+1-888-365-2779
Try Now
More in this section

Forums / Security / Integrating security with existing site

Integrating security with existing site

4 posts, 0 answered
  1. Jeff Sodeman
    Jeff Sodeman avatar
    13 posts
    Registered:
    20 Apr 2010
    07 Sep 2010
    Link to this post
    I have an existing application that uses the default SQL membership provider for authentication. We are setting Sitefinity up as a subdomain, and what I would like to do is:

    1) Prevent anonymous access to Sitefinity, and have non-logged in users redirected to the existing app's login page
    2) Link from the existing app to Sitefinity and have logged in users be able to view SF without logging in again
    3) Keep the SF cms admin users separate

    The steps I've done so far are to turn on anonymous access to all the pages in SF. I've added a connection string, and the membership + roles providers from my existing app to the SF web.config generally as outlined at: http://www.sitefinity.com/devnet/kb/sitefinity-3-x/working-with-multiple-membership-and-role-providers.aspx

    I had to guess a little as it since the example is for SQL and AD, and I'm using 2 SQL dbs - but I think I got it right.

    So now I'm at a point where you have to be logged into SF to see the site, but the login from the existing app isn't carrying over, and I don't have a redirect to the existing app's login page going.

    Do I need to set something like the cookiepath or something else to share that a user is already logged into the existing app?

    How do I set up SF to send non-logged in users to the existing app's login page?

    I'm happy to paste my config sections or anything else that will be useful.
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    08 Sep 2010
    Link to this post
    Hi Jeff Sodeman,

    Sitefinity can work with standard ASP.NET Membership, Role and Profile providers.

    1) Prevent anonymous access to Sitefinity, and have non-logged in users redirected to the existing app's login page


    Each page has a permission tab from where you could disable Anonymous access and allow only authenticated users to access it. If the user is not authenticated he/she will be redirected to loginUrl of FormsAuthentication node.

    2) Link from the existing app to Sitefinity and have logged in users be able to view SF without logging in again


    You have to implement SSO with Forms Authentication or log in the user or create a "fake" login

    3) Keep the SF cms admin users separate

    You can use Roles model ( standard for ASP.NET) or 2 or more providers where one of them will be used only for the backend. Note that out of the box you can access the backend(admin) using only one Membership/Role provider.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Jeff Sodeman
    Jeff Sodeman avatar
    13 posts
    Registered:
    20 Apr 2010
    08 Sep 2010
    Link to this post
    Thank you Ivan,

    The users will only be reading from the site, not commenting or anything. So I don't really need Sitefinity to know who they are, just that they're authorized to view the site. You mentioned SSO, login, or "fake" login. It looks like the fake login would be the easiest to implement?

    I looked through the linked thread on creating an authentication cookie. With that approach where would you put the code? In a code behind-only page that the existing app links to, which then redirects to the Sitefinity home page? Does the page need to inherit from anything special?
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    08 Sep 2010
    Link to this post
    Hi Jeff Sodeman,

    You  have to put the code inside Sitefinity website where you want to have access. You could put it inside Sitefinity/Login.aspx.cs and make a redirect from there to the initially requested destination - the initial request will not be authenticated and you will be redirected to loginUrl set in the web.config which is  Sitefinity/Login.aspx page ( default value).

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
4 posts, 0 answered