Authentication

Authentication is the process of establishing the user identity in a web application. It is how Sitefinity CMS knows who is using it at the moment. You can think of authentication as proving to Sitefinity CMS who you are by supplying credentials.

Sitefinity CMS supports two modes of authentication:

• Forms Authentication
  This method mirrors the Forms authentication in pure ASP.NET applications and transfers the user identity from the client to the server by storing a cookie. Users provide a username and password the first time they log in, and then these credentials are supplied in the cookie with each request that goes to the server.
  
  NOTE: Forms Authentication has known limitations for custom development scenarios and extensions. It also does not support some sitefinity features like Single Sign-On. This is why Sitefinity CMS uses claims authentication by default. We recommend that you use claims, except in scenarios where you explicitly want Forms.
• Claims Authentication
  Claims authentication uses the Windows Identity Foundation API to authenticate users in Sitefinity CMS. It does not use cookies and relies on transferring information between the client and server in the form of claims. User credentials are no longer passed between client and server. Instead, the client receives permission from the user to authenticate on behalf of the user. It then uses a token as proof of this permission to communicate with the server. Such a model has a number of benefits over traditional models:
  • It enables a 3-way authentication protocol (where an application can authenticate on behalf of a user without knowing his credentials). This gives users control over what they can allow the application to do.
  • It makes out-of-browser scenarios possible and easier to implement, because there is no reliance on cookies. This includes authenticating to a remote Sitefinity CMS site from your mobile app, for example.
  • It does not assume a communication protocol and any protocol can be implemented on the basis of claims.

NOTE: As of Sitefinity CMS 5.0, Claims is the default authentication mode.

For information on how to configure the authentication mode for your Sitefinity CMS application, please read the following articles in the Installation and Administration Guide:

• Administration: Switch to forms authentication
• Administration: Switch to claims-based authentication

In this section, we are going to explore different authentication scenarios that developers may need to implement with explanations about the API that is used and code samples.