Authentication is the process of establishing the user identity in a web application. It is how Sitefinity CMS knows who is using it at the moment. You can think of authentication as proving to Sitefinity CMS who you are by supplying credentials.
Sitefinity CMS supports two modes of authentication:
- Forms Authentication
This method mirrors the Forms authentication in pure ASP.NET applications and transfers the user identity from the client to the server by storing a cookie. Users provide a username and password the first time they log in, and then these credentials are supplied in the cookie with each request that goes to the server.
NOTE: Forms Authentication has known limitations for custom development scenarios and extensions. It also does not support some sitefinity features like Single Sign-On. This is why Sitefinity CMS uses claims authentication by default. We recommend that you use claims, except in scenarios where you explicitly want Forms.
- Claims Authentication
- It enables a 3-way authentication protocol (where an application can authenticate on behalf of a user without knowing his credentials). This gives users control over what they can allow the application to do.
- It makes out-of-browser scenarios possible and easier to implement, because there is no reliance on cookies. This includes authenticating to a remote Sitefinity CMS site from your mobile app, for example.
- It does not assume a communication protocol and any protocol can be implemented on the basis of claims.
NOTE: As of Sitefinity CMS 5.0, Claims is the default authentication mode.
For information on how to configure the authentication mode for your Sitefinity CMS application, please read the following articles in the Installation and Administration Guide:
In this section, we are going to explore different authentication scenarios that developers may need to implement with explanations about the API that is used and code samples.