+1-888-365-2779
Try Now
More in this section

Forums / Security / Seperate authentication from CMS

Seperate authentication from CMS

4 posts, 0 answered
  1. al
    al avatar
    2 posts
    Registered:
    21 Jan 2011
    22 Mar 2011
    Link to this post
    We're using SiteFinity for managing our CMS content and creating the pages etc, and all pages are public. When users login via our a custom provider (Twitter/Facebook provided by Janrain) some of our controls will change their behaviour.

    The two login mechanisms need to be totally seperate, so that someone logging into our public site has no rights at all within the /Sitefinity folder.

    How would I go about configuring Sitefinity for this use case?

    Thanks,

    Al Priest.
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    22 Mar 2011
    Link to this post
    Hi al,

    One of the option is having several public and several backend roles. When you go to Administration >> Permissions you can set CmsAccess permission to the roles you want to access the backend. Roles that does not have this right will be able to access only the frontend after you grant needed permission over your pages.

    Another option is using the same configuration but with two or more membership and role providers.

    All the best,
    Ivan Dimitrov
    the Telerik team
  3. al
    al avatar
    2 posts
    Registered:
    21 Jan 2011
    23 Mar 2011
    Link to this post
    Hmm, I've gone into the CMS and chosen Administration | Permissions, then when I change the "Select Role" dropdown the page postback is fired and I lose the entire dropdown and checkbox section. (This happens in both Chrome, IE and Firefox).

    Assuming I could change this so that my new "public" role, didn't have access, how do I set this role when I authenticate my user?

    I currently have FormsAuthentication.SetAuthCookie(emailAddress, true) but there is no mention of Roles in this.

    Thanks
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    28 Mar 2011
    Link to this post
    Hi al,

    The user should be assigned to a role before that. You cannot authenticate a user that does not belong to a given role as a principal of this role.

    Greetings,
    Ivan Dimitrov
    the Telerik team
Register for webinar
4 posts, 0 answered