Authentication is the process of establishing the user identity in a web application. It is how Sitefinity CMS knows who is using it at the moment. You can think of authentication as proving to Sitefinity CMS who you are by supplying credentials.

Sitefinity CMS supports two modes of authentication:

  • Forms Authentication
    This method mirrors the Forms authentication in pure ASP.NET applications and transfers the user identity from the client to the server by storing a cookie. Users provide a username and password the first time they log in, and then these credentials are supplied in the cookie with each request that goes to the server.

    NOTE: Forms Authentication has known limitations for custom development scenarios and extensions. It also does not support some sitefinity features like Single Sign-On. This is why Sitefinity CMS uses claims authentication by default. We recommend that you use claims, except in scenarios where you explicitly want Forms.
  • Claims Authentication
    Claims authentication uses the Windows Identity Foundation API to authenticate users in Sitefinity CMS. It does not use cookies and relies on transferring information between the client and server in the form of claims. User credentials are no longer passed between client and server. Instead, the client receives permission from the user to authenticate on behalf of the user. It then uses a token as proof of this permission to communicate with the server. Such a model has a number of benefits over traditional models:
    • It enables a 3-way authentication protocol (where an application can authenticate on behalf of a user without knowing his credentials). This gives users control over what they can allow the application to do.
    • It makes out-of-browser scenarios possible and easier to implement, because there is no reliance on cookies. This includes authenticating to a remote Sitefinity CMS site from your mobile app, for example.
    • It does not assume a communication protocol and any protocol can be implemented on the basis of claims.

NOTE: As of Sitefinity CMS 5.0, Claims is the default authentication mode.

For information on how to configure the authentication mode for your Sitefinity CMS application, please read the following articles in the Installation and Administration Guide:

In this section, we are going to explore different authentication scenarios that developers may need to implement with explanations about the API that is used and code samples.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?