Transitioning to version 7.0.0018 of Adxstudio Portals from a previous version requires reviewing various settings to ensure that the authentication experience continues to operate as expected. The first decision is whether to migrate to the new ASP.NET Identity based authentication experience or to opt-out and continue to run with the MembershipProvider based authentication experience from before version 7.0.0018. When choosing to transition to ASP.NET Identity, a checklist of site settings can be reviewed to ensure that the new authentication features operate in the same way as the old authentication features.

Continue Using MembershipProvider Authentication

The original MembershipProvider based authentication continues to be available and behaves the same as it did prior to version 7.0.0018. To operate in this mode, ensure that the ASP.NET Identity feature is disabled in the web.config by referring to the instructions here. Include the system.web/authentication element in order to disable ASP.NET Identity. Ensure that the web.config file is upgraded to include the latest configuration elements from version 7.0.0018. No further action is required and the portal authentication will continue to function as it did before.

Migrating to ASP.NET Identity Authentication

Migration means choosing to replace the underlying MembershipProvider authentication components with the newer ASP.NET Identity components. This introduces a new set of identity management features to the portal as described here. ASP.NET Identity also brings modern security patterns and practices around identity and credential management. Supporting these new features are changes to the CRM backend (added by the AdxstudioIdentity.zip solution package) involving additional (web authentication) fields to the contact entity. Data migration of contacts is handled automatically by the portal as visitors login.

CRM Solution

Import the latest AdxstudioIdentity.zip and AdxstudioIdentityWorkflows.zip solution packages.

 

Update Portal Profile Content

The portal may contain user profile related content that should be revised. These profile management pages are based on the old MembershipProvider API and are no longer used.

Enable Contact Data Migration

Review the site settings related to enabling data migration. These settings are necessary for portals with existing web authentication contacts.

  • Set Authentication/Registration/MembershipProviderMigrationEnabled to true
  • Set Authentication/Registration/GoogleOpenIdMigrationEnabled to true if Google was previously enabled as an identity provider requiring contact migration (applies to both ACS and OpenAuth/OpenID configurations)

Mapping Old Settings to the New Settings

The following list of settings remain unchanged and perform the same function in the old and new authentication system. These settings can be left untouched.

  • Authentication/Registration/Enabled
  • Authentication/Registration/GoogleOpenIdMigrationEnabled
  • Authentication/Registration/LoginButtonAuthenticationType
  • Authentication/OpenAuth/Yahoo/Enabled
  • Authentication/OpenAuth/Google/ClientId
  • Authentication/OpenAuth/Google/ClientSecret
  • Authentication/OpenAuth/Google/OpenIdRealm
  • Authentication/OpenAuth/Twitter/ConsumerKey
  • Authentication/OpenAuth/Twitter/ConsumerSecret
  • Authentication/OpenAuth/Facebook/AppId
  • Authentication/OpenAuth/Facebook/AppSecret
  • Authentication/OpenAuth/Microsoft/ClientId
  • Authentication/OpenAuth/Microsoft/ClientSecret
  • Authentication/OpenAuth/LinkedIn/ConsumerKey
  • Authentication/OpenAuth/LinkedIn/ConsumerSecret
  • Authentication/OpenAuth/Yammer/ClientId
  • Authentication/OpenAuth/Yammer/ClientSecret

The following list of settings are no longer used by the new authentication system and have no effect on its operation. It is safe to leave these settings untouched.

  • Authentication/Registration/RequiresConfirmation
  • Authentication/Registration/RequiresChallengeAnswer
  • Authentication/Registration/InvitationCodeDuration

The following table shows the set of new settings that should be created to enable the same functionality provided by the old settings.

Old Setting New Setting
  • Authentication/Forms/Enabled
  • Authentication/Registration/LocalLoginEnabled
  • Authentication/Registration/RequiresInvitation (true)
  • Authentication/Registration/InvitationEnabled (true)
  • Authentication/Registration/OpenRegistrationEnabled (false)
  • Authentication/Claims/Enabled
  • Authentication/Registration/ExternalLoginEnabled
  • Authentication/Claims/Issuer
  • Authentication/Claims/Realm
  • Authentication/Claims/TrustedIssuerThumbprint

For an AD FS environment:

  • Authentication/WsFederation/ADFS/MetadataAddress
  • Authentication/WsFederation/ADFS/AuthenticationType
  • Authentication/WsFederation/ADFS/Wtrealm
  • Authentication/WsFederation/ADFS/Wreply

For an Azure ACS environment:

  • Authentication/WsFederation/Azure/MetadataAddress
  • Authentication/WsFederation/Azure/Wtrealm
  • Authentication/WsFederation/Azure/Wreply
  • Authentication/WsFederation/Azure/Facebook/AuthenticationType
  • Authentication/WsFederation/Azure/Microsoft/AuthenticationType
  • Authentication/WsFederation/Azure/Google/AuthenticationType
  • Authentication/WsFederation/Azure/Yahoo/AuthenticationType
  • Authentication/WsFederation/Azure/WsFederation/AuthenticationType

The values of the old settings do not apply directly to the new settings. Refer to the documentation for details on determining the correct values of the new settings.

  • Authentication/OpenAuth/Enabled
  • Authentication/Registration/ExternalLoginEnabled
  • Authentication/OpenAuth/OpenIDClient
  • Authentication/OpenID/ProviderDiscoveryUri
  • Authentication/OpenID/AuthenticationType
  • Authentication/OpenID/CallbackPath
  • Authentication/OpenID/Caption

The values of the old settings do not apply directly to the new settings. Refer to the documentation for details on determining the correct values of the new settings.

Upgrading the web.config

Apply the following changes to upgrade the web.config from version 7.0.0017 to version 7.0.0018.

Replace the appSettings element with:

 <appSettings>
  <add key="owin:AppStartup" value="Site.Startup,Site" />
  <add key="webpages:Version" value="3.0.0.0" />
  <add key="webpages:Enabled" value="false" />
  <add key="ClientValidationEnabled" value="true" />
  <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  <add key="ApiLogin" value="API_LOGIN" />
  <add key="TransactionKey" value="TRANSACTION_KEY" />
  <add key="MerchantHash" value="MERCHANT_HASH" />
 </appSettings>

Ensure that the system.web/authentication element is excluded to enable ASP.NET Identity authentication:

 <!--
  Include the <authentication> element to use Membership Provider (<membership> element) authentication.
  Exclude the <authentication> element to use ASP.NET Identity authentication.
 -->
 <!--
  <authentication mode="Forms">
  <forms timeout="525600" loginUrl="~/login/" />
 </authentication>
 -->

Replace the entire runtime/assemblyBinding element with:

<runtime>
 <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
  <dependentAssembly>
   <assemblyIdentity name="Microsoft.IdentityModel.Protocol.Extensions" publicKeyToken="31bf3856ad364e35" culture="neutral" />
   <bindingRedirect oldVersion="0.0.0.0-1.0.2.31" newVersion="1.0.2.31" />
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
   <bindingRedirect oldVersion="0.0.0.0-4.0.20511.1437" newVersion="4.0.20511.1437" />
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="Microsoft.Owin.Security.Cookies" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="EB42632606E9261F" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Spatial" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-5.6.3.0" newVersion="5.6.3.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-5.6.3.0" newVersion="5.6.3.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="AntiXssLibrary" publicKeyToken="D127EFAB8A9C114F" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246"/>
   <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="Microsoft.WindowsAzure.StorageClient" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-1.7.0.0" newVersion="1.7.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Web" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Web.Http" culture="neutral" publicKeyToken="31bf3856ad364e35"/>
   <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Net.Http.Formatting" culture="neutral" publicKeyToken="31bf3856ad364e35"/>
   <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.ServiceModel" publicKeyToken="b77a5c561934e089" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Xml" publicKeyToken="b77a5c561934e089" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Data" publicKeyToken="b77a5c561934e089" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Web.Services" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Runtime.Serialization" publicKeyToken="b77a5c561934e089" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="Microsoft.Data.OData" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-5.6.3.0" newVersion="5.6.3.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="System.Xml.Linq" publicKeyToken="b77a5c561934e089" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930"/>
  </dependentAssembly>
  <dependentAssembly>
   <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>
   <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0"/>
  </dependentAssembly>
 </assemblyBinding>
</runtime>