Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • George 7 posts 98 karma points
    Jan 15, 2018 @ 08:41

    Umbraco and Windows Authentication

    Hi all,

    Currently we are developing an intranet portal powered by Umbraco v7.7.7. that requires Windows Authentication for authenticating its members (front end users).

    In terms of Windows Authentication, no login page and functionality will be provided / implemented by the portal. In addition, when a member initially hits a page of the portal, depending on the browser's security settings and security zones , the browser will handle the authentication process by displaying the "classic" authentication popup window in order for the member to enter his/hers domain's account credentials. As a result when a request finally reaches any page of the portal an identity (a WindowsIdentity to be exact) for the logged on member is already established. The WindowsIdentity exposes the username of the member (Name property) in the "domain\username" format.

    Since we were unable to find any relevant documentation covering such configuration / functionality, we applied the following:

    1. In the Authentication Feature of IIS, we enabled only Windows Authentication at the root of the web site (all other authentication options are disabled).
    2. In Web Config, we changed the Authentication setting’s mode attribute from “Forms” to “Windows”.
    3. The Members’ username is stored in the “domain\username” format.

    After applying the above configuration it seems that both authentication and authorization of members works as expected. As far as authorization is concerned, member groups are correctly attached to the logged on member and as a result access to content is successfully managed by the Public Access feature of Umbraco.

    The downside of the above approach has to do with the Umbraco back office that requires Forms Authentication. While logged on to the Umbraco back office, sometimes the browser displays the authentication popup window and requires for the back office user to enter his domain’s account credentials and sometimes randomly terminates the back office user’s session and logs out the user.

    Our questions are:

    1. Does Umbraco supports Windows Authentication out of the box (as it is described above)? Is there any relevant documentation or configuration guide?
    2. Assuming that our approach is valid, are there any settings so as to not affect the authentication of Umbraco back office?
    3. Is there any other suggested way for implementing this?

    Thanks in advance,


  • cheryl carpenter 13 posts 91 karma points
    Sep 05, 2019 @ 15:26
    cheryl carpenter

    bump - any answers relevant to v8.1 ? Starting similar intranet portal and am researching.

  • Eric Schrepel 158 posts 223 karma points
    Sep 12, 2019 @ 23:18
    Eric Schrepel

    I don't exactly have an answer, though I feel like I'm getting closer. Similar situation, running an Intranet on Umbraco 8.1.4, want Okta to auto-login users as Windows Authenticated users (we don't even use Umbraco's Members stuff since all users would have the same access). But the thread I started here doesn't fully work, since now our Backoffice part is broken.

    The UmbracoIdentity package is supposed to help with this and is current through version 8, but I've had trouble integrating that with our Okta stuff.

    If anyone finds out a way to Windows authenticate the front-end without breaking the backoffice, we're working on the same stuff.

Please Sign in or register to post replies

Write your reply to: