LogoDOCUMENTATION

SELECT PRODUCT DOCUMENTATION

Sitefinity CMSSitefinity InsightSitefinity CloudKnowledge Base
Security
Web security module
Web security settings
Authentication
Users
Roles
Permissions
Authentication settings
Create a custom membership provider
Implement an ASP.NET SQL membership provider
Customize the email notification for password change
Best practices for Authentication
Troubleshooting Authentication
Home Best practices for Authentication

Best practices for Authentication

To benefit most of the authentication improvements, you should configure authentication settings properly. All of the steps below are optional, but we recommend to verify whether the default settings fit your environment needs.

  • Turn on SSL/TLS on your site.
    Although Sitefinity CMS works on HTTP, we recommend to use HTTPS for your site.
    For more information, see Configure SSL.
  • Configure expiration of the cookies and session stores. 
    Depending on the needs of your site you may change the default duration of the cookies.
    For more information, see Configure authentication expiration. You may use absolute expiration instead of the default sliding one. 
    • Absolute expiration
      Pros : Fixed window for an attack to abuse the site, if a sensitive information is stolen. SSL/TLS provides a protection from MITM attack. 
      Cons : If the absolute duration is small, it will require frequent re-authentication, which may be inconvenient.
    • Sliding expiration (default)
      Pros : Convenient. You may configure relatively small time interval and, if the site is used actively, it will refresh automatically the cookies and extend the session.
  • Configure external authentication providers.
    For more information, see Configure external identity providers.
Want to learn more?
Enhance your Sitefinity skills by enrolling in free training sessions. Become Sitefinity certified through Progress Education Community to strengthen your professional credentials.
course-book
Get started with Integration Hub | Sitefinity Cloud
This free lesson teaches administrators, marketers, and other business professionals how to use Sitefinity Integration Hub to create automated workflows between Sitefinity and other business systems.
course-book
Web Security for Sitefinity Administrators
This free lesson teaches administrators the basics about protecting your Sitefinity instance and your sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.
course-book
Foundations of Sitefinity ASP.NET Core Development
The free on-demand video course teaches developers how to use Sitefinity ASP.NET Core and take advantage of its decoupled architecture and modern development model.
New to Sitefinity?
Get a demoPlatform overview
Documentation
About Sitefinity
Resources
Learn
New to Sitefinity
+1-888-365-2779