Topics

All topics

Custom access tokens

Overview

Requests can be authorized with access tokens other than Sitefinity's OAuth2 tokens if necessary. Since Sitefinity CMS` authorization is based entirely on user accounts, only external identity providers that issue a unique user identifier can be used. The user must have logged into Sitefinity CMS at least once using the specific IP for its related local user account to have been created.

custom access token 

(A) The exact method of obtaining the token is up to the specific implementation and use case - it could be an OpenID Connect with OAuth2 flow or some other standardized or non-standardized protocol.
(B) The IP access token needs to be validated in Sitefinity CMS via custom code.

Sample validator

This sample show how to validate a custom access token issued by a generic OIDC.

 

Register the custom validator

Add the following code to the Global.asax file:
NEW TO SITEFINITY?

Want to learn more?

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

Associate Sitefinity CMS roles to external claims