Authentication |
The system supports both forms and Windows authentication. The forms authentication stores user names and passwords in the database and requires user to log on. The Windows authentication gets user identity from the network credentials and creates the user automatically in the database, including user’s roles (if they exist in the CMS database).
Configuring forms authentication
The forms authentication is configured by default. It uses the standard ASP.NET forms authentication and its settings. You can find the settings in the web.config file:
Password Encryption
You can also configure the password encryption in Site Manager -> Settings -> Security, in the Password format key. By default, the passwords are stored in plain text. If you want to use SHA1 hash format, please set the value to SHA1. Then, you need to set all password again so that they are stored in the new format - thus, it's recommended that you make the change after the installation, before you create user accounts.
Membership provider and ASP.NET 2.0 Membership support
Kentico CMS contains an ASP.NET 2.0 Membership provider for the Kentico CMS user database. It means you can use ASP.NET 2.0 Membership API and controls, such as Login control. However, Kentico CMS uses its own user information database instead of the ASP.NET 2.0 Membership tables.
Configuring Windows authentication
Please see the chapter Configuring Windows authentication.
Configuring custom authentication
If you want to use user and role information from an external source (such as custom database), you need to configure the system as described in chapter Configuring custom authentication.
|