Try our conversational search powered by Generative AI!

Windows Authentication in CMS 12


Has anyone managed to make a good implementation with Windows Authentication on CMS 12

I am trying to upgrade an intranet website to CMS 12 that has personalized content and ImageVault. And I am having a hard time making this work good. 

I have read the following articles and manage Authenticate users.

But I get a lot of claims that do not make any sense to the end users. 

I managed to translate this and add new claims with the correct name. However, I am unable to remove the old ones with the IDs.

    .AddNegotiate(options =>
            options.Events = new NegotiateEvents()
                OnAuthenticated = async context =>
                    foreach (ClaimsIdentity identity in context.Principal.Identities)
                        List<string> claimNameList = context.Principal.Claims.Where(a => a.Type == ClaimTypes.GroupSid).Select(a => a.Value).ToList();

                        foreach (var name in claimNameList)
                            var claim = identity.Claims.FirstOrDefault(x => x.Type == ClaimTypes.GroupSid && x.Value == name);
                            if (claim != null)
                                string translateClaim = null;
                                if (claim.Type == ClaimTypes.GroupSid)
                                    SecurityIdentifier securityIdentifier = new System.Security.Principal.SecurityIdentifier(claim.Value);
                                    translateClaim =  securityIdentifier.Translate(typeof(System.Security.Principal.NTAccount))?.ToString();
                                identity.AddClaim(new Claim(ClaimTypes.GroupSid, translateClaim));
                                //identity.RemoveClaim(claim); - do not work


                    var synchronizingUserService = context

                    await synchronizingUserService.SynchronizeAsync(context.Principal.Identity as ClaimsIdentity);

Also, it looks like Imagevault does not work without ASP.NET Core Identity provider, but I am not sure there. 

Feb 02, 2024 8:33
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.