Configuring Windows Live ID authentication

Live ID authentication settings are located in Settings -> Security & Membership -> Authentication -> Windows LiveID.

Before you start entering values, make sure you have the correct site selected in the Site drop-down list.

  • Enable Windows Live ID authentication – indicates if Windows Live ID authentication is enabled.
  • Application ID – the identifier of the related Microsoft authentication application.
  • Application secret – secret code used to encrypt messages transferred between your website and the Microsoft authentication application. Enter the Application secret of your application (available in the Microsoft Application Registration Portal).
  • Assign new users to roles – new users registered via Live ID authentication will be assigned to the roles specified here.
  • Required user data page – URL of a page containing the Required LiveID user data web part. If entered, new Live ID users who log into the site will not have their user account created immediately, but will first be redirected to the specified page where they will be required to enter some additional data (or merge with an existing account) using the web part.

Configuring the Windows LiveID authentication

Compatibility with Live ID users created in older versions

Due to changes in the Microsoft Account service, Kentico currently uses a different authentication mode (by default) than versions prior to 6.0 (5.5 R2 or older). Each mode generates a different authentication token for the same Microsoft account (Live ID). As a result, users created under the original mode cannot be recognized or authenticated by the new one.

If your system contains Microsoft account users from an older version (e.g. after performing an upgrade procedure or as a result of a user import), you may wish to switch back to the original authentication mode in order to preserve the functionality of these user accounts. To do this, set the CMSUseServerSideLiveIDAuthentication key to false into the /configuration/appSettings section of your web.config file:




<add key="CMSUseServerSideLiveIDAuthentication" value="false" />


Setting the key to false ensures that backward compatibility is kept. Please note that new users registered via Microsoft account authentication while this key is false will only work with the original authentication mode (users created under the new mode will no longer be recognized). Working with both authentication modes at the same time is currently not possible.

Authentication problems when using the compatibility mode

When using the backward compatibility authentication mode, your website’s domain must be set as the Target domain for your application in the Microsoft account Developer Center. Otherwise the authentication will not work correctly.

  1. Edit the settings of your application in the Microsoft account Developer Center.
  2. Select the API Settings tab.
  3. Make sure the Target domain field contains the domain of your Kentico website.
  4. Click Save.