Does the SDL Tridion CMS provide user credential authentication each time a user performs activity in the CME?

Its simple vanilla SDL Tridion is installed where users are added to the CMS CME.

  • If the user has successfully logged in to the SDL Tridion CME (LDAP-AD synchronization is not used, the MMC does not have LDAP-AD data).

  • Now the user continues to deal with his editing / creation of the content page or navigation information in the CME.

  • Does Tridion check every time a user performs such an activity? This authentication is performed against LDAP-AD or some kind of cache (if there is one?)

  • A long time ago, one of me advised that Tridion has a config where you can enable or disable it for authentication for each user who does this after a successful login ... (I can’t remember the clarity of the conversation).

+6
source share
2 answers

I believe that IIS will really re-authenticate every request.

If you use something like Fiddler (which I highly recommend), you will see that each request for the URL is returned first as HTTP 401, and then sent back to the server with the correct credentials.

So yes, every request must be authenticated. If you disconnect a user account while this user is working in Tridion, he will begin to receive "denied access" errors halfway through his session.

+2
source

Yes - Tridion will check you every time. In other words, every time you make a web request, a new TDSE or session will be created. It can be much more often than you think. I don’t know the details for SDL Tridion 2011, but in R5 days I remember that it took 6 authentications to load the initial GUI view.

It is very likely that authentication on an LDAP server can be cached. The old ISAPI filter did this, but I don’t remember how authorization requests are cached. There has never been a strong requirement to support exotic or "heavy" LDAP integrations.

Previously, there was a setting that would make the TDSE GUI cache, but it was only an experimental function of internal use. I would not recommend using it, and it is very clear that this configuration is not supported.

0
source

Source: https://habr.com/ru/post/911401/


All Articles