Backend access without login prompt.
We are running SF 6.0.4210.0. We've successfully configured STS based auth using windows/ldap.
We are able to login to backend using either Default or LdapUsers Authentication provider.
What we need is to be able to auto-login to the backend without a login prompt (authenticate to backend thru LdapUsers, aka windows based authentication).
How do we configure this in Sitefinity 6.0?
This post is on behalf of Grimco, Inc. (a fully licensed Sitefinity user).
Thx...Bob Baldwin
Trabon Solutions
Hello Bob,
Please check the documentation on SSO with Windows authentication.
Regards,Thanks for your response, Bilyana.
Weird...last week we followed the SSO Windows Auth directions precisely and were still being prompted with the backend login page. Now today, it is auto logging into the backend using our Windows login. We wonder why it suddenly changed?
On a somewhat related note, can we get a .Net 4.5 version of the following zip:
SitefinityStsWebApp_6.0.4200.0
We have our SF site running in Visual Studio 2012 with .Net 4.5 but the STS seems to be based on Microsoft.IdentityModel which is specific to 3.5/4.0. For 4.5, the IdentityModel has been integrated directly into the System namespace and has been refactored. The project in the zip upgrades okay to 4.5 but is still dependent on the 3.5/4.0 Microsoft.IdentityModel.dll. We would like to have everything running in .Net 4.5 mode if possible.
This post is on behalf of Grimco, Inc., a licensed SF user.
Thanks...Bob Baldwin
Trabon Solutions
Bilyana,
Additionally, we have the SSO with Windows auth working where both the STS site and the SF site are on the same developer workstation/IIS. When, we move the STS site to a server and point the wsFederation issuer entry in the SF site web.config to the server STS site, we are getting a redirect loop error in the browser.
Is this supported where the STS site is on a different computer from the SF site?
I've attached the error screenshot.
Thanks...Bob Baldwin
Trabon Solutions
Hi Bob,
It seems like Sitefinity is a relying party to the STS and the STS is a relying party to Sitefinity, and this is why the redirect loop occurs. Can you check for the following
Hi Svetla,
We have SSO with Windows auth working when the user logs in to the SF backend from a domain computer inside the Intranet. However, when the user connects to the domain via a VPN, after being prompted for the domain\userid and password, Chrome returns a redirect loop error and IE returns "This page can't be displayed".
We've followed the doc for SSO with Windows exactly. Also, we have the STS site configured with Basic and Windows auth enabled.
At the bottom of this post is the SF & STS web config files as well as the SecurityConfig.config file. We also will attach a couple of screen shot of the redirect loop errors.
We've been able to recreate this issue from a test SF site using your STS site from the zip file.
Sorry, but we need help with this immediately, because we are up against a milestone deliverable and the client will test thru the VPN.
We are posting this request on behalf of a fully licensed SF org.
Thanks...Bob Baldwin
Trabon Solutions
Cell 816-520-9339
SF web.config
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<configSections>
<section requirePermission="false" name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<!--<sectionGroup name="telerik">
<section name="sitefinity" type="Telerik.Sitefinity.Configuration.SectionHandler, Telerik.Sitefinity" requirePermission="false" />
</sectionGroup>-->
<sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false"/>
<section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false"/>
</sectionGroup>
</configSections>
<appSettings>
<add key="TestLocalization" value="false"/>
<add key="enableSimpleMembership" value="false"/>
</appSettings>
<system.web.webPages.razor>
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<pages pageBaseType="System.Web.Mvc.WebViewPage">
<namespaces>
<add namespace="System.Web.Mvc"/>
<add namespace="System.Web.Mvc.Ajax"/>
<add namespace="System.Web.Mvc.Html"/>
<add namespace="System.Web.Routing"/>
</namespaces>
</pages>
</system.web.webPages.razor>
<location path="Sitefinity/CMIS/RestAtom">
<system.web>
<httpRuntime maxRequestLength="6048000" executionTimeout="7200" maxUrlLength="102400" maxQueryStringLength="102400" requestValidationType="Telerik.Sitefinity.Security.Claims.CustomRequestValidator, Telerik.Sitefinity"/>
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483648"/>
</requestFiltering>
</security>
</system.webServer>
</location>
<location path="Telerik.Sitefinity.Html5UploadHandler.ashx">
<system.web>
<httpRuntime maxRequestLength="6048000" executionTimeout="7200" maxUrlLength="102400" maxQueryStringLength="102400" requestValidationType="Telerik.Sitefinity.Security.Claims.CustomRequestValidator, Telerik.Sitefinity"/>
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483648"/>
<!--2GB-->
</requestFiltering>
</security>
</system.webServer>
</location>
<!--
For a description of web.config changes for .NET 4.5 see go.microsoft.com/.../
The following attributes can be set on the <httpRuntime> tag.
<system.Web>
<httpRuntime targetFramework="4.5" />
</system.Web>
-->
<system.web>
<httpRuntime maxRequestLength="102400" maxUrlLength="102400" maxQueryStringLength="10000" requestValidationType="Telerik.Sitefinity.Security.Claims.CustomRequestValidator, Telerik.Sitefinity"/>
<siteMap defaultProvider="SitefinitySiteMap">
<providers>
<add name="SitefinitySiteMap" type="Telerik.Sitefinity.Web.SitefinitySiteMap, Telerik.Sitefinity"/>
</providers>
</siteMap>
<roleManager enabled="false"/>
<membership defaultProvider="Default">
<providers>
<clear/>
<add name="Default" type="Telerik.Sitefinity.Security.Data.SitefinityMembershipProvider, Telerik.Sitefinity"/>
</providers>
</membership>
<globalization uiCulture="auto" culture="auto" resourceProviderFactoryType="Telerik.Sitefinity.Localization.ExtendedResourceProviderFactory, Telerik.Sitefinity"/>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" targetFramework="4.5" numRecompilesBeforeAppRestart="50">
<assemblies>
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<add assembly="WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add assembly="PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</assemblies>
<buildProviders>
<remove extension=".svc"/>
<add extension=".svc" type="System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</buildProviders>
</compilation>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="None"/>
<customErrors mode="Off"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<pages controlRenderingCompatibilityVersion="4.0">
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI"/>
<add tagPrefix="sitefinity" namespace="Telerik.Sitefinity.Web.UI.Fields" assembly="Telerik.Sitefinity"/>
</controls>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" validate="false" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler, Telerik.Web.UI"/>
<add verb="*" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.Upload.RadUploadProgressHandler, Telerik.Web.UI"/>
<add verb="*" path="Telerik.Sitefinity.FilesDownloadHandler.ashx" type="Telerik.Sitefinity.Modules.Files.FilesDownloadHandler, Telerik.Sitefinity"/>
<add verb="*" path="Telerik.Sitefinity.ExportSubscribersHttpHandler.ashx" type="Telerik.Sitefinity.Modules.Newsletters.Web.ExportSubscribersHttpHandler, Telerik.Sitefinity"/>
<add verb="*" path="Telerik.Sitefinity.LibrariesRadUploadHandler.ashx" type="Telerik.Sitefinity.Modules.Libraries.Web.LibrariesRadUploadHandler, Telerik.Sitefinity"/>
<add verb="*" path="Telerik.Sitefinity.Html5UploadHandler.ashx" type="Telerik.Sitefinity.Modules.Libraries.Web.Html5UploadHandler, Telerik.Sitefinity"/>
<add verb="*" path="Telerik.Sitefinity.ThumbnailUploadHandler.ashx" type="Telerik.Sitefinity.Modules.Libraries.Web.ThumbnailUploadHandler, Telerik.Sitefinity"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
<add verb="*" validate="false" path="Telerik.Web.UI.DialogHandler.axd" type="Telerik.Web.UI.DialogHandler, Telerik.Web.UI"/>
<add verb="*" path="Telerik.Sitefinity.AsyncImageUploadHandler.ashx" type="Telerik.Sitefinity.Modules.Libraries.Web.AsyncImageUploadHandler, Telerik.Sitefinity"/>
<add verb="*" path="Telerik.Sitefinity.AsyncFileUploadHandler.ashx" type="Telerik.Sitefinity.Workflow.AsyncFileUploadHandler, Telerik.Sitefinity"/>
<add verb="*" path="Telerik.Sitefinity.AsyncToolsetXmlUploadHandler.ashx" type="Telerik.Sitefinity.Configuration.Web.Services.AsyncToolsetXmlUploadHandler, Telerik.Sitefinity"/>
<add verb="*" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" validate="false"/>
<add path="Telerik.Web.UI.DialogHandler.aspx" verb="*" type="Telerik.Web.UI.DialogHandler" validate="false"/>
<add verb="*" path="Telerik.ReportViewer.axd" type="Telerik.ReportViewer.WebForms.HttpHandler, Telerik.ReportViewer.WebForms"/>
</httpHandlers>
<httpModules>
<remove name="FormsAuthentication"/>
<remove name="RoleManager"/>
<add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="SitefinityClaimsAuthenticationModule" type="Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule, Telerik.Sitefinity"/>
<add name="Sitefinity" type="Telerik.Sitefinity.Web.SitefinityHttpModuleIIS6, Telerik.Sitefinity"/>
<add name="SessionAuthenticationModule" type="Telerik.Sitefinity.Security.Claims.SitefinitySessionAuthenticationModule, Telerik.Sitefinity"/>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule, Telerik.Web.UI"/>
<add name="SitefinityAnalyticsModule" type="Telerik.Sitefinity.Analytics.Server.DependencyResolution.Module.DependencyRegistrarHttpModule, Telerik.Sitefinity.Analytics.Server.DependencyResolution"/>
</httpModules>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<security mode="None"/>
</binding>
<!-- note: To enable https/SSL support for the Analytics module, uncomment this binding -->
<!--<binding name="webBinding" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>-->
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="SitefinityWebApp.Sitefinity.Services.Content.EventsAspNetAjaxBehavior">
<enableWebScript/>
</behavior>
<behavior name="EndpBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<!--<openAccessWorkflowTracking applicationName="/workflow" />-->
</behavior>
<behavior name="Telerik.Sitefinity.Analytics.Infrastructure.Services.AnalyticsPermissionsServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="Telerik.Sitefinity.Analytics.Server.GoogleAnalyticsPlugin.Services.AccountsServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.DashboardDataBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.MapDataServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="Telerik.Sitefinity.Web.Services.LocalizationBehavior"/>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="SitefinityWebApp.Sitefinity.Services.Content.Events">
<endpoint address="" behaviorConfiguration="SitefinityWebApp.Sitefinity.Services.Content.EventsAspNetAjaxBehavior" binding="webHttpBinding" contract="SitefinityWebApp.Sitefinity.Services.Content.Events"/>
</service>
<service behaviorConfiguration="Telerik.Sitefinity.Analytics.Infrastructure.Services.AnalyticsPermissionsServiceBehavior" name="Telerik.Sitefinity.Analytics.Infrastructure.Services.AnalyticsPermissionsService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding" contract="Telerik.Sitefinity.Analytics.Infrastructure.Services.AnalyticsPermissionsService"/>
<!-- note: To enable https/SSL support for the Analytics module, uncomment this endpoint -->
<!--<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="webBinding"
contract="Telerik.Sitefinity.Analytics.Infrastructure.Services.AnalyticsPermissionsService"/>-->
</service>
<service behaviorConfiguration="Telerik.Sitefinity.Analytics.Server.GoogleAnalyticsPlugin.Services.AccountsServiceBehavior" name="Telerik.Sitefinity.Analytics.Server.GoogleAnalyticsPlugin.Services.AccountsService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding" contract="Telerik.Sitefinity.Analytics.Server.GoogleAnalyticsPlugin.Services.AccountsService"/>
<!-- note: To enable https/SSL support for the Analytics module, uncomment this endpoint -->
<!--<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="webBinding"
contract="Telerik.Sitefinity.Analytics.Server.GoogleAnalyticsPlugin.Services.AccountsService"/>-->
</service>
<service behaviorConfiguration="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.DashboardDataBehavior" name="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.DashboardData">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding" contract="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.DashboardData"/>
<!-- note: To enable https/SSL support for the Analytics module, uncomment this endpoint -->
<!--<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="webBinding"
contract="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.DashboardData"/>-->
</service>
<service behaviorConfiguration="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.MapDataServiceBehavior" name="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.MapDataService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding" contract="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.MapDataService"/>
<!-- note: To enable https/SSL support for the Analytics module, uncomment this endpoint -->
<!--<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="webBinding"
contract="Telerik.Sitefinity.Analytics.Server.Infrastructure.Services.MapDataService" />-->
</service>
<service behaviorConfiguration="ServiceBehavior" name="SitefinityWebApp.Authenticate">
<endpoint address="" behaviorConfiguration="EndpBehavior" binding="webHttpBinding" contract="SitefinityWebApp.IAuthenticate"/>
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/>
<remove name="UrlRoutingModule"/>
<remove name="ScriptModule"/>
<remove name="RadUploadModule"/>
<remove name="Sitefinity"/>
<remove name="SitefinityAnalyticsModule"/>
<remove name="FormsAuthentication"/>
<remove name="RoleManager"/>
<add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="SitefinityClaimsAuthenticationModule" type="Telerik.Sitefinity.Security.Claims.SitefinityClaimsAuthenticationModule, Telerik.Sitefinity"/>
<add name="Sitefinity" type="Telerik.Sitefinity.Web.SitefinityHttpModule, Telerik.Sitefinity"/>
<add name="SessionAuthenticationModule" type="Telerik.Sitefinity.Security.Claims.SitefinitySessionAuthenticationModule, Telerik.Sitefinity"/>
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule, Telerik.Web.UI"/>
<add name="SitefinityAnalyticsModule" type="Telerik.Sitefinity.Analytics.Server.DependencyResolution.Module.DependencyRegistrarHttpModule, Telerik.Sitefinity.Analytics.Server.DependencyResolution"/>
</modules>
<handlers>
<remove name="WebDAV"/>
<remove name="ScriptHandlerFactory"/>
<remove name="ScriptHandlerFactoryAppServices"/>
<remove name="ScriptResource"/>
<remove name="UrlRoutingHandler"/>
<remove name="WildCard"/>
<remove name="WildCard32"/>
<remove name="Telerik.Web.UI.DialogHandler"/>
<remove name="Telerik.RadUploadProgressHandler"/>
<remove name="Telerik.Sitefinity.FilesDownloadHandler"/>
<remove name="Telerik.Sitefinity.ExportSubscribersHttpHandler"/>
<remove name="Telerik.Sitefinity.LibrariesRadUploadHandler"/>
<remove name="Telerik.Sitefinity.Html5UploadHandler"/>
<remove name="Telerik.Sitefinity.AsyncImageUploadHandler"/>
<remove name="Telerik.Sitefinity.AsyncFileUploadHandler"/>
<remove name="Telerik.Sitefinity.AsyncToolsetXmlUploadHandler"/>
<remove name="Telerik.Web.UI.SpellCheckHandler"/>
<remove name="Telerik_Web_UI_WebResource_axd"/>
<remove name="Telerik_Web_UI_DialogHandler_aspx"/>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add name="WildCard" path="*" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv4.0,bitness64"/>
<add name="WildCard32" path="*" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,runtimeVersionv4.0,bitness32"/>
<add name="Telerik.Web.UI.DialogHandler" path="Telerik.Web.UI.DialogHandler.axd" verb="*" type="Telerik.Web.UI.DialogHandler, Telerik.Web.UI"/>
<add name="Telerik.RadUploadProgressHandler" path="Telerik.RadUploadProgressHandler.ashx" verb="*" type="Telerik.Web.UI.Upload.RadUploadProgressHandler, Telerik.Web.UI"/>
<add name="Telerik.Sitefinity.FilesDownloadHandler" path="Telerik.Sitefinity.FilesDownloadHandler.ashx" verb="*" type="Telerik.Sitefinity.Modules.Files.FilesDownloadHandler, Telerik.Sitefinity"/>
<add name="Telerik.Sitefinity.ExportSubscribersHttpHandler" path="Telerik.Sitefinity.ExportSubscribersHttpHandler.ashx" verb="*" type="Telerik.Sitefinity.Modules.Newsletters.Web.ExportSubscribersHttpHandler, Telerik.Sitefinity"/>
<add name="Telerik.Sitefinity.LibrariesRadUploadHandler" path="Telerik.Sitefinity.LibrariesRadUploadHandler.ashx" verb="*" type="Telerik.Sitefinity.Modules.Libraries.Web.LibrariesRadUploadHandler, Telerik.Sitefinity"/>
<add name="Telerik.Sitefinity.Html5UploadHandler" path="Telerik.Sitefinity.Html5UploadHandler.ashx" verb="*" type="Telerik.Sitefinity.Modules.Libraries.Web.Html5UploadHandler, Telerik.Sitefinity"/>
<add name="Telerik.Sitefinity.ThumbnailUploadHandler" path="Telerik.Sitefinity.ThumbnailUploadHandler.ashx" verb="*" type="Telerik.Sitefinity.Modules.Libraries.Web.ThumbnailUploadHandler, Telerik.Sitefinity"/>
<add name="Telerik.Sitefinity.AsyncImageUploadHandler" path="Telerik.Sitefinity.AsyncImageUploadHandler.ashx" verb="*" type="Telerik.Sitefinity.Modules.Libraries.Web.AsyncImageUploadHandler, Telerik.Sitefinity"/>
<add name="Telerik.Sitefinity.AsyncFileUploadHandler" path="Telerik.Sitefinity.AsyncFileUploadHandler.ashx" verb="*" type="Telerik.Sitefinity.Workflow.AsyncFileUploadHandler, Telerik.Sitefinity"/>
<add name="Telerik.Sitefinity.AsyncToolsetXmlUploadHandler" path="Telerik.Sitefinity.AsyncToolsetXmlUploadHandler.ashx" verb="*" type="Telerik.Sitefinity.Configuration.Web.Services.AsyncToolsetXmlUploadHandler, Telerik.Sitefinity"/>
<add name="Telerik.Web.UI.SpellCheckHandler" verb="*" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler, Telerik.Web.UI"/>
<add name="Telerik_Web_UI_WebResource_axd" verb="*" path="Telerik.Web.UI.WebResource.axd" preCondition="integratedMode" type="Telerik.Web.UI.WebResource"/>
<add name="Telerik_Web_UI_DialogHandler_aspx" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler"/>
<add name="Telerik.ReportViewer.axd_*" verb="*" preCondition="integratedMode" path="Telerik.ReportViewer.axd" type="Telerik.ReportViewer.WebForms.HttpHandler, Telerik.ReportViewer.WebForms"/>
</handlers>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="31.00:00:00"/>
</staticContent>
<urlCompression doDynamicCompression="true" doStaticCompression="true" dynamicCompressionBeforeCache="false"/>
<security>
<requestFiltering>
<requestLimits maxQueryString="10000"/>
</requestFiltering>
</security>
</system.webServer>
<microsoft.identityModel>
<service>
<claimsAuthenticationManager type="Telerik.Sitefinity.Security.Claims.SFClaimsAuthenticationManager, Telerik.Sitefinity"/>
<securityTokenHandlers>
<add type="Telerik.Sitefinity.Security.Claims.SWT.SWTSecurityTokenHandler, Telerik.Sitefinity"/>
</securityTokenHandlers>
<audienceUris mode="Never"/>
<federatedAuthentication>
<!-- <wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="false"/> -->
<wsFederation passiveRedirectEnabled="true" issuer="ts-dev094/.../mysts.ashx" realm="http://ts-dev094/STSTest" requireHttps="false"/>
<cookieHandler requireSsl="false"/>
</federatedAuthentication>
<issuerNameRegistry type="Telerik.Sitefinity.Security.Claims.CustomIssuerNameRegistry, Telerik.Sitefinity">
<trustedIssuers/>
</issuerNameRegistry>
<issuerTokenResolver type="Telerik.Sitefinity.Security.Claims.SWT.WrapIssuerTokenResolver, Telerik.Sitefinity"/>
</service>
</microsoft.identityModel>
<!-- Begin telerik section -->
<!--<telerik>
<sitefinity>
<environment platform="WindowsAzure"/>
<sitefinityConfig storageMode="Database" />
</sitefinity>
</telerik>-->
<!-- End telerik section -->
</configuration>
STS web.config
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="ts-dev094/.../" value="DCE5858CB7F336080AA41D7582ECC0D76C9F1DB983F39FF1E431190CF219A022"/>
<add key="http://ts-dev094/STSTest/" value="C63F0154357F2EBC5B7B564A04E130FA906DE16A39335956038B0571537843FC"/>
</appSettings>
<system.web>
<authentication mode="Windows"/>
<compilation debug="true" targetFramework="4.5">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
</assemblies>
</compilation>
<httpRuntime maxUrlLength="102400" maxQueryStringLength="102400" maxRequestLength="102400"/>
<pages controlRenderingCompatibilityVersion="4.0"/>
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxQueryString="7200"/>
</requestFiltering>
</security>
<handlers>
<add name="SimpleWebToken" verb="*" path="mysts.ashx" type="SimpleWebTokenHandler"/>
</handlers>
</system.webServer>
</configuration>
SecurityConfig.config
<?xml version="1.0" encoding="utf-8"?>
<securityConfig xmlns:config="urn:telerik:sitefinity:configuration" xmlns:type="urn:telerik:sitefinity:configuration:type" config:version="6.0.4210.0" authCookieName=".SFAUTH-STSTest" rolesCookieName=".SFROLES-STSTest" validationKey="3718F4D9385C0ABB34328516940E9F626B4661C67AAF9EA1FEAEB1BA002F869CB0C9180D31DCFDA124474068AF47E972A7D37C71E3D129515119EFD06A847309" decryptionKey="F0F3171E924DF9C59122FF0D9F8595916F2577DD6ABB9FEA4016F1DD7977BADB" loggingCookieName=".SFLOG-STSTest">
<securityTokenIssuers>
<add key="C63F0154357F2EBC5B7B564A04E130FA906DE16A39335956038B0571537843FC" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
<add key="C63F0154357F2EBC5B7B564A04E130FA906DE16A39335956038B0571537843FC" encoding="Hexadecimal" membershipProvider="LdapUsers" realm="ts-dev094/.../mysts.ashx" />
</securityTokenIssuers>
<relyingParties>
<add key="C63F0154357F2EBC5B7B564A04E130FA906DE16A39335956038B0571537843FC" encoding="Hexadecimal" realm="http://localhost" />
</relyingParties>
<permissions>
<config:link name="Blog" path="blogsConfig/permissions/Blog" module="Blogs" />
<config:link name="BlogPost" path="blogsConfig/permissions/BlogPost" module="Blogs" />
<config:link name="List" path="listsConfig/permissions/List" module="Lists" />
<config:link name="ListItem" path="listsConfig/permissions/ListItem" module="Lists" />
<permission title="Dynamic field permissions" description="Represents the permissions for dynamic fields." loginUrl="~/Sitefinity/Login" ajaxLoginUrl="~/Sitefinity/Login/Ajax" name="DynamicFields">
<actions>
<add title="View 0" description="Allows or denies viewing a dynamic field." type="View" name="View" />
<add title="Modify 0" description="Allows or denies changes to existing dynamic field." type="Modify" name="Modify" />
<add title="Change a 0 permissions" description="Allows or denies changing the permissions of a dynamic field." type="ChangePermissions" name="ChangePermissions" />
</actions>
</permission>
<permission title="ForumGroupPermissions" description="ForumPermissionsDescription" resourceClassId="ForumsResources" loginUrl="~/Sitefinity/Login" ajaxLoginUrl="~/Sitefinity/Login/Ajax" name="ForumGroup">
<actions>
<add title="CreateForumGroupAction" description="CreateForumGroupActionDescription" resourceClassId="ForumsResources" type="Create" name="CreateGroup" />
<add title="ModifyForumGroupAction" description="ModifyForumGroupActionDescription" resourceClassId="ForumsResources" type="Modify" name="ModifyGroup" />
<add title="DeleteForumGroupAction" description="DeleteForumGroupActionDescription" resourceClassId="ForumsResources" type="Delete" name="DeleteGroup" />
<add title="ChangeGroupPermissionsAction" description="ChangeGroupPermissionsActionDescription" resourceClassId="ForumsResources" type="ChangePermissions" name="ChangePermissions" />
</actions>
</permission>
<permission title="ForumPermissions" description="ForumPermissionsDescription" resourceClassId="ForumsResources" loginUrl="~/Sitefinity/Login" ajaxLoginUrl="~/Sitefinity/Login/Ajax" name="Forum">
<actions>
<add title="ViewForumAction" description="ViewForumActionDescription" resourceClassId="ForumsResources" type="View" name="ViewForum" />
<add title="CreateForumAction" description="CreateForumActionDescription" resourceClassId="ForumsResources" type="Create" name="CreateForum" />
<add title="ModifyForumAction" description="ModifyForumActionDescription" resourceClassId="ForumsResources" type="Modify" name="ModifyForum" />
<add title="DeleteForumAction" description="DeleteForumActionDescription" resourceClassId="ForumsResources" type="Delete" name="DeleteForum" />
<add title="CreateThreadAction" description="CreateThreadActionDescription" resourceClassId="ForumsResources" type="Create" name="CreateThread" />
<add title="ModifyThreadAction" description="ModifyThreadActionDescription" resourceClassId="ForumsResources" type="Modify" name="ModifyThread" />
<add title="ManageThreadAction" description="ManageThreadActionDescription" resourceClassId="ForumsResources" type="Modify" name="ManageThread" />
<add title="DeleteThreadAction" description="DeleteThreadActionDescription" resourceClassId="ForumsResources" type="Delete" name="DeleteThread" />
<add title="CreatePostAction" description="CreatePostActionDescription" resourceClassId="ForumsResources" type="Create" name="CreatePost" />
<add title="ModifyPostAction" description="ModifyPostActionDescription" resourceClassId="ForumsResources" type="Modify" name="ModifyPost" />
<add title="DeletePostAction" description="DeletePostActionDescription" resourceClassId="ForumsResources" type="Delete" name="DeletePost" />
<add title="ChangeForumPermissionsAction" description="ChangeForumPermissionsActionDescription" resourceClassId="ForumsResources" type="ChangePermissions" name="ChangePermissions" />
</actions>
</permission>
</permissions>
<customPermissionsDisplaySettings>
<customSet setName="General">
<securedObjectCustomPermissionSets>
<config:link typeName="Telerik.Sitefinity.News.Model.NewsItem, Telerik.Sitefinity.ContentModules" path="newsConfig/customPermissionsDisplaySettings/General/securedObjectCustomPermissionSets/Telerik.Sitefinity.News.Model.NewsItem, Telerik.Sitefinity.ContentModules" module="News" />
<config:link typeName="Telerik.Sitefinity.Blogs.Model.Blog" path="blogsConfig/customPermissionsDisplaySettings/General/securedObjectCustomPermissionSets/Telerik.Sitefinity.Blogs.Model.Blog" module="Blogs" />
<config:link typeName="Telerik.Sitefinity.Events.Model.Event" path="eventsConfig/customPermissionsDisplaySettings/General/securedObjectCustomPermissionSets/Telerik.Sitefinity.Events.Model.Event" module="Events" />
</securedObjectCustomPermissionSets>
</customSet>
<customSet setName="Blog">
<securedObjectCustomPermissionSets>
<config:link typeName="Telerik.Sitefinity.Blogs.Model.Blog" path="blogsConfig/customPermissionsDisplaySettings/Blog/securedObjectCustomPermissionSets/Telerik.Sitefinity.Blogs.Model.Blog" module="Blogs" />
</securedObjectCustomPermissionSets>
</customSet>
<customSet setName="BlogPost">
<securedObjectCustomPermissionSets>
<config:link typeName="Telerik.Sitefinity.Blogs.Model.Blog" path="blogsConfig/customPermissionsDisplaySettings/BlogPost/securedObjectCustomPermissionSets/Telerik.Sitefinity.Blogs.Model.Blog" module="Blogs" />
<config:link typeName="Telerik.Sitefinity.Blogs.Model.BlogPost" path="blogsConfig/customPermissionsDisplaySettings/BlogPost/securedObjectCustomPermissionSets/Telerik.Sitefinity.Blogs.Model.BlogPost" module="Blogs" />
</securedObjectCustomPermissionSets>
</customSet>
<customSet setName="List">
<securedObjectCustomPermissionSets>
<config:link typeName="Telerik.Sitefinity.Lists.Model.List" path="listsConfig/customPermissionsDisplaySettings/List/securedObjectCustomPermissionSets/Telerik.Sitefinity.Lists.Model.List" module="Lists" />
</securedObjectCustomPermissionSets>
</customSet>
<customSet setName="ListItem">
<securedObjectCustomPermissionSets>
<config:link typeName="Telerik.Sitefinity.Lists.Model.List" path="listsConfig/customPermissionsDisplaySettings/ListItem/securedObjectCustomPermissionSets/Telerik.Sitefinity.Lists.Model.List" module="Lists" />
<config:link typeName="Telerik.Sitefinity.Lists.Model.ListItem" path="listsConfig/customPermissionsDisplaySettings/ListItem/securedObjectCustomPermissionSets/Telerik.Sitefinity.Lists.Model.ListItem" module="Lists" />
</securedObjectCustomPermissionSets>
</customSet>
<customSet setName="ForumGroup">
<securedObjectCustomPermissionSets>
<securedObjectType typeName="Telerik.Sitefinity.Forums.Model.ForumGroup">
<customSecurityActions>
<customSecurityAction showActionInList="False" name="CreateGroup" />
<customSecurityAction showActionInList="True" title="ModifyThisGroupAction" resourceClassId="ForumsResources" name="ModifyGroup" />
<customSecurityAction showActionInList="True" title="DeleteThisGroupAction" resourceClassId="ForumsResources" name="DeleteGroup" />
<customSecurityAction showActionInList="True" title="ChangeThisGroupPermissionsAction" resourceClassId="ForumsResources" name="ChangePermissions" />
</customSecurityActions>
</securedObjectType>
</securedObjectCustomPermissionSets>
</customSet>
<customSet setName="Forum">
<securedObjectCustomPermissionSets>
<securedObjectType typeName="Telerik.Sitefinity.Forums.Model.Forum">
<customSecurityActions>
<customSecurityAction showActionInList="False" name="CreateForum" />
<customSecurityAction showActionInList="True" title="ViewThisForumAction" resourceClassId="ForumsResources" name="ViewForum" />
<customSecurityAction showActionInList="True" title="ModifyThisForumAction" resourceClassId="ForumsResources" name="ModifyForum" />
<customSecurityAction showActionInList="True" title="DeleteThisForumAction" resourceClassId="ForumsResources" name="DeleteForum" />
<customSecurityAction showActionInList="True" title="ChangeThisForumPermissionsAction" resourceClassId="ForumsResources" name="ChangePermissions" />
</customSecurityActions>
</securedObjectType>
</securedObjectCustomPermissionSets>
</customSet>
</customPermissionsDisplaySettings>
<applicationRoles>
<role id="cc1ae2ad-880a-4b16-a626-8f2ccccbdf01" name="Everyone" />
<role id="16810381-9770-43fe-b8c1-541bde531236" name="Anonymous" />
<role id="f4b97b14-0489-4433-81d3-70c741207ea4" name="Authenticated" />
<role id="95b25dbe-5c74-4988-8101-ac42d5f417db" name="Owner" />
<role id="23ec5e9e-db64-4550-b65c-39786bfdf41b" name="Administrators" />
<role id="1869465a-0ef1-4d9c-bdb2-20ff5a94ff19" name="BackendUsers" />
<role id="c5f6a7f9-250e-4605-b5f5-9729bc45d603" name="Authors" />
<role id="c13d2fb3-446b-4454-8337-a1ccc597e634" name="Editors" />
<role id="b9ed8874-2299-4265-b2c3-0a2defc5fa2c" name="Designers" />
<role id="9072b879-45c0-4d0f-adcb-d7ba9889a32c" name="Users" />
</applicationRoles>
<roleProviders>
<add enabled="True" name="LdapRoles" />
</roleProviders>
<membershipProviders>
<add enabled="True" name="LdapUsers" />
<config:link name="OpenAccessMembership37Provider" path="migrationModuleConfig/membershipProviders/OpenAccessMembership37Provider" module="Migration" />
</membershipProviders>
<LdapConnections>
<connections>
<LdapConnection serverName="tgdc1" connectionDomain="traboncompanies" connectionUsername="ldapuser" connectionPassword="T!cT@c13" usersDN="DC=traboncompanies, DC=com" rolesDns="DC=traboncompanies, DC=com" name="DefaultLdapConnection" />
</connections>
</LdapConnections>
</securityConfig>
Hi Svetla,
We've figured out why this is happening. It is because the &return_uri= parm in the STS token request must match exactly (case sensitive) the defined virtual directory. For example, we created an IIS Sitefinity application named STSTest, located at http://testserver/STSTest. When browsing to the SF site the user MUST enter STSTest exactly (case sensitive) into the browser address bar. Otherwise if the name does not match exactly, the SF to STS communication gets into a redirect loop and the browser stops.
Is there anyway for your team to change the STS code and/or SF code to ignore case in the return_uri parm and redirect correctly no matter what case the user types the virtual directory into the browser address bar?
This post is on behalf of a fully licensed Sitefinity org.
Thanks...Bob Baldwin
Trabon Solutions
Hi Bob,
Great finding!
Yes it seems that it does deal with virtual directories in a case sensitive fashion.
It looks possible to override this behavior from the STS code, however can I suggest a different idea first. Since users are going to be accessing the site with different urls anyway, wouldn't it be best to make a URL Rewrite so that everything gets to lowercase.
This is also something recommended for SEO as well, so it would make sense to enforce this as per virtual directory, something like that:
<rule name="LowerCaseRule" stopProcessing="true"> <match url="^(Sitefinity/)" ignoreCase="true" negate="true" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="URL" pattern="[A-Z]" ignoreCase="false" /> </conditions> <action type="Redirect" url="ToLower:URL" redirectType="Permanent" /> </rule>Hi ,
I am using sitefinity 7.2 version .How to access Backend Sitefinity page without login prompt. My client requirement he want that he should access backend pages on valid user (Window Authentication)
please reply me as soon as possible
Hi Vakeel,
You have the answer of your question in that forum post.
I hope this helps.
Regards,
Svetoslav Manchev
Telerik