Changing the authentication mechanism in the administrative module

Composite supports both Integrated Windows Authentication and form based authentication. Sites upgraded from Composite version 3.6 or earlier are automatically configured to use Integrated Windows Authentication. New sites created with Composite 3.7 or newer use the authentication mechanism selected in the “Create new site” wizard.

Changing the authentication mechanism to Forms Authentication

Please note that you should not use Forms Authentication when your site is running in a load balanced (multi web-server) environment or if it contains the Newsletter module.

To change the authentication mechanism to Forms Authentication on a running site, execute the following steps:

1. Edit the file /Administration/Composite.Cms.Management.config and locate the following attribute in the XML (line 21):
   
   configuration
     Composite.Management.Plugins.LoginProviderConfiguration
       defaultLoginProviderPlugin
   
   Change the value from “CmsWindowsLoginValidator” to “CmsFormsLoginValidator”
   
2. Using the IIS Manager, execute the following steps:
   - recycle the application pool containing the site
   - Add Anonymous access to the /Administration application on the site
   
3. Access the data located it the SQL Server table CiUser and specify the desired passwords for users in the column FormsLoginPassword

When Forms Authentication is in effect editing users also provides you with a password field, where you can change the password of users.

Changing the authentication mechanism to Windows Integrated Authentication

To change the authentication mechanism to Forms Authentication on a running site, execute the following steps:

1. Edit the file /Administration/Composite.Cms.Management.config and locate the following attribute in the XML (line 21):
   
   configuration
     Composite.Management.Plugins.LoginProviderConfiguration
       defaultLoginProviderPlugin
   
   Change the value from “CmsFormsLoginValidator” to “CmsWindowsLoginValidator”
2. Using the IIS Manager, execute the following steps:
   - recycle the application pool containing the site
   - Remove Anonymous access to the /Administration application on the site, and endure that either Basic Authentication or Windows Authentication is enabled.