Vulnerability in EPiServer.Forms
We are adding EPiServer 7.5 to an existing website. We're already using an SSO product (OpenAM, which uses Forms authentication) to allow external users to login to this existing website - when users do this they see their name and avatar in the header of the website, and a quick-access menu to protected parts of the website.
Our CMS editors will all be internal users on our corporate network so for EPiServer, we would like to use Windows authentication.
So, we would like to leave our existing SSO arrangements in-place, and to configure EPiServer authentication for only the EPiServer folder.
Is this possible?
I don't think that's possible.
I would try integrating the corporate users into OpenAM. That sounds architecturally sane.
Overall it's a bad idea for scalability to have multiple user stores connected to EPi. Better to leave that to the Auth product.