ When everything checks out, we create a login cookie for external logins and call the authentication a success
        AuthenticationProperties properties = memberSignInManager.ConfigureExternalAuthenticationProperties(AuthenticationScheme, returnUrl, identityUser.Id);
        System.Security.Claims.ClaimsPrincipal principal = await memberSignInManager.CreateUserPrincipalAsync(identityUser);

        AuthenticationTicket ticket = new(principal, properties, IdentityConstants.ExternalScheme);

        return HandleRequestResult.Success(ticket);

    private string GetDefaultReturnUrl()
        // πŸ‘‡ In my scenario, the root URL is the default, in case no redirect URL is provided
        return "/";
public class MembersAutologinProviderOptions
    : IConfigureNamedOptions<MemberExternalLoginProviderOptions>
    public void Configure(string? name, MemberExternalLoginProviderOptions options)
        // πŸ‘‡ Using the "UmbracoMembers." prefix, is a signal for Umbraco that this signin method is for members.
        // Umbraco prefixes your external logins during registration
        if (!string.Equals(name, "UmbracoMembers." + AutoLoginOptions.AuthenticationScheme, StringComparison.Ordinal))


    public void Configure(MemberExternalLoginProviderOptions options)
        // πŸ‘‡ Autolinking is the easiest way to set this up. Now you don't have to explicitly enable developer login for your member (which cannot be done in the backoffice, unlike backoffice users)
        options.AutoLinkOptions = new MemberExternalSignInAutoLinkOptions(true);
internal static class MembersAutologinExtensions
    public static IUmbracoBuilder AddMemberAutoLogin(this IUmbracoBuilder builder)

        string? memberEmail = builder.Config.GetValue<string>("Autologin:Member:Email");

        // πŸ‘‡ If no user email is configured, it's no use setting this up. In that case: do an early return
        // Thanks to Sven Geusens for the suggestion
        if (string.IsNullOrWhiteSpace(userEmail))
            return builder;

        builder.AddMemberExternalLogins(logins =>
            logins.AddMemberLogin(authBuilder =>
                authBuilder.AddRemoteScheme<AutoLoginOptions, MembersAuthologinAuthenticationHandler>(authBuilder.SchemeForMembers(AutoLoginOptions.AuthenticationScheme)!, "developer login", alOptions =>
                    alOptions.CallbackPath = new PathString("/member-auto-login");
                    alOptions.UserEmail = memberEmail;

        return builder;
    .AddMemberAutoLogin() // πŸ‘ˆ also added only in debug builds
Now you have a working auto-login for members. Now this doesn't "just work" in the same way as the backoffice login. If you haven't already, you need to set up external logins in your frontend login form. Fortunately, Umbraco's code snippets already contain the necessary code to get this up and running:


    var loginProviders = await memberExternalLoginProviders.GetMemberProvidersAsync();
    var externalSignInError = ViewData.GetExternalSignInProviderErrors();

    if (loginProviders.Any())
        if (externalSignInError?.AuthenticationType is null && externalSignInError?.Errors?.Any() == true)
            @Html.DisplayFor(x => externalSignInError.Errors);

        @foreach (var login in loginProviders)
            @using (Html.BeginUmbracoForm<UmbExternalLoginController>(nameof(UmbExternalLoginController.ExternalLogin)))
                <button type="submit" name="provider" value="@login.ExternalLoginProvider.AuthenticationType">
                    Sign in with @login.AuthenticationScheme.DisplayName

                if (externalSignInError?.AuthenticationType == login.ExternalLoginProvider.AuthenticationType)
                    @Html.DisplayFor(x => externalSignInError.Errors);
Now you should be able to log in by just pressing a button on both the backoffice and your frontend! πŸŽ‰

Closing thoughts

Figuring this out, turned out to be easier than I expected. The solution turned out quite elegant in my opinion and it nicely integrates into our Umbraco solution, simply by using native dotnet and Umbraco features. Obviously don't enable this feature when running in any mode other than Development and test your authentication solutions well to make sure you don't accidentally open up your backoffice to strangers.

I would love to hear it if you have any suggestions or concerns and if this has been helpful for you. That's all for now, I'll see you in my next blog! 😊

