Currently we are developing an intranet portal powered by Umbraco v7.7.7. that requires Windows Authentication for authenticating its members (front end users).
In terms of Windows Authentication, no login page and functionality will be provided / implemented by the portal. In addition, when a member initially hits a page of the portal, depending on the browser's security settings and security zones , the browser will handle the authentication process by displaying the "classic" authentication popup window in order for the member to enter his/hers domain's account credentials. As a result when a request finally reaches any page of the portal an identity (a WindowsIdentity to be exact) for the logged on member is already established. The WindowsIdentity exposes the username of the member (Name property) in the "domain\username" format.
Since we were unable to find any relevant documentation covering such configuration / functionality, we applied the following:
In the Authentication Feature of IIS, we enabled only Windows
Authentication at the root of the web site (all other authentication
options are disabled).
In Web Config, we changed the Authentication setting’s mode
attribute from “Forms” to “Windows”.
The Members’ username is stored in the “domain\username” format.
After applying the above configuration it seems that both authentication and authorization of members works as expected. As far as authorization is concerned, member groups are correctly attached to the logged on member and as a result access to content is successfully managed by the Public Access feature of Umbraco.
The downside of the above approach has to do with the Umbraco back office that requires Forms Authentication. While logged on to the Umbraco back office, sometimes the browser displays the authentication popup window and requires for the back office user to enter his domain’s account credentials and sometimes randomly terminates the back office user’s session and logs out the user.
Our questions are:
Does Umbraco supports Windows Authentication out of the box (as it
is described above)? Is there any relevant documentation or
configuration guide?
Assuming that our approach is valid, are there any settings so as to
not affect the authentication of Umbraco back office?
Is there any other suggested way for implementing this?
I don't exactly have an answer, though I feel like I'm getting closer. Similar situation, running an Intranet on Umbraco 8.1.4, want Okta to auto-login users as Windows Authenticated users (we don't even use Umbraco's Members stuff since all users would have the same access). But the thread I started here doesn't fully work, since now our Backoffice part is broken.
The UmbracoIdentity package is supposed to help with this and is current through version 8, but I've had trouble integrating that with our Okta stuff.
If anyone finds out a way to Windows authenticate the front-end without breaking the backoffice, we're working on the same stuff.
Umbraco and Windows Authentication
Hi all,
Currently we are developing an intranet portal powered by Umbraco v7.7.7. that requires Windows Authentication for authenticating its members (front end users).
In terms of Windows Authentication, no login page and functionality will be provided / implemented by the portal. In addition, when a member initially hits a page of the portal, depending on the browser's security settings and security zones , the browser will handle the authentication process by displaying the "classic" authentication popup window in order for the member to enter his/hers domain's account credentials. As a result when a request finally reaches any page of the portal an identity (a WindowsIdentity to be exact) for the logged on member is already established. The WindowsIdentity exposes the username of the member (Name property) in the "domain\username" format.
Since we were unable to find any relevant documentation covering such configuration / functionality, we applied the following:
After applying the above configuration it seems that both authentication and authorization of members works as expected. As far as authorization is concerned, member groups are correctly attached to the logged on member and as a result access to content is successfully managed by the Public Access feature of Umbraco.
The downside of the above approach has to do with the Umbraco back office that requires Forms Authentication. While logged on to the Umbraco back office, sometimes the browser displays the authentication popup window and requires for the back office user to enter his domain’s account credentials and sometimes randomly terminates the back office user’s session and logs out the user.
Our questions are:
Thanks in advance,
George
bump - any answers relevant to v8.1 ? Starting similar intranet portal and am researching.
I don't exactly have an answer, though I feel like I'm getting closer. Similar situation, running an Intranet on Umbraco 8.1.4, want Okta to auto-login users as Windows Authenticated users (we don't even use Umbraco's Members stuff since all users would have the same access). But the thread I started here doesn't fully work, since now our Backoffice part is broken.
The UmbracoIdentity package is supposed to help with this and is current through version 8, but I've had trouble integrating that with our Okta stuff.
If anyone finds out a way to Windows authenticate the front-end without breaking the backoffice, we're working on the same stuff.
is working on a reply...