Sitefinity CMS uses claims authentication, implemented on top of IdentityServer3, certified by OpenID Foundation. It allows implementing single sign-on and access control for modern web applications and APIs. It uses OAuth2 and OpenID Connect protocols. This integration allows easy connection with clients such as mobile, web, SPAs ,and desktop applications. It is also extensible and allows integration in new and existing architectures.
The authentication is designed and implemented as separate Microsoft OWIN / Katana component. It uses standard Microsoft.Owin.Security libraries and standard namespace System.Security. Additionally, there are some extensions to support external provider logins, such as Facebook or GitHub.
Authentication model in Sitefinity CMS has the following advantages:
Sitefinity CMS can serve both as Relying Party (RP) and Identity Provider (IP). Usually, these can be one web application on the same host, but with different URLs. However, in a Single-Sign-On (SSO) scenario, these can be on different servers (applications). In both cases the communication between IP and RP is via HTTP and goes trough the client.
Authentication flow diagram
To ensure security, you must configure the following two types of certificates for Sitefinity CMS:
NOTE: Although Sitefinity works successfully on HTTP and HTTPS, we recommend to use SSL/TLS certificate for your site.
You must configure this certificate, by navigating to Administration » Settings » Advanced » Authentication » SecurityTokenService » IdentityServer » SigningCertificate.
NOTE: The certificate must have a private key and the application pool user that runs Sitefinity CMS identity provider must have rights to access it to use it for signing.
Sign up for our free beginner training. Boost your credentials through advanced courses and certification. Register for Sitefinity training and certification.
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important