More in this section
Forums / Developing with Sitefinity / Authentication with Api

Authentication with Api

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
1 posts, 0 answered
  1. Steve
    Steve avatar
    0 posts
    20 Apr 2017
    20 Apr 2017
    Link to this post

    We are starting work on a Sitefinity CMS site and are having difficulty in conceptualising how the authentication will hang together.

    The site will make extensive use of custom components that will call into our own (still in development) AspNet Web Api. This api currently supports OAuth 2.0 and acts as its own authorisation server – this enables a client to pass a user’s credentials to the api and receive an access token to be used in subsequent api requests. The api provides access to an existing production Sql Server database.

    Now that we have started work on the Sitefinity CMS site it’s apparent that a set of users is maintained in the CMS database and the application uses OpenId Connect.

    On registration, a CMS user will need to be associated with a user in the existing sql server database.

    My questions are:
    How can the Sitefinity client authenticate with the api?
    How can Sitefinity users be authorised in the api?
    There are plans to create mobile applications which will hit the api directly; Sitefintiy users will need to be authenticated in the api. How could this work?

    Approaches I’ve considered include writing a custom membership provider to be used in the CMS that will point to a custom database that will hold user information. The api will use this database directly to authenticate.

    Alternatively, either the api or the CMS could be the identity server that the other will authenticate against, but I’m not sure how to configure this – there doesn’t appear to be anything in the documentation that caters for this scenario.

    Any help anyone can provide would be most welcome.


1 posts, 0 answered