Custom authentication


Manage local accounts

If you need to completely bypass Sitefinity`s default password based authentication you can use the following method in Telerik.Sitefinity.Security.SecurityManager class:
public static UserLoggingReason AuthenticateUser(string membershipProviderName, string userName, bool persistent, out User user)

This method will login the user and issue all the necessary authentication cookies by just providing the username/email of the user account.

Manage external accounts

If you are logging in users from external identity provider (IP) the usual flow is to redirect the user browser to the IP and wait for it to be redirected back to Sitefinity CMS on a special endpoint with the remote authentication result. There are some special cases that you might collect user credentials in Sitefinity CMS and relay them to the IP for verification. Regardless of the methods used you need to create a local account that is mapped to that external account. Typically the locally mapped account is created upon first login of the external user.
Custom authentication should only be implemented if there are no other option and you have the know-how to implement it securely or are using a third party library.

You can introduce a handler managed by IIS for external accounts. The IIS managed handler is the recommended approach as it is much simpler and more flexible. For more information, see IIS managed handler.

If using standard authentication protocol like OpenID Connect for external accounts consider using and customizing the built-in provider in Sitefinity CMS. For more information, see Add new or customize existing OpenID Connect authentication provider.

 


Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?