We are starting work on a Sitefinity CMS site and are having
difficulty in conceptualising how the authentication will hang together.
The site will make extensive use of custom components that
will call into our own (still in development) AspNet Web Api. This api
currently supports OAuth 2.0 and acts as its own authorisation server – this enables
a client to pass a user’s credentials to the api and receive an access token to
be used in subsequent api requests. The api provides access to an existing
production Sql Server database.
Now that we have started work on the Sitefinity CMS site it’s
apparent that a set of users is maintained in the CMS database and the
application uses OpenId Connect.
On registration, a CMS user will need to be associated with a user in the existing sql server database.
My questions are:
How can the Sitefinity client authenticate with the api?
How can Sitefinity users be authorised in the api?
There are plans to create mobile applications which will hit
the api directly; Sitefintiy users will need to be authenticated in the api.
How could this work?
Approaches I’ve considered include writing a custom
membership provider to be used in the CMS that will point to a custom database
that will hold user information. The api will use this database directly to
Alternatively, either the api or the CMS could be the
identity server that the other will authenticate against, but I’m not sure how
to configure this – there doesn’t appear to be anything in the documentation
that caters for this scenario.
Any help anyone can provide would be most welcome.