Forms authentication uses the standard ASP.NET security mechanism allowing you to authenticate users whose names and passwords are stored in Kentico’s database.
Windows Authentication and Active Directory Integration
If you are creating an intranet or extranet whose users log on to a Windows domain, you can utilize the built-in support for Windows Authentication. In this case, users do not need to sign in again because Kentico can recognize them based on their Windows identity and their username, and groups are automatically imported into Kentico when they visit for the first time.
You can also use the Active Directory Import Tool, allowing you to set up regular synchronization of user accounts and groups from your Active Directory to Kentico. This tool allows you to choose:
- which users/roles will be imported
- which AD fields will be mapped to Kentico user details
- whether you want to create, update, or delete items
Social Network Authentication
Kentico enables site visitors to authenticate themselves using their existing Facebook/ LinkedIn/Live ID/OpenID credentials without creating another user account on your website.
Claim Based Authentication
Kentico supports the Claim Based mechanism, which defines how applications acquire identity information about users and reduces an excess of identity management by providing a central point for user and role administration. This authentication model enables users to authenticate on one domain and gain access to all other domains that trust the same identity provider (running on-premise or in the cloud). As a result, users do not need to create multiple accounts on different domains and provide their credentials every time they want to access an application or service.
Kentico offers a multi-factor authentication method using classic forms authentication in combination with a passcode to verify the identity of the user. The passcodes can be generated by any authenticator application using the Time-based One-time Password Algorithm (TOTP). Thanks to this approach, any unauthorized person will have more difficulty accessing your website.
You can also create your own membership provider that authenticates users against your authentication service or existing user database.