Configure Windows authentication

To use Windows authentication, you need to use a separate application – WindowsAuthWebHost.

Perform the following: 

  1. From your Sitefinity CMS account, download the WindowsAuthWebHost application and build it. 
  2. In the IIS, host the WindowsAuthWebHost application in the root directory.
  3. In Sitefinity CMS configure Windows authentication provider in the following way:
    1. Navigate to Administration » Settings » Advanced.
    2. In the left pane, expand Authentication » SecurityTokenService » AuthenticationProviders » WindowsAuthentication
    3. In field Metadata Address, enter your WindowsAuthWebHost address.
      For example, enter https://localhost:893
    4. Configure the callback path.
      For example, enter /Sitefinity/signin-custom
      This setting is mandatory for Windows authentication when you use the Default Sitefinity authentication protocol.
    5. Select Enabled checkbox and save your changes.
  4. Setup LDAP settings in the following way:
    1. Navigate to Administration » Settings » Advanced
    2. In the left pane, expand Security » LDAP Settings » LDAP Connections » DefaultLdapConnection
    3. Setup the configuration properties for your system.
  5. Create new LDAP Membership provider in the following way:
    1. Expand Security » Membership Providers, and click Create new
    2. In Name, enter the name of the provider, which must be the same as the LDAP login domain. 

      NOTE: The name is case sensitive. 

      EXAMPLE:For example, if your LDAP login domain is MYDOMAIN, a new provider must be created with name MYDOMAIN.

    3. In ProviderTypeName, enter Telerik.Sitefinity.Security.Ldap.LdapMembershipProvider, Telerik.Sitefinity
    4. Save your changes.
  6. Restart the IIS. 
  7. In Sitefinity CMS, navigate to Administration » Users
  8. Click the newly created provider, find your domain user and assign it to the desired roles. 
  9. Open the web.config of the WindowsAuthWebHost application and inside section <appSettings>, set the IdpReplyUrl property to the address of your Sitefinity CMS site in the following way:
    • When you use the Default authentication protocol, set the IdpReplyUrl to the absolute URL of the callback path as configured in Step 3.
      For example, https://<my-site>.com/Sitefinity/signin-custom.
    • When you use the OpenID authentication protocol and the callback field is empty, set the IdpReplyUrl.
      For example, https://<my-site>.com/sitefinity/authenticate/openid/.
    • When you use the OpenID authentication protocol and the callback path is specified explicitly, set the IdpReplyUrl to https://<my-site>.com/<callback-path>.
  10. In the IIS, select the WindowsAuthWebHost application, open Authentication, enable Windows Authentication and Anonymous Authentication, and disable all others. 
  11. Restart your website. 

RESULT: Next time when the login screen is displayed, it will have a button that you can use to login with your Windows credentials.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?