Configuring mixed mode authentication

  Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic! Mail us feedback on this topic!  

Mixed mode authentication enables users to sign in to your website using both Windows authentication and standard forms authentication at the same time.


To enable this authentication mode, you have to modify your web.config file so that the connectionStrings, membership and roleManager sections are the same as the code sample below:



 <add name="CMSADConnectionString" connectionString="<LDAP connection string>" />



<membership defaultProvider="CMSProvider" userIsOnlineTimeWindow="30">



   <add name="CMSProvider" type="CMS.MembershipProvider.CMSMembershipProvider" connectionStringName="CMSConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed"/>

   <add name="CMSADProvider" type="CMS.MembershipProvider.CMSADMembershipProvider" connectionStringName="CMSADConnectionString" connectionUsername="username" connectionPassword="password" />




<roleManager defaultProvider="CMSRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">



   <add name="CMSRoleProvider" type="CMS.MembershipProvider.CMSRoleProvider" connectionStringName="CMSConnectionString" applicationName="SampleApplication" writeExceptionsToEventLog="false"/>

   <add name="CMSADRoleProvider" type="CMS.MembershipProvider.CMSADRoleProvider" connectionStringName="CMSADConnectionString" connectionUsername="username" connectionPassword="password" />




The <LDAP connection string> part highlighted in green in the code example above should be replaced with the actual connection string. It should be entered in the format shown below. The first part is the full domain. In the second part, the same domain is divided using the DC parts:




User name and password need to be entered only on Windows XP, in the following format:


Username: <domain name>\user
Password: relevant password


When you have entered this code to your web.config, users can log in using their Active Directory user name (without domain) and password, or using their standard Kentico CMS user name and password.


You can also enable users to sign-in using their full Active Directory user name (e.g. For this to work, you have to add the following key to the AppSettings section of your web.config file:


<add key="CMSADDefaultMapUserName" value="userPrincipalName" />


Page url: