Active Directory for Front End Only

Posted by Community Admin on 03-Aug-2018 05:16

Active Directory for Front End Only

All Replies

Posted by Community Admin on 04-May-2014 00:00

Hello,

 I have a site where I want to only use active directory for the front end. For the backend, I want to continue to use the default provider. I went through the process of setting up active directory STS and it works. If I leave the federation URL pointed to localhost, you do get the SF login box where you select Default or LDAP. However, I would like it to log you in automatically if you visit a front-end page that requires a specific LDAP group.

Is this possible? The main reason is that many of my active directory users will be backend users but only use it rarely. They will visit the website every day and if they are automatically logged in, we will quickly exceed the 5 concurrent user login limit even though they aren't using the backend tools. My plan would be is they would have a different login for the backend.

Posted by Community Admin on 06-May-2014 00:00

I wanted to post what I've done in the interim to see if there is a long-term issue associated with it.

I setup active directory as a Sitefinity provider but I left the URL in the federation tag of the web.config as localhost. I think created a front-end login page that detects if the person is logged in. If the person is not logged in, I redirect them to my STS AD site and they get returned correctly logged in. There is a log out button on the front end and if the person navigates to /Sitefinity, they can login with their Sitefinity default provider login to update content.

Posted by Community Admin on 07-May-2014 00:00

Hello Jonathan,

In order to use Active Directory only on the frontend you can just setup your Ladp settings and then tell your frontend Login widget to only use the Ldap provider (by default its named "LdapUsers") from its Advanced section - see image for reference.

If  you have configured the STS, you might need to disable it, since it is used mostly when you would like to achieve Windows authentication (Single Sign On) by using the user's Windows credentials when he accesses any part of the backend (~/Sitefinity/someurl). You can disable this if you do not want your users to automatically authenticate in the backend. The authentication on the frontend will still work with the AD users since it works separately from the backend one. 

This way you can achieve AD authentication on the frontend, while using the Default Sitefinity provider for the backend login.


Regards,
Nikola Zagorchev
Telerik

 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

Posted by Community Admin on 26-May-2015 00:00

Nikola, isn't your method forcing the administrator to have their users login manually? I think what Jonathan is asking is exactly what we are trying to implement. We would like to utilize Windows SSO on the front end without having to associate roles with specific CNs in our Active Directory. Is this possible?

Posted by Community Admin on 29-May-2015 00:00

Hi Gerald,

By default, the users from the ldap will be frontend users only, since they will not have any roles mapped or ability to access the backend of Sitefinity. If you have the provider on place and the STS configured, you should be able to login with the windows identity.

Regards,
Nikola Zagorchev
Telerik

 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

Posted by Community Admin on 17-Aug-2017 00:00


Greetings,
I am new to Sitefinity, in my company all of our users are in AD and as per our IT policy to implement SSO with Windows Authentication for all the implemented systems. 
Therefore I need to implement SSO with Windows authentication, I have followed the documentation and I managed to make it work for the backend with SSO. 
However I need to implement it for the frontend as well, but when I added the Login widget and set its provider to LdapUsers it authenticates the users but users have to supply their credentials but SSO doesn't work like the backend login. We need the website to recognize the users automatically (SSO) without them pressing anything or providing their credentials. 
So, any help on how to do that. 


Thanks in advance. 






This thread is closed