Best practices for Authentication

To benefit most of the authentication improvements, you should configure authentication settings properly. All of the steps below are optional, but we recommend to verify whether the default settings fit your environment needs.

  • Turn on SSL/TLS on your site.
    Although Sitefinity CMS works on HTTP, we recommend to use HTTPS for your site.
    For more information, see Configure SSL.
  • Configure expiration of the cookies and session stores. 
    Depending on the needs of your site you may change the default duration of the cookies.
    For more information, see Configure authentication expiration.
    You may use absolute expiration instead of the default sliding one. 
    • Absolute expiration
      Pros: Fixed window for an attack to abuse the site, if a sensitive information is stolen. SSL/TLS provides a protection from MITM attack. 
      Cons: If the absolute duration is small, it will require frequent re-authentication, which may be inconvenient. 
    • Sliding expiration (default)
      Pros: Convenient. You may configure relatively small time interval and, if the site is used actively, it will refresh automatically the cookies and extend the session. 
  • Configure external authentication providers.
    For more information, see Configure external identity providers.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?