Security

Introduction

EPiServer CMS is designed to meet high standards regarding security features within a wide range of scenarios. Login security in EPiServer is based on the authentication and authorization system uses the built-in membership and role system in ASP.NET. This section provides an overview of security management in EPiServer CMS.

Security management in EPiServer CMS

In the following we describe some common security concerns, and the way they are handled in the EPiServer platform. 

• Authentication and authorization. The authentication in EPiServer CMS is based on the ASP.NET built-in framework for role and membership providers. EPiServer CMS uses a standard API which makes it easy to create your own provider for any type of user database, as well as third-party providers. Note that where and how user credentials are stored, depends entirely on the authentication provider used. The separation of authentication and authorization increases flexibility. Making a call to a provider makes it possible to delegate security operations to a separate machine, thereby increasing scalability. Find out more about this area in the section Authorization and Authentication. Single sign-on and federated claims based authenticaton is also supported.
   
• Injection projection. All code in EPiServer CMS use parameterized APIs to make sure that injection attacks cannot be carried out from untrusted input. There are no code paths in EPiServer CMS that uses untrusted data in XML-related calls.
    
• Cross-site scripting (XSS). In EPiServer CMS, user input is filtered and validated to prevent these issues. Depending on the actual piece of information, HTML encoding is also applied to the outgoing data stream to protect from XSS attacks. The editorial and administrative interfaces are areas where HTML and scripts are sometimes allowed to be posted and used as-is on a web page. Here, EPiServer CMS relies on its authorization features to ensure that only trusted users can provide content.
  
  
• Broken authentication and session management. The authentication and authorization system in EPiServer CMS is based on the ASP.NET built-in framework for role and membership. EPiServer CMS does not rely on any session data, which increases security as well as improves scalability and performance since a browser session does not need server affinity from a security perspective. See also the section Protecting Users From Session Hijacking.
    
• Insecure direct object references. In EPiServer CMS the references always goes through at least one layer of indirection with appropriate access controls in place. 
   
• Cross-site request Forgery (CSRF). EPiServer CMS has a CSRF prevention mechanism that automatically detects forged requests for all system pages. The event validation mechanism in ASP.NET is also enabled for these pages. For the site pages, EPiServer supports and provides optional anti-forgery validation as well as the event validation.
    
• Security misconfiguration. Any configuration in EPiServer CMS is designed with “secure by default” in mind. Strong security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure enough defaults.
    
• Insecure cryptographic storage. EPiServer CMS uses verified, strong algorithms. Only a small part of the EPiServer CMS configuration information may contain sensitive information such as the ”ConnectionStrings” section. This information can optionally be encrypted by the built-in .NET framework features. Other system assets are stored in an SQL database with full support of the native encryption mechanisms of the database.
    
• Failure to restrict URL access. Sensitive areas of EPiServer CMS such as the edit and admin user interfaces, are protected by default with the standard configuration. Information presented on public-facing web pages are subject to authorization based on the content that is displayed. In no case does EPiServer CMS rely on security through a secret URL.
    
• Transport layer protection. The single most common piece of sensitive information that is transmitted on the network are the user credentials (username and password). EPiServer CMS fully supports the use of SSL (HTTPS protocol), and the use of SSL is strongly recommended.
    
• Unvalidated redirects and forwards. There is an absolute minimum of redirects in EPiServer CMS since they are undesirable both from a security standpoint as well as performance. Existing redirects are based on internal data or sanitized information.
    
• Virus protection. EPiServer CMS relies on third-party products for virus protection. Note that files that are uploaded to the asset manager in EPiServer, will never be executed by the system, preventing potential viruses inside files to spread from there to EPiServer.

See also

• Authentication and authorization
• Configuring active directory membership provider
• Recommendations for ASP.NET security settings
• Securing edit and admin interfaces
• Support for ADFS/SSO:
  - Forms authentication
  - OWIN authentication
  - AspNet Identity OWIN configuration
  - Mixed mode OWIN configuration