How do you think our authentication/authorization should work?


Here's the scenario:

Our company has multiple systems that all share one common authentication and authorization system. This system has all the user accounts and what parts of all systems they have access to.

This will of course also be used for our EPiServer 7 application.

This authentication/authorization system will serve the following,

- User informarion (username, email, firstname, lastname etc.)

- Access rights (permissions to other systems)

The EpiServer application will need to communicate with our other systems, that's why the access rights are of relevance.


So I'm wondering how should the EPiServer application communicate with our authentication system?

And how should the user information and permissions be stored?

Would it be viable to map permissions to EPiServer Roles? Like 1 to 1 mapping?

Any thoughts and ideas are welcome!

Nov 06, 2013 20:36

I guess you could call our system a claims based system. But it is a public website so both users outside our company as well as users within will have access to the application.


Nov 06, 2013 20:49
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.