Enabling Active Directory Authentication in Sitefinity 4.x

One of my current projects at work is to create a website for one of our international offices using Telerik's Sitefinity CMS.  Our marketing managers in the region will be managing the website's content and one of the requirements was to allow them to authenticate to the backend using their AD user account.  We've used Sitefinity 3.7 in the past, but for this project we are using the latest stable build (4.4 as of this posting) which has updated the way the security settings are implemented.  After a little trial and error, this is how to enable Windows Active Directory authentication with Sitefinity 4.x.

Setting up LDAP

  1. Login to the Sitefinity dashboard. By default, the url for this is http://<YOUR SITE URL>/Sitefinity
  2. Browse to the security settings Sitefinity provides GUI access to update the security settings (so no more editing providers in the web.config like 3.7).  The security settings are under Administration > Settings > Advanced > Security
  3. Edit/Add a LDAP connection Security > LDAP Settings > LDAP Connections.  Select the default "DefaultLdapConnection" and fill in the fields with your domain details and save.  It should be noted that you can filter/limit the users (as well as groups, but more on that later) that are included on this screen using the distinguished name and LDAP filter options that are provided.  LDAP Connection Settings
  4. Enable the LDAPUsers provider Like the default LdapConnection string, this should already be created for you but will be disabled by default.  To enable the AD users browse to Security > Membership Providers.  Select "LdapUsers" and check the "Enabled" checkbox and save your changes.
  5. Restart the site -- you can recycle the app pool or update your web.config.
  6. Enable dashboard access for your users By default the AD users will not have access to log into the Sitefinity dashboard.  To enable dashboard access go to Administration > Users.  If everything is working you should have an option for "LdapUsers" -- select this and you should see all of your AD user accounts.  Select the account you wish to grant dashboard access to and either add them to a role or check the "This user can access site backend" checkbox.  Save your changes.

Everything should be setup to use AD account authentication to access the Sitefinity dashboard.  The next time you visit your login page you should now have an "Authentication Provider" dropdown.  To login, select the LdapUsers option and log in using the AD credentials for user you granted dashboard access.

AD Groups as Sitefinity Roles

In addition to including your AD users, Sitefinity also allows you to use your Windows security groups as roles.  Enabling support for this is nearly identical to enabling the user provider from step 4.  To enable the role provider go to Security > Roles Providers, select the "LdapRoles" provider and check the "Enabled" check box and save your settings.

References/Additional Information