Installation and Administration Guide

Switching to claims-based authentication

If you are upgrading your project from Sitefinity 4.x version to Sitefinity 5.0, claims-based authentication will not be applied automatically. To configure your site to use claims-based authentication, perform the following:

  1. Login to the backend of your website.
  2. Click Administration » Settings » User Authentication.
  3. In the dropdown box, select Claims based authentication and click Save changes.
  4. Open the web.config file of your project.
  5. Under <configSections>, add the following section:
    <section requirePermission="false" name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
  6. Under <system.web>, add the following section:
    <httpRuntime requestValidationType="Telerik.Sitefinity.Security.Claims.CustomRequestValidator, Telerik.Sitefinity" />
  7. Find and set authentication mode to None in the following way:
    <authentication mode="None" />
  8. Under <configuration> section, add the microsoft.identityModel section before the closing tag in the following way:
    <microsoft.identityModel>
    <service>
      <claimsAuthenticationManager type="Telerik.Sitefinity.Security.Claims.SFClaimsAuthenticationManager, Telerik.Sitefinity"/>
      <securityTokenHandlers>
        <add type="Telerik.Sitefinity.Security.Claims.SWT.SWTSecurityTokenHandler, Telerik.Sitefinity" />
      </securityTokenHandlers>
      <audienceUris mode="Never"></audienceUris>
      <federatedAuthentication>
        <wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="false" />
        <cookieHandler requireSsl="false" />
      </federatedAuthentication>
      <issuerNameRegistry type="Telerik.Sitefinity.Security.Claims.CustomIssuerNameRegistry, Telerik.Sitefinity">
        <trustedIssuers></trustedIssuers>
      </issuerNameRegistry>
      <issuerTokenResolver type="Telerik.Sitefinity.Security.Claims.SWT.WrapIssuerTokenResolver, Telerik.Sitefinity"/>
    </service>
    </microsoft.identityModel>
  9. Under the <httpModules> section, add the new ones for Claims Authentication, following the specific order.

    NOTE: If you are using IIS7+, the markup should be added to the <modules> section under <system.webserver>, rather than <httpModules>.

    The final section should look like this:
  10. <remove name="FormsAuthentication"/>
    <remove name="RoleManager"/>
    <add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    <add name="SitefinityClaimsAuthenticationModule" type="Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule, Telerik.Sitefinity" />
    <add name="Sitefinity" type="Telerik.Sitefinity.Web.SitefinityHttpModuleIIS6, Telerik.Sitefinity" />
    <add name="SessionAuthenticationModule" type="Telerik.Sitefinity.Security.Claims.SitefinitySessionAuthenticationModule, Telerik.Sitefinity"/>
    <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    <add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule, Telerik.Web.UI" />
    <add name="SitefinityAnalyticsModule" type="Telerik.Sitefinity.Analytics.Server.DependencyResolution.Module.DependencyRegistrarHttpModule, Telerik.Sitefinity.Analytics.Server.DependencyResolution" />
  11. Save and close the web.config file.
  12. Restart the application.

Next steps

+1-888-365-2779
sales@sitefinity.com

Related topics:

Feedback

How useful is this article?

Tell us more

Submit
Your message was successfully sent.

We appreciate your feedback.

Your message could not be sent.

OK