Authentication

Sitefinity CMS uses claims authentication, implemented on top of IdentityServer3, certified by OpenID Foundation. It allows implementing single sign-on and access control for modern web applications and APIs. It uses OAuth2 and OpenID Connect protocols. This integration allows easy connection with clients such as mobile, web, SPAs ,and desktop applications. It is also extensible and allows integration in new and existing architectures. 

The authentication is designed and implemented as separate Microsoft OWIN / Katana component. It uses standard Microsoft.Owin.Security libraries and standard namespace System.Security. Additionally, there are some extensions to support external provider logins, such as Facebook or GitHub. 

Authentication model in Sitefinity CMS has the following advantages: 

• Improved security 
  Users do not have to deploy same passwords and accounts across multiple websites. Using OpenID Connect, passwords are never shared with any websites. 
• Standardized authentication, based on OpenID Connect with JWT, certified IdentityServer3. 
• Out-of-the-box support for logging in with your Windows, Facebook, Google, Microsoft, Twitter, LinkedIn, or GitHub account. 
• Better extensibility. 
  Easy extension for any other OpenId Connect external providers. You can use some of already available OWIN implementations and plug it in Sitefinity CMS. 
• Login with email
  Easier to remember, simplifying the management of collisions, better for email verification and password recovery. 
• API improvements 
  Using standard Principal class, standard System.Security, and cleanups
  Support for .NET 4.5 Framework 
• Ability to configure your own STS certificate