+1-888-365-2779
Try Now
More in this section

Forums / Security / Using Sitefinity in Conjunction with WIF

Using Sitefinity in Conjunction with WIF

5 posts, 0 answered
  1. Keith Beckman
    Keith Beckman avatar
    1 posts
    Registered:
    29 Dec 2009
    13 Sep 2010
    Link to this post
    I was wondering if anyone on the Telerik team or the community had any experience using Sitefinity in a site that is secured using claims-based authentication in Windows Identity Foundation. My experience with Sitefinity other than this forum post is extremely limited so I'm hoping that I'm giving enough detail here. Here's some high-technical details about how the site, its physical folder structure and our WIF considerations:

    --http://<domain>/<site_root>  All pages and Sitefinity dynamic content in this directory should be unsecured allowing for anonymous access.
    --http://<domain>/<site_root>/shoppingcart is a sub-folder off the parent application that we want to completely secure.
    --http://<domain>/<site_root>/developer is a sub-folder off the parent application that we want to secure, but allow the dynamic Sitefinity content to be unsecured...

    Windows Identity Foundation allows for some very specific configuration to allow access to particular folders using tags such as the following:

    <location path="FederationMetadata">		
        <
    system.web>
            <
    authorization>
                <
    allow users="*" />
            </authorization>
        </
    system.web>
    </
    location>

    This works very well for static content in your ASP.NET application, however the dynamic Sitefinity content is unable to be configured this way... Those resources simply assume the same type of security access that is assigned to the folder in which it's served from. In other words, all of the dynamic content in our developer folder is secured and we would prefer only the static .aspx files be secured.

    Is there some other configuration that might work? We've tried multiple configurations for this... We've place the <microsoft.identityModel> (WIF) configuration at the site root level and then removed it to try and secure each of the folders with their own config file with <microsoft.identityModel> sections. I'm hoping that someone on the Telerik team can provide some best practice approaches for this type of thing since federated security and WIF are technologies that are quickly gaining momentum...

    Thanks in advance for your help.

  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    14 Sep 2010
    Link to this post
    Hi Keith Beckman,

    You could create a Claims for entities  in the file system and this should allow dynamic requests. Another option is restricting all file resources by using authorization allow Element to allow access to a resource.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Steve
    Steve avatar
    1 posts
    Registered:
    24 Nov 2010
    29 Nov 2010
    Link to this post
    Continuing this this thought. Is there a way to configure Sitefinity to use Azure Access Controls as the identity provider?

  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    03 Dec 2010
    Link to this post
    Hi Steve,

    We do not support Azure officially in Sitefinity 3.x and 4.0 and we have not tested setting Azure controls. Most probably we will spend some time on this after the official release of Sitefinity 4.0.
    Sitefinity 3.x will not have an official support on Azure.

    Best wishes,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Jaco
    Jaco avatar
    1 posts
    Registered:
    15 Aug 2012
    14 Aug 2012
    Link to this post
    This was posted in 2010. Please give update on this since Azure's offering allows now Yahoo, Facebook, Windows Live ID, Google+ and Windows ADFS. 
Register for webinar
5 posts, 0 answered