Configure Windows authentication

To use Windows authentication, you need to use a separate application – WindowsAuthWebHost.

Perform the following: 

  1. From your Sitefinity CMS account, download the WindowsAuthWebHost application and build it. 
  2. In the IIS, host the WindowsAuthWebHost application in the root directory.
  3. In Sitefinity CMS configure Windows authentication provider in the following way:
    1. Navigate to Administration » Settings » Advanced.
    2. In the left pane, expand Authentication » SecurityTokenService » AuthenticationProviders » WindowsAuthentication
    3. In field Metadata Address, enter your WindowsAuthWebHost address.
      For example, enter https://localhost:893 
    4. Select Enabled checkbox and save your changes.
  4. Setup LDAP settings in the following way:
    1. Navigate to Administration » Settings » Advanced
    2. In the left pane, expand Security » LDAP Settings » LDAP Connections » DefaultLdapConnection
    3. Setup the configuration properties for your system.
  5. Create new LDAP Membership provider in the following way:
    1. Expand Security » Membership Providers, and click Create new
    2. In Name, enter the name of the provider, which must be the same as the LDAP login domain. 

      NOTE: The name is case sensitive. 

      EXAMPLE:For example, if your LDAP login domain is MYDOMAIN, a new provider must be created with name MYDOMAIN.

    3. In ProviderTypeName, enter Telerik.Sitefinity.Security.Ldap.LdapMembershipProvider, Telerik.Sitefinity
    4. Save your changes.
  6. Restart the IIS. 
  7. In Sitefinity CMS, navigate to Administration » Users
  8. Click the newly created provider, find your domain user and assign it to the desired roles. 
  9. Open the web.config of the WindowsAuthWebHost application and inside section <appSettings>, set the IdpReplyUrl property to the address of your Sitefinity CMS site in the following way: 
    https://<my-site>.com/sitefinity/authenticate/openid/ 
  10. In the IIS, select the WindowsAuthWebHost application, open Authentication, enable Windows Authentication and Anonymous Authentication, and disable all others. 
  11. Restart your website. 

RESULT: Next time when the login screen is displayed, it will have a button that you can use to login with your Windows credentials.

Was this article helpful?