Sitefinity ASP.NET CMS - Content Management System

Support

KB Article

Home >  Support >  Knowledge Base >  KB Article
Sitefinity - Using Wndows Authentication - ID#452
Rating: Not rated
Last Modified: 11/6/2008
Related categories: Security;

HOW-TO
Use Windows Authentication with Sitefinity

SOLUTION
Sitefinity has been developed and tested with Forms authentication. It contains a full implementation of role-based security that can use MS Access or MS SQL Server as a data storage medium.

Windows authentication can be used with Sitefinity – the login mechanism is flexible enough to allow that.  Authorization has not been implemented yet, so a mapping between the Windows domain users and the native Sitefinity ones is needed.

All permission checks depend on the CMS principal.  That is an object implementing the ICmsPrincpal interface.  That object is created in a HTTP Module on every request, and gets stored in the HTTP context.  The key to using Windows authentication is to replace the default module with a custom one that creates an appropriate principal for the currently logged in Windows user.

The sample code below creates an appropriate principal.  All the necessary handlers – Application_Error, Begin_Request, etc are moved to the BaseAuthModule class. The WindowsAuthModule class overrides an abstract method that creates the actual principal.

The key part for the Windows-to-Sitefinity user mapping is the UserIdForWindowsIdentity method.  It takes a string in the form “domain\username” and returns a numeric ID of the Sitefinity user. That ID is used to get the group list and create a CachingUserPrincipal – the same ICmsPrincipal implementation is used in the default Sitefinity operation.

  1. Compile this class in a separate assembly and register it with your Sitefinity root web.config by changing:

    <httpModules>
        <add type="TelerikGenericApplication.TelerikHttpModule,TelerikGenericApplication"
            name="TelerikGenericApplication.TelerikHttpModule" />
    </httpModules>
  2. To:

    <httpModules>
        <add type="TelerikGenericApplication.WindowsAuthModule,TelerikGenericApplication"
            name="TelerikGenericApplication.WindowsAuthModule" />
    </httpModules>
  3. Don’t forget to disallow anonymous user access:

    <authorization>
        <deny users="?" />
    </authorization>

Note that if the user is not found in the CMS <-> Windows user mapping you should throw a Telerik.ContentManagement.UserManagement.SecurityException.  It will be caught by the BaseAuthModule’s ApplicationError handler and the appropriate message will be displayed to the user.


Article Comments

There are no comments yet.
Please Sign In to rate this article or to add it to your favorites.

Print Send to a Friend

Copyright 2002 - 2009 © Telerik. All rights reserved | Sitefinity is a registered trademark of Telerik Corp.

a product by telerik