+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Active Directory for Front End Only

Active Directory for Front End Only

5 posts, 0 answered
  1. Jonathan
    Jonathan avatar
    4 posts
    Registered:
    06 Jan 2008
    04 May 2014
    Link to this post

    Hello,

     I have a site where I want to only use active directory for the front end. For the backend, I want to continue to use the default provider. I went through the process of setting up active directory STS and it works. If I leave the federation URL pointed to localhost, you do get the SF login box where you select Default or LDAP. However, I would like it to log you in automatically if you visit a front-end page that requires a specific LDAP group.

    Is this possible? The main reason is that many of my active directory users will be backend users but only use it rarely. They will visit the website every day and if they are automatically logged in, we will quickly exceed the 5 concurrent user login limit even though they aren't using the backend tools. My plan would be is they would have a different login for the backend.

  2. Jonathan
    Jonathan avatar
    4 posts
    Registered:
    06 Jan 2008
    06 May 2014 in reply to Jonathan
    Link to this post

    I wanted to post what I've done in the interim to see if there is a long-term issue associated with it.

    I setup active directory as a Sitefinity provider but I left the URL in the federation tag of the web.config as localhost. I think created a front-end login page that detects if the person is logged in. If the person is not logged in, I redirect them to my STS AD site and they get returned correctly logged in. There is a log out button on the front end and if the person navigates to /Sitefinity, they can login with their Sitefinity default provider login to update content.

  3. Nikola Zagorchev
    Nikola Zagorchev avatar
    424 posts
    Registered:
    24 Nov 2016
    07 May 2014
    Link to this post
    Hello Jonathan,

    In order to use Active Directory only on the frontend you can just setup your Ladp settings and then tell your frontend Login widget to only use the Ldap provider (by default its named "LdapUsers") from its Advanced section - see image for reference.

    If  you have configured the STS, you might need to disable it, since it is used mostly when you would like to achieve Windows authentication (Single Sign On) by using the user's Windows credentials when he accesses any part of the backend (~/Sitefinity/someurl). You can disable this if you do not want your users to automatically authenticate in the backend. The authentication on the frontend will still work with the AD users since it works separately from the backend one. 

    This way you can achieve AD authentication on the frontend, while using the Default Sitefinity provider for the backend login.


    Regards,
    Nikola Zagorchev
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
  4. Gerald
    Gerald avatar
    1 posts
    Registered:
    23 Mar 2015
    26 May 2015 in reply to Nikola Zagorchev
    Link to this post
    Nikola, isn't your method forcing the administrator to have their users login manually? I think what Jonathan is asking is exactly what we are trying to implement. We would like to utilize Windows SSO on the front end without having to associate roles with specific CNs in our Active Directory. Is this possible?
  5. Nikola Zagorchev
    Nikola Zagorchev avatar
    424 posts
    Registered:
    24 Nov 2016
    29 May 2015
    Link to this post
    Hi Gerald,

    By default, the users from the ldap will be frontend users only, since they will not have any roles mapped or ability to access the backend of Sitefinity. If you have the provider on place and the STS configured, you should be able to login with the windows identity.

    Regards,
    Nikola Zagorchev
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
5 posts, 0 answered