Authentication and web services

Overview

With Sitefinity CMS you can authroize HTTP requests to web services using OAuth2 access tokens or user Access Keys. With the Default authentication protocol, you can generate an Access Key that is stored and used to authenticate the requests as well as OAuth2 access tokens for users. With the OpenID authentication protocol in Sitefinity CMS, you can only generate OAuth2 access tokens.

You can also setup an integration with OAuth2.0 if you need to integrate a small number of applications. For larger or more advanced integrations, it's best to integrate Sitefinity CMS with external identity providers.

Integration with the Default protocol

For Sitefinity CMS projects that use the Default authentication protocol, administrators can generate access key that can be used to authenticate requests or use the OAuth2 Authorization Server. Access keys are used mainly for machine to machine communication (similar to the OAuth2 client credentials flow). For more information, see Generate access key.

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. For more information, see Configure Oauth 2.0

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?