We are developing an EPiServer site with both open and protected content ("login to My Page").
We would prefer the following setup:
What would be the best approach to this?
I'm getting the feeling that we would need some sort of ActiveDirectory middleware for the Owin app builder.
Another approach I have considered is to seperate the editor UI to a dedicated editor server and have different authentication config on the two servers. Would I still be able to use the claims from the federated security provider in ACL and visitor groups (these are maybe synced to DB)?
Check out this article - Mixed mode Owin authentication. I didn't have a need to use mixed mode in my solution, but from what I remember when reading it, it is a similar usecase as yours.