AI OnAI Off

Combining ActiveDirectory membership and Federated security

Lars Loennechen Skjelbek
Lars Loennechen Skjelbek
Vote:
 

We are developing an EPiServer site with both open and protected content ("login to My Page").

We would prefer the following setup:

  • Editors and admins authenticate through Active Directory on the local domain in order to access "/EPiServer" and "/EPiServer/CMS/admin"
  • End users authenticate through a federated security provider when trying to access the protected content.

What would be the best approach to this?

I'm getting the feeling that we would need some sort of ActiveDirectory middleware for the Owin app builder.

Another approach I have considered is to seperate the editor UI to a dedicated editor server and have different authentication config on the two servers. Would I still be able to use the claims from the federated security provider in ACL and visitor groups (these are maybe synced to DB)?

#132744
Aug 18, 2015 15:22
Marija Jemuovic
Marija Jemuovic
Vote:
 

Hi, Lars,

Check out this article - Mixed mode Owin authentication. I didn't have a need to use mixed mode in my solution, but from what I remember when reading it, it is a similar usecase as yours.

BR,

Marija

#132831
Aug 19, 2015 10:14
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.