Sebastian's Dev Stories

Let's start with what we are all thinking... Basic Authentication is not recommended! I know...

But!

There are times when we need to use it because of a business decision or for a legacy system. When facing those scenarios, please have in mind to do it through HTTPS and try to be as secure as possible.

Moving on!

Let me show you a few simple steps for those who want to enable Basic Authentication for Optimizely CMS.

First, you'll need to add the following line to your Web.config file under configuration→configSections

<section name="episerver.basicAuthentication" type="EPiServer.Configuration.BasicAuthenticationSection, EPiServer.Configuration" allowLocation="true" />

Now, if you are on Optimizely CMS 11, you will need to add the following add node under system.webServer→modules

<add name="BasicAuthentication" type="EPiServer.Security.BasicAuthentication, EPiServer.Cms.AspNet" />

And if you are wondering "what should I do if I'm not on Optimizely CMS 11?" don't worry! The following add node is what you need:

<add name="BasicAuthentication" type="EPiServer.Security.BasicAuthentication, EPiServer" />

Once you've completed all the previous steps, the only thing left to do is disable Anonymous Authentication in IIS → Authentication and you should be all set.

Remember that the credentials you need to use for the Basic Authentication challenge are the same ones you use for Optimizely CMS, regardless of your Membership Provider.

Happy coding!