Walkthrough: Disable the Security database on a Content Delivery instance

Abstract

How to disable the Sitecore Security database on a Content Delivery instance.

Sitecore uses the Security database to store security information. The Security database is by default part of the Core database but it can be separated to a stand-alone database. The Content Delivery (CD) instance uses the security connection string to communicate with the Security database whether it is part of the Core database or a stand-alone database.

You can disable the Security database on your CD instances if they do not need user authentication, and you want to keep them as small-scale as possible.

Important

If the Federated Experience Manager (FXM) is being used, do not disable the Security database on the CD instance.

To accomplish this, you need disable four components on each CD instance:

  • Federated authentication

  • ASP.NET Membership authentication

  • The Security database connection

  • The EnsureAnonymousUsers processor

Disable federated authentication

To disable federated authentication:

  1. In the root folder of the CD instance, open the Web.config file.

  2. In the appSettings node, in the add key="security:define" node, change the value attribute to None.

    <add key="security:define" value="None" />

    Note

    This disables Authentication.OWIN and federated authentication.

  3. Save the Web.config file.

Disable ASP.NET Membership authentication

To disable ASP.Net Membership authentication:

  1. In the root folder of the CD instance, open the Web.config file.

  2. In the system.web/membership node:

    • In the add name="sitecore" node, change the realProviderName attribute to disabled.

    • Delete the add name="sql" node.

    <membership defaultProvider="sitecore" hashAlgorithmType="SHA1">
      <providers>
        <clear />
        <add name="sitecore"
          type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel"
          realProviderName="disabled"
          providerWildcard="%"
          raiseEvents="true" />
        <add name="sql"
          type="System.Web.Security.SqlMembershipProvider"
          connectionStringName="security"
          applicationName="sitecore" minRequiredPasswordLength="1" 
          minRequiredNonalphanumericCharacters="0"
          requiresQuestionAndAnswer="false"
          requiresUniqueEmail="false"
          maxInvalidPasswordAttempts="5" />
        <add name="disabled"
          type="Sitecore.Security.DisabledMembersipProvider, Sitecore.Kernel" 
          applicationName="sitecore" />
        <add name="switcher"
          type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel"
          applicationName="sitecore"
          mappings="switchingProviders/membership" />
      </providers>
    </membership>
  3. In the system.web/roleManager node:

    • In the add name="sitecore" node, change the realProviderName attribute to disabled.

    • Delete the add name="sql" node.

    <roleManager defaultProvider="sitecore" enabled="true">
      <providers>
        <clear />
        <add name="sitecore"
          type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel"
          realProviderName="disabled"
          raiseEvents="true" />
        <add name="sql"
          type="System.Web.Security.SqlRoleProvider"
          connectionStringName="security"
          applicationName="sitecore" />
        <add name="disabled"
          type="Sitecore.Security.DisabledRoleProvider, Sitecore.Kernel" 
          applicationName="sitecore" />
        <add name="switcher"
          type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" 
          applicationName="sitecore"
          mappings="switchingProviders/roleManager" />
      </providers>
    </roleManager>
  4. In the system.web/profile node:

    • Change the defaultprovider attribute to disabled.

    • Delete the add name="sql" node.

    <profile defaultProvider="disabled" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel">
      <providers>
        <clear />
        <add name="sql"
          type="System.Web.Profile.SqlProfileProvider"
          connectionStringName="security"
          applicationName="sitecore" />
        <add name="disabled"
          type="Sitecore.Security.DisabledProfileProvider, Sitecore.Kernel" 
          applicationName="sitecore" />
        <add name="switcher"
          type="Sitecore.Security.SwitchingProfileProvider, Sitecore.Kernel" 
          applicationName="sitecore"
          mappings="switchingProviders/profile" />
      </providers>
    </profile>
  5. Save the Web.config file.

Note

Setting the realProviderName attribute to disabled makes Sitecore use the name=disabled provider with the active user being a user named Undefined.

Disable the Security database connection

To disable the Security database connection:

  1. In the App_Config\ folder of the CD instance, open the ConnectionStrings.config file.

  2. Delete the add name="security" node.

  3. Save the ConnectionStrings.config file.

Disable the EnsureAnonymousUsers processor

To disable the EnsureAnonymousUsers processor:

  1. In the App_Config\ folder of the CD instance, open the Sitecore.config file.

  2. Comment out the processor type="Sitecore.Pipelines.Loader.EnsureAnonymousUsers, Sitecore.Kernel" node.

    <!-- <processor type="Sitecore.Pipelines.Loader.EnsureAnonymousUsers, Sitecore.Kernel" resolve="true" /> -->
  3. Save the Sitecore.config file.