Sitefinity 10 introduces a number of bells and whistles to the platform, including some nice new features such as the Warmup Tool, the Health Check API, and some new-and-improved export and import functionality across multiple environments for content types and data. However, one area of the platform stands out as having received a major overhaul: authentication. Unlike the other new tools, Sitefinity’s new authentication framework looks like a modern re-invention of the authentication framework from previous versions of the platform.
To start with, Sitefinity 10 now comes out of the box able to integrate with other third-party OAuth and OpenID providers. That means that your users can log into the site using Facebook, Google, and Twitter, among others, without any custom programming work required. Additionally, Sitefinity 10 has drastically streamlined their Active Directory integration by allowing role mapping between Active Directory roles and Sitefinity roles. Whereas previously an existing Active Directory user would need Sitefinity roles applied to them by a site administrator to set up their viewing permissions on the site, Active Directory roles can be permissioned as Sitefinity roles, allowing administrators to permission large groups of their users before they have even touched the Sitefinity site.
Outside of third party integrations, Sitefinity authentication has a few new modern touches. One of these is Site Shield, a new feature which allows administrators to hide a site in development from being browsed publicly. Individual end users can be invited by email to view the site, even without being added as a Sitefinity user or having Sitefinity roles granted to them. This is perfect for demoing a site in development to stakeholders without exposing any sensitive content or partially-complete marketing material to the public. This is a big step in empowering the site administrators and content authors with an ability that previously required a server technician or developer. On top of that, Sitefinity 10 streamlines roles and permission management in the back end. Finally, while it may only be a small quality of life improvement, Sitefinity now enables users to register using an email and password only – with no username required. Email and password authentication is a growing trend in web development and it’s good to see Sitefinity enabling its site administrators to take a more modern approach to the end user experience.
Sitefinity developers should be advised that the new authentication behavior is accompanied by some API changes – most notably the ClaimsManager class has received an overhaul. One of the most common applications for ClaimsManager is to get basic information about the logged-in user in backend code, and that process has changed a little bit. The ClaimsIdentityProxy class has been removed in Sitefinity 10, and looking up the current user will now return a SitefinityIdentity type instead. Fortunately, all of the basic user information in ClaimsIdentityProxy is preserved in SitefinityIdentity, but developers should take note that this change will need to take place when upgrading a site to version 10 if it contains custom code that looks up the current user.
The new SitefinityIdentity class seems to be a necessary step towards Sitefinity’s new integration-friendly approach to authentication. It inherits from the more generic ClaimsIdentity class, which should enable Sitefinity to more easily integrate with user identities from other systems, like Facebook or Active Directory. Ultimately, a few growing pains in the form of API changes were necessary in the process of modernizing and overhauling Sitefinity’s authentication. The Sitefinity development team at Americaneagle.com is eager to put this new integration potential to the test over the coming weeks and months.
Additional Reading on Sitefinity 10 and Authentication: