Security and load balancing

Shared encryption

To ensure that Sitefinity CMS uses the same encryption key when running in load balancing, it is required that all web servers use the same machine key.

You must add a machineKey configuration in each instance’s web.config file.

NOTE: Add the machine key inside section <configuration>/<system.web>. This is the <system.web> section that is a direct child of the <configuration> section.

For more information, see Microsoft's machineKey Element (ASP.NET Settings Schema) .

SSL and load balanced scenario

If you have an SSL binding for your site, you must have the SSL certificate installed on each of the web server nodes and must have added the https:// bindings to the configurations listed in the procedure above.

If you want to have Sitefinity’s Login page to be served under https://, perform the following:
  1. Open the web.config file of each instance participating in the load balancing configuration. 
  2. Navigate to the <wsFederation> node in the file and set the requireHttps parameter to true.
    For example, <wsFederation passiveRedirectEnabled="true" 
    issuer="http://localhost" realm="http://localhost" requireHttps="true"/>

NOTE: Sitefinity CMS does not synchronize its configuration between the nodes participating in your Load Balanced setup. You must perform the above settings on all Sitefinity CMS instances of your load balanced setup. If you are interested in possible approaches for handling configuration synchronization, see Administration: Upload and physical location of the application.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?