Walkthrough: Disable the Security database on a Content Delivery instance
Sitecore uses the Security database to store security information. The Security database is by default part of the Core database but it can be separated to a stand-alone database. The Content Delivery (CD) instance uses the security
connection string to communicate with the Security database whether it is part of the Core database or a stand-alone database.
You can disable the Security database on your CD instances if they do not need user authentication, and you want to keep them as small-scale as possible.
If the Federated Experience Manager (FXM) is being used, do not disable the Security database on the CD instance.
To accomplish this, you need disable four components on each CD instance:
-
Federated authentication
-
ASP.NET Membership authentication
-
The Security database connection
-
The
EnsureAnonymousUsers
processor
Disable federated authentication
To disable federated authentication:
-
In the root folder of the CD instance, open the
Web.config
file. -
In the
appSettings
node, in theadd key="security:define"
node, change thevalue
attribute toNone
.RequestResponse<add key="security:define" value="None" />
NoteThis disables Authentication.OWIN and federated authentication.
-
Save the
Web.config
file.
Disable ASP.NET Membership authentication
To disable ASP.Net Membership authentication:
-
In the root folder of the CD instance, open the
Web.config
file. -
In the
system.web/membership
node:-
In the
add name="sitecore"
node, change therealProviderName
attribute todisabled
. -
Delete the
add name="sql"
node.
RequestResponse<membership defaultProvider="sitecore" hashAlgorithmType="SHA1"> <providers> <clear /> <add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="disabled" providerWildcard="%" raiseEvents="true" /> <add name="sql" type="System.Web.Security.SqlMembershipProvider" connectionStringName="security" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" /> <add name="disabled" type="Sitecore.Security.DisabledMembersipProvider, Sitecore.Kernel" applicationName="sitecore" /> <add name="switcher" type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/membership" /> </providers> </membership>
-
-
In the
system.web/roleManager
node:-
In the
add name="sitecore"
node, change therealProviderName
attribute todisabled
. -
Delete the
add name="sql"
node.
RequestResponse<roleManager defaultProvider="sitecore" enabled="true"> <providers> <clear /> <add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="disabled" raiseEvents="true" /> <add name="sql" type="System.Web.Security.SqlRoleProvider" connectionStringName="security" applicationName="sitecore" /> <add name="disabled" type="Sitecore.Security.DisabledRoleProvider, Sitecore.Kernel" applicationName="sitecore" /> <add name="switcher" type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/roleManager" /> </providers> </roleManager>
-
-
In the
system.web/profile
node:-
Change the
defaultprovider
attribute todisabled
. -
Delete the
add name="sql"
node.
RequestResponse<profile defaultProvider="disabled" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel"> <providers> <clear /> <add name="sql" type="System.Web.Profile.SqlProfileProvider" connectionStringName="security" applicationName="sitecore" /> <add name="disabled" type="Sitecore.Security.DisabledProfileProvider, Sitecore.Kernel" applicationName="sitecore" /> <add name="switcher" type="Sitecore.Security.SwitchingProfileProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/profile" /> </providers> </profile>
-
-
Save the
Web.config
file.
Setting the realProviderName
attribute to disabled
makes Sitecore use the name=disabled
provider with the active user being a user named Undefined.
Disable the Security database connection
To disable the Security database connection:
-
In the
App_Config\
folder of the CD instance, open theConnectionStrings.config
file. -
Delete the
add name="security"
node. -
Save the
ConnectionStrings.config
file.
Disable the EnsureAnonymousUsers processor
To disable the EnsureAnonymousUsers
processor:
-
In the
App_Config\
folder of the CD instance, open theSitecore.config
file. -
Comment out the
processor type="Sitecore.Pipelines.Loader.EnsureAnonymousUsers, Sitecore.Kernel"
node.RequestResponse<!-- <processor type="Sitecore.Pipelines.Loader.EnsureAnonymousUsers, Sitecore.Kernel" resolve="true" /> -->
-
Save the
Sitecore.config
file.