Walkthrough: Disable the Security database on a Content Delivery instance

Abstract

How to disable the Sitecore Security database on a Content Delivery instance.

Sitecore uses the Security database to store security information. The Security database is by default part of the Core database but it can be separated to a stand-alone database. The Content Delivery (CD) instance uses the security connection string to communicate with the Security database whether it is part of the Core database or a stand-alone database.

You can disable the Security database on your CD instances if they do not need user authentication, and you want to keep them as small-scale as possible. To accomplish this, you need disable four components on each CD instance:

  • Federated authentication

  • ASP.NET Membership authentication

  • The Security database connection

  • The EnsureAnonymousUsers processor

Disable federated authentication

To disable federated authentication:

  1. In the root folder of the CD instance, open the Web.config file.

  2. In the appSettings node, in the add key="security:define" node, change the value attribute to None.

    <add key="security:define" value="None" />

    Note

    This disables Authentication.OWIN and federated authentication.

  3. Save the Web.config file.

Disable ASP.NET Membership authentication

To disable ASP.Net Membership authentication:

  1. In the root folder of the CD instance, open the Web.config file.

  2. In the system.web/membership node:

    • In the add name="sitecore" node, change the realProviderName attribute to disabled.

    • Delete the add name="sql" node.

    <membership defaultProvider="sitecore" hashAlgorithmType="SHA1">
      <providers>
        <clear />
        <add name="sitecore"
          type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel"
          realProviderName="disabled"
          providerWildcard="%"
          raiseEvents="true" />
        <add name="sql"
          type="System.Web.Security.SqlMembershipProvider"
          connectionStringName="security"
          applicationName="sitecore" minRequiredPasswordLength="1" 
          minRequiredNonalphanumericCharacters="0"
          requiresQuestionAndAnswer="false"
          requiresUniqueEmail="false"
          maxInvalidPasswordAttempts="5" />
        <add name="disabled"
          type="Sitecore.Security.DisabledMembersipProvider, Sitecore.Kernel" 
          applicationName="sitecore" />
        <add name="switcher"
          type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel"
          applicationName="sitecore"
          mappings="switchingProviders/membership" />
      </providers>
    </membership>
  3. In the system.web/roleManager node:

    • In the add name="sitecore" node, change the realProviderName attribute to disabled.

    • Delete the add name="sql" node.

    <roleManager defaultProvider="sitecore" enabled="true">
      <providers>
        <clear />
        <add name="sitecore"
          type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel"
          realProviderName="disabled"
          raiseEvents="true" />
        <add name="sql"
          type="System.Web.Security.SqlRoleProvider"
          connectionStringName="security"
          applicationName="sitecore" />
        <add name="disabled"
          type="Sitecore.Security.DisabledRoleProvider, Sitecore.Kernel" 
          applicationName="sitecore" />
        <add name="switcher"
          type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" 
          applicationName="sitecore"
          mappings="switchingProviders/roleManager" />
      </providers>
    </roleManager>
  4. In the system.web/profile node:

    • Change the defaultprovider attribute to disabled.

    • Delete the add name="sql" node.

    <profile defaultProvider="disabled" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel">
      <providers>
        <clear />
        <add name="sql"
          type="System.Web.Profile.SqlProfileProvider"
          connectionStringName="security"
          applicationName="sitecore" />
        <add name="disabled"
          type="Sitecore.Security.DisabledProfileProvider, Sitecore.Kernel" 
          applicationName="sitecore" />
        <add name="switcher"
          type="Sitecore.Security.SwitchingProfileProvider, Sitecore.Kernel" 
          applicationName="sitecore"
          mappings="switchingProviders/profile" />
      </providers>
    </profile>
  5. Save the Web.config file.

Note

Setting the realProviderName attribute to disabled makes Sitecore use the name=disabled provider with the active user being a user named Undefined.

Disable the Security database connection

To disable the Security database connection:

  1. In the App_Config\ folder of the CD instance, open the ConnectionStrings.config file.

  2. Delete the add name="security" node.

  3. Save the ConnectionStrings.config file.

Disable the EnsureAnonymousUsers processor

To disable the EnsureAnonymousUsers processor:

  1. In the App_Config\ folder of the CD instance, open the Sitecore.config file.

  2. Comment out the processor type="Sitecore.Pipelines.Loader.EnsureAnonymousUsers, Sitecore.Kernel" node.

    <!-- <processor type="Sitecore.Pipelines.Loader.EnsureAnonymousUsers, Sitecore.Kernel" resolve="true" /> -->
  3. Save the Sitecore.config file.