Kentico CMS for ASP.NET - Security and membership

RSS Kentico.com website My account

Search for:

Home

Forums

API and Internals
Bad words
Content Management
Content staging
Design and CSS styles
E-commerce
Export and Import
General
Installation and deployment
Media libraries
Multilingual support
On-line users
Portal engine
Search
Security and membership
Tags
Web parts & Controls

FAQs > Security and membership

Which form control is used for user password field in forms?

It may be confusing there is standard text box specified as field type of password field in User system table. This is caused by the value specified in User system table is not actually used anywhere. There is always some particular alternative form used on live page and there is already the 'password with confirmation' form control used in alternative form. You can find source of this form control in ~\CMSFormControls\PasswordConfirmator.ascx(.cs) files.

I cannot login to site, because the "Use SSL for administration interface" option has been switched on

Sometimes it might happen that you accidentally switch on the option "Use SSL for administration interface" within Site Manager -> Settings -> (global) -> Security.

First option is generating SSL certificate and configure your IIS to use it. The easiest way is using SelfSSL certificate service, you can find more info about it using Google.

Another option is switching off this option manually in the database. Please open the database and in table CMS_SettingsKey find this record: CMSUseSSLForAdministrationInterface and in column KeyValue change the value to false. Now, you need to make some change in web.config file, e.g. add some space and save it. This will force the application to restart and after this everything should be like before.

How to hide the Properties tab in CMS Desk -> Content -> Edit for specific role?

Please go to Site Manager -> Settings -> <your site> -> Content Management and check Personalize user interface by permissions check box. This allows you to specify permissions for the user interface. Now if you go to CMS Desk -> Administration -> Permissions, choose Permission type: Modules and Permission matrix: CMS User Interface, you can uncheck the Properties Tab for proper role. This ensures that users in that role can't see the Properties tab.

I have multiple sites running under Kentico CMS and I get notification that the SSL is from the wrong domain

The SSL certificate is set for web site in IIS. So basically you have following two options:

1) You can create separate web sites in IIS for each of the sites in Kentico CMS

2) You can have one IIS web site and buy multiple name certificate

User is not able to log in to CMSDesk even if the password is correct

This issue can be caused by a site which uses Form authentication and the user has the 'UserIsExternal' field from the CMS_User table set to true (which works only with windows authentication, or when authenticating a user against an external DB using the CustomSecurityHandler).

User is not able to access CMS Desk/CMS Site Manager using IE6/7

This may be solved by the following approaches.

1) Enabling cookies in the browser.
2) Try to lower your IE privacy settings and set it to "low" level.
3) Server time may be set incorrectly according the GMT time, that's why the server is sending expired cookies and the user is not able to log in. Try to set your time according to the wwp.greenwichmeantime.com/ web site.