MVC5 Authentication and Role Management

  1. Avatar of Sarah

    Is it possible to use Windows Authentication for my intranet site AND use the BetterCMS.Module.Users? Perhaps in different areas? Or do I have to use only Forms authentication with BetterCMS.Module.Users?

    Is there any way to get the best of both worlds? I have certain pages that will not be managed with the CMS that need to be authenticated based on our Active Directory structure. But I can't figure out how to manage roles easily in MVC5. I'm new to identities and authentication and although I've read as many resources as I can on it, I'm a bit lost. The documentation on the wiki seems to be only for MVC4. Is there updated documentation somewhere specific to BetterCMS?

  2. Avatar of Sarah

    OK, I figured out how to use AD security groups to map to the custom roles in cms.config. Like this: <add permission="BcmsEditContent" roles="InformationServices" /> where InformationServices is our AD securitygroup.

    But can I manage these custom roles on a page by page basis, for the CMS-created pages? I have various departments that need access to edit only their own page.

  3. Avatar of Bindu

    Could you please explain how you connected to active directory for role access?

  4. Avatar of Sarah

    I'm not connecting to active directory per se, just trying to detect Windows credentials somehow.

    For example, can I do something like this in my config file, where InformationServices is an Active Directory Security group? This seems to work in a passive authentication kind of way (no boxes pop up for me to log in) on a test page, as I am in the group InformationServices.

    <customRoles> <add permission="BcmsEditContent" roles="N" /> <add permission="BcmsPublishContent" roles="InformationServices" /> <add permission="BcmsDeleteContent" roles="User, InformationServices" /> <add permission="BcmsAdministration" roles="InformationServices" /> </customRoles>

    But this applies to all pages, as these are the default roles, right? Now if I wanted to apply certain people to manage a certain page (for example all the department managers), would I need to create a new security group for each page to be managed? Then is there a way to select this via the content manager? I was struggling with adding custom roles in the GUI, it didn't seem to detect them.

  5. Avatar of Bindu

    You assigned the role for active directory user? How does the site know you have that role assigned in the network?

  6. Avatar of Sarah

    I have no idea how it detects it behind the scenes, that is my question. I'm just saying that seems to work...

* Mandatory
* Mandatory
* Mandatory

Verify that you are human