Custom authentication
Manage local accounts
If you need to completely bypass Sitefinity`s default password based authentication you can use the following method in Telerik.Sitefinity.Security.SecurityManager class:
public static UserLoggingReason AuthenticateUser(string membershipProviderName, string userName, bool persistent, out User user)
This method will login the user and issue all the necessary authentication cookies by just providing the username/email of the user account.
Manage external accounts
If you are logging in users from external identity provider (IP) the usual flow is to redirect the user browser to the IP and wait for it to be redirected back to Sitefinity CMS on a special endpoint with the remote authentication result. There are some special cases that you might collect user credentials in Sitefinity CMS and relay them to the IP for verification. Regardless of the methods used you need to create a local account that is mapped to that external account. Typically the locally mapped account is created upon first login of the external user.
Custom authentication should only be implemented if there are no other option and you have the know-how to implement it securely or are using a third party library.
You can introduce a handler managed by IIS for external accounts. The IIS managed handler is the recommended approach as it is much simpler and more flexible. For more information, see IIS managed handler.
If using standard authentication protocol like OpenID Connect for external accounts consider using and customizing the built-in provider in Sitefinity CMS. For more information, see Add new or customize existing OpenID Connect authentication provider.