IIS Authentication Modes

Does Sitefinity 4 only support a single authentication method?  I receive this error when enabling both 'anonymous' and 'windows authentication' is enabled.

WebHost failed to process a request.

 Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/50611656

 Exception: System.ServiceModel.ServiceActivationException: The service '/sitename/Sitefinity/Services/Pages/PagesService.svc' cannot be activated due to an exception during compilation.  The exception message is: IIS specified authentication schemes 'IntegratedWindowsAuthentication, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.. --->

Hi Preston Cooksey,

Thank you for using our services.

The Sitefinity 4.0 back-end relies entirely on RESTful services to retrieve and operate with data. We are using WCF services everywhere and the error you are experiencing is coming from there. This limitation is not from Sitefinity. If you wish to work with Windows Authentication and WCF services you will have to disable Anonymous.

Sincerely yours,
Radoslav Georgiev
the Telerik team

I think Windows Authentication is the root of my problem though.  Please refer to this thread http://www.sitefinity.com/devnet/forums/sitefinity-4-x/general-discussions/4-0-installation-quirks.aspx .  In IIS 6, when I have the site in Windows Authentication mode only, I get 'page cannot be found' when trying to access many sections of the Admin (screenshots in the other thread).  When anonymous mode only is selected, I can create pages just fine.

Will this issue be fixed with the final version?  I am still unable to enable both windows integrated authentication and anonymous at the same time in IIS6.

Hi Preston,

Thank you for getting back to us.

We are currently in the process of switching the Sitefinity 4.0 project to .NET 4.0 and with this switch we are also going to switch to the new version of WCF services. If this problem is resolved in the new version of WCF services you will be able to use them with both types of authentication.

Best wishes,
Radoslav Georgiev
the Telerik team

If the project is being switched to .NET 4, and we then move that code to our servers that only support 3.5 sp1., will that resolve our issue?

Hi Preston,

Your server should support .NET 4.0, otherwise I am afraid you will not be able to host the project on this server.

Best wishes,
Radoslav Georgiev
the Telerik team

Thanks for the reply,

While our servers are capable of 4.0, it is not installed on the server.  Since our production servers are shared and maintained by another group (which I do not have direct access to), there will be an approval process that is required prior to having 4.0 installed.  I cannot say for sure when that will occur.   I am not sure what our immediate options will be.

Dear sirs,
I was experiencing the same problem, and then I disabled Anonymous access. Now I get a 404 error everytime, even after I reverted the authentication to the original settings. Right now I have

Hi Bernardo,

Below are the valid Authentication settings for IIS 7

• Anonymous authentication - Enabled
• ASP.NET Impersonation - Disabled
• Basic Authentication - Disabled
• Digest Authentication - Disabled
• Forms Authentication - Enabled
• Windows Authentiation - Disabled

After putting those settings, I still get a 404. Can you have a look at the website? www.catcsjb.info/Sitefinity

If you need aditional credentials, please email me at bernardocaldas@gmail.com.

Thank you in advance,
Bernardo

Hello Bernardo,

You can take a look at the video attached where we show how to create a Sitefinity project on IIS and what configurations need to be done.

Regards,
Radoslav Georgiev
the Telerik team

Are federated authentication types (external STS, ADFS - IClaimsPrincipal) natively supported for site projects?

Hello Andrew D,

We do not support these types of Authentication. We have LDAP, Standard ASP.NET Membership and Role provides. SSO is in our TODO list.

Greetings,
Ivan Dimitrov
the Telerik team

Hi, is that true? if we need to authenticate users in a website that is hosted in Sitefinity (not the Admin Backend) we cannot use an STS (ws-federation, Claims Principal, etc)?

Please confirm if this is the case with the latest version (4.1 sp1).

Thanks in advance,

Andrés.

Hello Andres,

We confirm we do not have implementation for STS. What's in our current plans is to have Windows NTLM authentication for the next offical release Q2.

All the best,
Nikolay Datchev
the Telerik team

I can't seem to find anything in the Public Issue Tracking system for NTLM  or ADFS...

Can you tell me the current status of this feature?

Thanks,
Jason.

Hello Jason,

Unfortunately we hit road blockers and most probably, NTLM auth. will be dropped for the plan of 4.2. The issues are related to WCF and WWF. We are currently looking for solutions.

The current roadmap has Windows authentication set for version 5 due to release next month. Will this include federation support with ADFS and if not can it be added to the enhancement list?

Hello Michael,

This is planned, but will not be supported for the first version of the feature. More information on the feature, is available here - http://www.sitefinity.com/blogs/radoslavgeorgiev/posts/12-01-18/windows_authentication_and_single_sign-on_come_to_sitefinity.aspx 
Documentation on the feature is available with the preview build, which you can download from your account.