1. Home
  2. Security & Privacy
  3. GDPR
  4. Tutorial becoming GDPR compliant using CookieBot

How to become GDPR compliant using Cookiebot

We can integrate with a cookie consent banner service such as CookieBot and depending on the choice of the user we can enable or disable certain parts of uMarketingSuite.

This has been covered in our documentation previously, but this tutorial gives you a full working implementation to use with CookieBot.

Code Example

This code example shows how to read the CookieBot consent cookie and then based from that you can decide if we should enable or disable certain parts of uMarketingSuite.

First we need to create a class that implements the interface uMarketingSuite.Business.Permissions.ModulePermissions.IModulePermissions

We can use this class to check the current HTTPContext Request Cookies for the CookieBot cookie which is named CookieConsent

From some of the documentation from CookieBot we can implement the same logic to check if the value of the cookie is -1 or another value. If it is set to -1, CookieBot is indicating to us that this is a user within a region that does not require consent.

The rest of the code is deserializing the JSON string stored inside the cookie from CookieBot and mapping it the relevant cookie permission we want to use for turning on or off the uMarketingSuite features.

CookieBotModulePermissions.cs

using Microsoft.AspNetCore.Http;
using Newtonsoft.Json;
using System.Web;
using uMarketingSuite.Business.Permissions.ModulePermissions;

namespace uMarketingSuite.StarterKit.CookieBot
{
    public class CookieBotModulePermissions : IModulePermissions
    {
        public bool AbTestingIsAllowed(HttpContext context)
        {
            // Need to check CookieBot consent cookie
            // Did they consent to AB testing
            return IsAllowed(context, "marketing");
        }

        public bool AnalyticsIsAllowed(HttpContext context)
        {
            // Need to check CookieBot consent cookie
            // Did they consent to Analytics
            return IsAllowed(context, "statistics");
        }

        public bool PersonalizationIsAllowed(HttpContext context)
        {
            // Need to check CookieBot consent cookie
            // Did they consent to Personalization
            return IsAllowed(context, "preferences");
        }

        public bool IsAllowed(HttpContext context, string cookiePermission)
        {
            // C# Code from CookieBot to check for their cookie
            // https://www.cookiebot.com/en/developer/#h-server-side-usage
            var rawCookieBotConsentValues = context.Request.Cookies["CookieConsent"];

            if (rawCookieBotConsentValues != null)
            {
                switch (rawCookieBotConsentValues)
                {
                    case "-1":
                        // The user is not within a region that requires consent - all cookies are accepted
                        // Then we can mark the uMarketingSuite features as allowed
                        return true;

                    default:
                        // The user has given their consent
                        return CheckCookieBotValue(rawCookieBotConsentValues, cookiePermission);
                }
            }

            //The user has not accepted cookies - set strictly necessary cookies only 
            return false;
        }

        public bool CheckCookieBotValue(string rawCookieBotConsentValues, string cookiePermissionToCheck)
        {
            // Read current user consent in encoded JSON
            // Sample JSON cookie payload
            /*
             * {
             *      stamp:'Ov4gD1JVnDnBaJv8K2wYQlyWlnNlT/AKO768tibZYdQGNj/EolraLw==',
             *      necessary:true,
             *      preferences:false,
             *      statistics:true,
             *      marketing:false,
             *      method:'explicit',
             *      ver:1,
             *      utc:1698057791350,
             *      region:'gb'
             * }
            */

            // Decode the consent string
            var decodedConsent = HttpUtility.UrlDecode(rawCookieBotConsentValues);

            if(decodedConsent == null)
            {
                return false;
            }

            // Deserizalize the consent to a dynamic object
            var cookieBotConsentValues = JsonConvert.DeserializeObject(decodedConsent);
            if (cookieBotConsentValues == null)
            {
                // Something went wrong with the cookieConsent deserialization
                return false;
            }

            switch (cookiePermissionToCheck)
            {
                case "necessary":
                    return cookieBotConsentValues.Necessary;

                case "preferences":
                    return cookieBotConsentValues.Preferences;

                case "statistics":
                    return cookieBotConsentValues.Statistics;

                case "marketing":
                    return cookieBotConsentValues.Marketing;
                default:
                    break;
            }

            return false;
        }
    }

    public class CookieBotConsent
    {
        [JsonProperty("necessary")]
        public bool Necessary { get; set; }

        [JsonProperty("preferences")]
        public bool Preferences { get; set; }

        [JsonProperty("statistics")]
        public bool Statistics { get; set; }

        [JsonProperty("marketing")]
        public bool Marketing { get; set; }
    }
}

CookieBotComposer.cs

using uMarketingSuite.Business.Permissions.ModulePermissions;
using uMarketingSuite.Common.Composing;
using Umbraco.Cms.Core.Composing;
using Umbraco.Cms.Core.DependencyInjection;
using Umbraco.Extensions;

namespace uMarketingSuite.StarterKit.CookieBot
{
    [ComposeAfter(typeof(AttributeBasedComposer))]
    public class CookieBotComposer : IComposer
    {
        public void Compose(IUmbracoBuilder builder)
        {
            builder.Services.AddUnique<IModulePermissions, CookieBotModulePermissions>();
        }
    }
}

CookieBot Cookie

We use the existing CookieBot cookie and use this to map it to a uMarketingSuite feature

CookieBot Key uMarketingSuite Feature
Preferences Personalization
Statistics Analytics
Marketing A/B Testing

Configuring CookieBot

Please refer to CookieBot documentation on how to setup and configure your Cookie Consent Banner. This allows you to change the wording and the look and feel of the cookie consent banner to suit your needs along with its placement etc.

Installing CookieBot

From the CookieBot website after generating your cookie consent banner, it gives you a JavaScript tag that you need to insert into the <head> of your HTML template such as.

<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" 
        data-cbid="your-guid" 
        data-blockingmode="auto" 
        type="text/javascript"></script>