Disable the Core database on a Content Delivery instance


How to disable the Core database on a Content Delivery instance when you use a dedicated Security database.

By default, Sitecore uses the Core database to store security information. The Content Management (CM) instance has core and security connection strings pointing to the Core database. The Content Delivery (CD) instance has a security connection string pointing to the Core database.

You can disable the Core database on your CD instances. You might want to do this if you want to keep your installation as small-scale as possible, and:

  • You are not using Sitecore security.

  • You are using Sitecore security, but with a dedicated security database instead of the Core database.

To disable the Core database:

  1. In the website root folder of the CD instance, open the web.config file.

  2. Locate the security:define key and change the value parameter to None:

    <add key="security:define" value="None" />


    This setting disables Authentication.OWIN.

  3. In the system.web/membership node, in the name="sitecore" node, change the realProviderName parameter to disabled.

  4. In the system.web/roleManager node, in the name="sitecore" node, change the realProviderName parameter to disabled.

  5. In the system.web/profile node, change the defaultprovider parameter to disabled.

  6. In the system.web/membership, system.web/rolemanager, and system.web/profile nodes, delete the sql provider.

    The resulting nodes look like this:

    <membership defaultProvider="sitecore" hashAlgorithmType="SHA1">
            <clear />
            <add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="disabled" providerWildcard="%" raiseEvents="true" />
            <add name="disabled" type="Sitecore.Security.DisabledMembersipProvider, Sitecore.Kernel" applicationName="sitecore" />
            <add name="switcher" type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/membership" />
    <roleManager defaultProvider="sitecore" enabled="true">
            <clear />
            <add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="disabled" raiseEvents="true" />
            <add name="disabled" type="Sitecore.Security.DisabledRoleProvider, Sitecore.Kernel" applicationName="sitecore" />
            <add name="switcher" type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/roleManager" />
    <profile defaultProvider="disabled" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel">
            <clear />
            <add name="disabled" type="Sitecore.Security.DisabledProfileProvider, Sitecore.Kernel" applicationName="sitecore" />
            <add name="switcher" type="Sitecore.Security.SwitchingProfileProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/profile" />


    Setting realProviderName to disabled makes Sitecore use the name=disabled providers. The active user will be a user named Undefined.

  7. Save the web.config file.

  8. In the App_Config folder, open the ConnectionString.Config file.

  9. Delete the security connection string, and save the file.

  10. In the App_Config/Sitecore.config file, disable the Sitecore.Pipelines.Loader.EnsureAnonymousUsers processor:

    <!-- <processor type="Sitecore.Pipelines.Loader.EnsureAnonymousUsers, Sitecore.Kernel" resolve="true" /> -->