Open ID service for all Kentico authentication

Nat Tam asked on March 13, 2015 11:55

I see Kentico supports authentication using 3rd party Open ID services via available web parts.

Does anyone know if it's possible to use this mechanism for authentication of Kentico CMS Desk users? This would mean changing the Kentico admin login page to use an Open ID web part instead of the default username/password - is this possible?

Correct Answer

Brenden Kehren answered on March 13, 2015 13:07

You don't have to code anything to get this to happen, you configure it. I have a log in page setup within the content tree with the log in webpart at /Global/Logon so:

Wherever you have your "global" log in page setup at modify your web.config < forms > node to use that URL. i.e.: Global/Logon

<forms loginUrl="Global/logon" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="30" slidingExpiration="true"/>

In your /Admin directory, modify the web.config to look something like this:

<?xml version="1.0"?>
<configuration>
  <appSettings/>
  <connectionStrings/>
  <system.web>
    <authorization>
      <allow roles="CMSBasicUsers, CMSCommunityAdmin, CMSDesigner, CMSDeskAdmin, CMSEditor, CMSReaders, MarketingManager, or whatever roles you need"/>
      <deny users="*"/>
    </authorization>
  </system.web>

  <location path="CMSAdministration.aspx">
    <system.web>
      <authorization>
        <allow roles="_authenticated_"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

Then in your sites settings make sure you set your Website logon page URL property in Settings>Security & Membership to ~/Global/Logon.

This should handle what you need and auto redirect your users anytime they request the /Admin or any other secured section of your site. The only problem with this is if your site has errors or cannot compile, you cannot get to the Logon page because you are using a page in the content tree. I have it setup you can access it on the local server with a little configuration but that is only in the event of an emergency.

2 votesVote for this answer Unmark Correct answer

Recent Answers


Nat Tam answered on March 13, 2015 14:10

Brilliant answer. Thank you.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.