Need to add default credentials to our live site on testing environment on IIS

Namita Patil asked on March 19, 2021 01:58

Hi,

We are trying to work on one enhancement where we want to add 1 default user credentials for live site on our testing environment to avoid other users access. I am trying to add it with Basic authentication, but somehow it keeps redirecting to sitemap.xml url again and again through RouteConfig file. Is there any other way where we can add this internal authentication on live site of Kentico 12?

Thanks! Namita

Recent Answers

Dmitry Bastron answered on March 22, 2021 15:48

Hi Namita,

Are you trying to configure Basic auth in IIS? Have you tried to remove redirects from web.config completely, is it still redirecting you to sitemap.xml?

0 votesVote for this answer Mark as a Correct answer

Namita Patil answered on March 22, 2021 22:11

Actually we cannot remove redirects from web.config, as it impacts our functionality. So, is there any other way where we can add the auth to live site?

0 votesVote for this answer Mark as a Correct answer

Dmitry Bastron answered on March 23, 2021 11:24

Hi Namita,

What I'm trying to suggest is to remove redirects temporarily to confirm first that this issue is actually caused by redirects. You said it's a test system so there shouldn't be issues if some functionality breaks while you are investigating. If it is caused by redirects, then find the particular redirect(s) causing this issue (for example, turn some off and on until you find out what redirect is a culprit).

If it's not actually caused by redirects, then could you post how exactly you configured your IIS website and authentication?

0 votesVote for this answer Mark as a Correct answer

Namita Patil answered on March 23, 2021 19:23 (last edited on March 23, 2021 21:08)

I tried removing redirects from web.config but it still doesn't resolve the issue. Looks like sitemap redirect is because of routing added in RoutConfig.cs file. If I remove the sitemap routing, then it is trying to navigate to /KenticoCookiePolicyCheck?ReturnURL=KenticoCookiePolicyCheck?ReturnURL=KenticoCookiePolicyCheck?ReturnURL= and so on.

For Basic authentication - On IIS I enabled Basic Authentication and disabled Anonymous authentication for live site hosted. Then in Computer Management I added the User and gave the permissions on the hosted environment in file system. I hope this should work fine for Basic authentication setting.

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on May 21, 2021 05:20

The thing is that Kentico makes a server request to the MVC app to get the page templates, page builder and so on - and since it is a server request, Kentico does not know that there is some basic authentication required and does not add the credentials to the request headers. This would require for you to somehow authenticate the requests made from Kentico - maybe with some middle layer which would authenticate them or something like that.

We do not have support for this as the Basic authentication is not used that much lately as it is not that difficult to break in. I would rather recommend to secure the environment in other way - claims-based authentication, multi-factor authentication or simply IP filtering on the IIS level.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.