Configuring mixed mode authentication

Mixed mode authentication enables signing-in using both Windows authentication and standard forms authentication at the same time.

 

To enable this authentication mode, you have to modify your web.config file so that the connectionStrings, membership and roleManager sections are the same as the code sample below:

 

<connectionStrings>

<add name="CMSADConnectionString" connectionString="<LDAP connection string>" />

</connectionStrings>

 

<membership defaultProvider="CMSProvider" userIsOnlineTimeWindow="30">

           <providers>

               <clear/>

               <add name="CMSProvider" type="CMS.MembershipProvider.CMSMembershipProvider" connectionStringName="CMSConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed"/>

               <add name="CMSADProvider" type="CMS.MembershipProvider.CMSADMembershipProvider" connectionStringName="CMSADConnectionString" connectionUsername="username" connectionPassword="password" />

           </providers>

</membership>

 

<roleManager defaultProvider="CMSRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">

           <providers>

               <clear/>

               <add name="CMSRoleProvider" type="CMS.MembershipProvider.CMSRoleProvider" connectionStringName="CMSConnectionString" applicationName="SampleApplication" writeExceptionsToEventLog="false"/>

               <add name="CMSADRoleProvider" type="CMS.MembershipProvider.CMSADRoleProvider" connectionStringName="CMSADConnectionString" connectionUsername="username" connectionPassword="password" />

           </providers>

</roleManager>

 

The LDAP connection string should be entered in the following format, where the first part is the full domain and in the second part, this domain is divided into parts using the DC parts:

 

LDAP://mydomain.mydomainxy.com/DC=mydomain,DC=mydomainxy,DC=com

 

User name and password need to be entered only on Windows XP, in the following format:

 

Username: mydomain\user
Password: relevant password

 

When you have entered this code to your web.config, users can log in using their Active Directory user name (without domain) and password, or using their standard Kentico CMS user name and password.

 

You can also enable users to sign-in using their full Active Directory user name (e.g. MyName@office.mycompanyxy.com). For this to work, you also have to add the following key to the AppSettings section of your web.config file:

 

<add key="CMSADDefaultMapUserName" value="userPrincipalName" />