Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Restricting scope of EPiServer authentication to just EPiServer directory


We are adding EPiServer 7.5 to an existing website. We're already using an SSO product (OpenAM, which uses Forms authentication) to allow external users to login to this existing website - when users do this they see their name and avatar in the header of the website, and a quick-access menu to protected parts of the website.

Our CMS editors will all be internal users on our corporate network so for EPiServer, we would like to use Windows authentication.

So, we would like to leave our existing SSO arrangements in-place, and to configure EPiServer authentication for only the EPiServer folder.

Is this possible?

Feb 09, 2015 17:50

I don't think that's possible.

I would try integrating the corporate users into OpenAM. That sounds architecturally sane.

Overall it's a bad idea for scalability to have multiple user stores connected to EPi. Better to leave that to the Auth product.

Feb 10, 2015 13:48
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.