Categories
Bloggers
Blogs RSS feed

What Happens When the Sitefinity User Limit Is Reached

by Peter Marinov
usetlimitsubway 

The question with no answer 

Today I am going to take a look inside a functionality, which is not used every day and even the people who have seen it before tend to forget it and… that also includes me. In the next few paragraphs, this post will quickly reveal what happens when the maximum number of concurrent backend users is reached.

What is a backend user?

To clear any confusion down the road, I want to briefly explain what is the meaning and the logic behind the notion of a concurrent backend user. Sitefinity CMS separates the users into two main types – backend users and everyone else. The backend users are all the users who have permissions to access the administration pages of Sitefinity and execute various content editing or other CMS actions. Each Sitefinity version has a certain licensing differentiator, which defines a limitation on the amount of such backend users who are simultaneously logged into Sitefinity.

With that said, let’s see what happens when a backend user tries to log in when already the maximum allowed users limit is reached.

What actually happens?

Scenario #1 A non admin user tries to log in

The user enters his/her credentials and a new dialog opens showing the currently logged in users. In the image below you can see what is presented to the less powerful user:

MaxUsersScreen

Scenario #2 Administrator tries to log in

Now we have a more powerful user stepping in and things are different. Admins now see the button saying "Force someone to logout":

MaxUsersScreen1

Once they click that button, admins have the ability to select any of the currently logged in users and they can forcefully log off any user so they can get their job done:

MaxUsersScreen2

See you soon

That's it! I told you it is going to be a quick one. I hope that if you came here searching for an answer, this article was what you were looking for.

 

5 comments

Leave a comment
  1. Professor Blail Apr 04, 2014

    Those messages are somewhat misleading, if not an outright lie.  It is not just users allowed to be logged into the backend at the same time, it is users who have the backend user role assigned that are allowed to view protected content at the same time, which includes protected content on the FRONT END.  

    You must be VERY careful when choosing a license and what content to protect.  Everything is fine if you only assign the back end role to a limited number of users, but if you want to secure all your pages, and give the backend user role to more users than your license allows for CONCURRENT access, your users will end up not being able to view the front end.  Sitefinity CAN NOT tell the difference between an authenticated user viewing the back end vs an authenticated user viewing the front end. 

    In an intranet context, this can be crippling.  If you want to know the Windows identity of a user to serve up some personalized content (from your HR system, for example), the only mechanism provided by Sitefinity to do this is to set the View permission on ALL pages to the App_Role: Authenticated.  This forces every user to log into Sitefinity (either through a login screen or SSO) in order to be able to view the front end content.  Upon logging in, if that user has the backend user role assigned, the so-called "Concurrent CMS user" count is incremented.  Once the concurrent user count equals the "Concurrent CMS Users" limit of your license, no more users with the backend user role will be able to VIEW the FRONT END.  Users without that role assigned can view the protected front end content, but those with that role will be denied access.  

    With a Professional license, you get "10 Concurrent CMS Users".  In the above scenario, if you assign the backend role to 11 people, only 10 of them can VIEW the FRONT END at any given time.  It's not just that only 10 of them can be in the backend, editing content, concurrently....only 10 of them can access the site concurrently at all, front end included.  This essentially means that you can only assign the backend user role to as many people as your license allows for "Concurrent CMS Users".  Which really makes it is "Total CMS Users".   

    It's a subtle but VERY important distinction that Telerik does not make very clear in their marketing literature.  They never deny it and will gladly explain it to you ad nauseum in great detail when you encounter this behavior, though.  This explanation usually happens just before they try to sell you more concurrent users, at $1,000 a pop (which you must purchase in bundles of 5).  In their marketing literature and documentation, it is always talked about ONLY in the context of accessing the back end.  It is important to realize that this also affects VIEWING protected front end content.

    Choose wisely...

  2. Peter Marinov Apr 07, 2014

    Hello sir,

    this is the author and I am surprised to see that I am sending messages that are "somewhat misleading, if not an outright lie". I am pretty confident that is not the case here and I am surprised that you have made such a conclusion and especially by the tone of your comment.

    That makes me think that you are talking based on experience on a particular project. If that is the case, I think the best way will be to contact me (email: peter@telerik.com), so we can sit down and analyse the situation. And don't worry, I am not a sales guy, so I won't try to sell you bundles of new users or a new car :)

    So just in case you decide not to contact me and in the best interest of the readers coming to this blog post, I would like to do some clarification here:

    As I said, backend users are the users having permissions to access the backend - that means they are members of the "backend users" role. You need to use that role only if you plan to allow the users to access the backend. Looking the above described scenario, even if you use personalization for logged in users browsing the public pages of an intranet/extranet, Sitefinity won't impose any licensing limitations unless you make the users members of the "backend users" role. And if the plan is to control the level of access only, why should you give them access for the Sitefinity backend, right?

    Is there any reason for making all the users members of the "backend users" role at first place? 

  3. Professor Blail Apr 08, 2014

    Thanks for the reply.  I will be contacting you via email with some more details, but for the benefit of other readers, I offer this.

    The reason I want so many users to have the backend role is because this is for an intranet, where the (only) people viewing the content are those that also create the content.  In a typical public web site, you have a few people creating all the content that a comparatively large audience of viewers consumes.  For an intranet, you typically have, and want, a larger number of content contributors.  The fact that Telerik offers an Intranet Edition license with a higher user count indicates that Telerik agrees, at least in principle.  Our intranet, like countless other intranets, is designed to be a collaborative space. Content contribution is not only highly encouraged for all, for some users it is a requirement of their job.  So, in this context, why would I ever want to limit how many people can contribute content?  I may not want every user to have full permissions on every content type, but I see no reason why, for an intranet, every user should not be able to contribute some form of content.  This is especially true for dynamic content types created to facilitate the aforementioned collaboration.

    It's also important to note that the "goal", as you say, is not to control the level of access, the "goal" is to know who is browsing the front end.  That is a basic function of any corporate intranet.  Since the site is behind the firewall and only accessible internally, I don't NEED to set the View permission of all pages to the App_Role of Authenticated. I only do that because that is the ONLY mechanism provided by Sitefinity to get the Windows username of a front end visitor since Sitefinity can't run under Windows Authentication in IIS.

    I hope that sheds more light on why this is such a problem for me, and others, I'm sure.  

  4. ADam Sep 01, 2014

    Unfortunately we have found ourselves in exact same situation. Built an intranet site using Sitefinity CMS and now as soon as you hit 10 back end users the rest is unable to log in.

    To be frank having 10 back end users is more than sufficient in most cases, the only real pain is the fact that content editors have to be back end users...

  5. kifftfer Oct 22, 2014

    We accidentally created a bunch (300) of non-admin back end users when pre-populating our SF7 site because our site developer had that back end user box checked by default. Now, even though we have removed this role, every time a front end user logs in it says that a seat is taken up and only admins can log in. How can we stop front end users who used to have the back end user role being seen as logged in back end users by Sitefinity when they log in to the front end?

    Leave a comment