+1-888-365-2779
Try Now
More in this section

Security

2 posts, 0 answered
  1. Frank
    Frank avatar
    25 posts
    Registered:
    14 Jul 2008
    21 Aug 2008
    Link to this post
    Hi,

    I am trying to set up security and authentication for Sitefinity (running on IIS 6 and Windows Server 2003). Can someone point me to some documentation on how to set this up?

    Thanks!

    Frank
  2. Joe
    Joe avatar
    138 posts
    Registered:
    24 Sep 2012
    25 Aug 2008
    Link to this post
    Hey Frank,

    I have included e-mails from our previous conversations to further clarify your needs.

    Since you do not want to use Active Directory and you want to use Windows Authentication, you can use Identity Impersonation. This will login anyone in, but I can see this is not what you want to do. Basically, it's one or the other. You can either use Forms Authentication or Windows Authentication with Active Directory, which means that the credentials are stored in a database for your Windows login. Consequently, you could also use Microsoft Passport for authentication, however, there is a substantial fee for using that service.

    Forms authentication, by default, places login credentials in a cookie that the user carries from page to page. You can control the encryption of the cookie for added security and this article will give you more info on setting forms authentication properties. You can easily open the Web.config of your Sitefinity project and apply the necessary settings, since we are using the same forms provider.

    I hope that I have provided a solution to your technical issue. If you need further assistance, please let us know.

    Best wishes,
    Joe
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

    Joe,

     

    Unfortunately we do not have Active Directory installed on our web server. It is a stand-alone server. It’s not a part of any domain. I would use the forms authentication, but I am afraid of sending credentials in clear text. If this is not how forms authentication works, please let me know. What are some of my options?

    ------------------------------

    Hi Frank,

     

    I believe you want to use Active Directory with Windows Integrated Authentication, since you want passwords to be hashed when sent from the client to the server. Am I correct? Sitefinity had providers for Active Directory, so you simply need to set the connection string of the provider. Please take a look at this article and let me know if you need further assistance.

    -Joe

    ------------------

     

    I solved the navigation problem. Right now I am having trouble figuring out how to set up authentication. I don’t want to use forms based authentication because as of right now we don’t have a way to secure it, so I am trying to set up integrated Windows authentication. I looked on your site for documentation for how to set up Windows authentication with Sitefinity but I couldn’t find much. I looked through the developer manual and that only had a brief description. Is there some documentation you can point me to, because I really would like to continue.

     

    Thanks,

    Frank

2 posts, 0 answered