# Run in Production - [Runtime Modes](https://docs.umbraco.com/umbraco-cms/run-in-production/runtime-modes.md): This section describes how to use the runtime mode setting to optimize Umbraco for the best development experience or optimal production environment. - [Security](https://docs.umbraco.com/umbraco-cms/run-in-production/security.md): Configure authentication, authorization, SSL, hardening, and other security options in Umbraco. - [Basic Authentication](https://docs.umbraco.com/umbraco-cms/run-in-production/security/basic-authentication.md): Protect the front-end of your Umbraco website with basic authentication using backoffice user credentials. - [API Rate Limiting](https://docs.umbraco.com/umbraco-cms/run-in-production/security/api-rate-limiting.md): How to take advantage of the built-in rate limiting middleware of ASP.NET Core in Umbraco. - [BackOfficeUserManager and Events](https://docs.umbraco.com/umbraco-cms/run-in-production/security/backofficeusermanager-and-notifications.md): The BackOfficeUserManager is the ASP.NET Core Identity UserManager implementation in Umbraco. It exposes APIs for working with Umbraco User's via the ASP.NET Core Identity, including password handling - [Cookies](https://docs.umbraco.com/umbraco-cms/run-in-production/security/cookies.md): Learn about the cookies required for accessing the Umbraco Backoffice and their purposes. - [Replacing the Basic Username/Password Check](https://docs.umbraco.com/umbraco-cms/run-in-production/security/custom-password-check.md): You can specify your own logic to validate a username and password against a custom data store. Learn more about it in this section. - [External Login Providers](https://docs.umbraco.com/umbraco-cms/run-in-production/security/external-login-providers.md): Umbraco supports external login providers (OAuth) for performing authentication of your users and members. - [Lightweight External Members](https://docs.umbraco.com/umbraco-cms/run-in-production/security/lightweight-external-members.md): Lightweight external members let you authenticate members through an external identity provider without storing them as full content entities in Umbraco. - [Locking of Users and Password Reset](https://docs.umbraco.com/umbraco-cms/run-in-production/security/password-reset.md): Learn about the security features put in place to protect Umbraco users from unauthorized access and password breaches. - [Reset Admin Password](https://docs.umbraco.com/umbraco-cms/run-in-production/security/reset-admin-password.md) - [Umbraco Security Hardening](https://docs.umbraco.com/umbraco-cms/run-in-production/security/security-hardening.md): Learn how to strengthen the security of your Umbraco installation, and reduce the risk of unauthorized access. - [Umbraco Security Settings](https://docs.umbraco.com/umbraco-cms/run-in-production/security/security-settings.md) - [Sensitive Data](https://docs.umbraco.com/umbraco-cms/run-in-production/security/sensitive-data-on-members.md): Marking fields and properties on member data as sensitive will hide the data in those fields for backoffice users that are not privy to the data. - [Sanitizing the Rich Text Editor](https://docs.umbraco.com/umbraco-cms/run-in-production/security/serverside-sanitizing.md): This section describes how to sanitize the Rich Text Editor serverside - [Setup Umbraco for a FIPS Compliant Server](https://docs.umbraco.com/umbraco-cms/run-in-production/security/setup-umbraco-for-a-fips-server.md) - [HTTPS](https://docs.umbraco.com/umbraco-cms/run-in-production/security/ssl-https.md): This article covers the recommended way of working with HTTPS and Umbraco CMS. - [Two-Factor Authentication](https://docs.umbraco.com/umbraco-cms/run-in-production/security/two-factor-authentication.md): Umbraco users and members support a two-factor authentication (2FA) abstraction for implementing a 2FA provider of your choice. - [Server-Side File Validation](https://docs.umbraco.com/umbraco-cms/run-in-production/security/serverside-file-validation.md): This section describes how you can implement File Validation - [Configuring Azure Key Vault](https://docs.umbraco.com/umbraco-cms/run-in-production/security/key-vault.md): A guide for configuring Azure Key Vault - [Infrastructure & Ops](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops.md): Set up servers, run health checks, and manage database availability and distributed locks for Umbraco in production. - [Server Setup](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup.md): This section describes different ways of setting up servers for use with Umbraco - [Running Umbraco on Azure Web Apps](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/azure-web-apps.md) - [Hosting Umbraco in IIS](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/iis.md): Information on hosting Umbraco on IIS - [File and Folder Permissions](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/permissions.md): Information on file and folder permissions required for Umbraco sites - [Running Umbraco in Docker](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/running-umbraco-in-docker.md) - [Umbraco in Load Balanced Environments](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/load-balancing.md): Information on how to deploy Umbraco in a Load Balanced scenario and other details to consider when setting up Umbraco for load balancing - [Load Balancing Azure Web Apps](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/load-balancing/azure-web-apps.md) - [Load Balancing the Backoffice](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/load-balancing/load-balancing-backoffice.md) - [SignalR in Load Balanced Environments](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/load-balancing/signalr-in-load-balanced-environments.md) - [Standalone File System](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/load-balancing/file-system-replication.md) - [Advanced Techniques with Flexible Load Balancing](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/load-balancing/flexible-advanced.md) - [Logging with Load Balancing](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/load-balancing/logging.md) - [Health Probes](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/server-setup/health-probes.md): Use .NET health probe endpoints to monitor whether your Umbraco application is alive and ready to serve requests. - [Health Check](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check.md): Health Checks are used to determine the state of your Umbraco project. Learn more about each of them in this section. - [Health Check Guides](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides.md) - [Click-Jacking Protection](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/clickjackingprotection.md): Learn how to protect your Umbraco site from clickjacking attacks using X-Frame-Options and security headers. - [Content Security Policy (CSP)](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/contentsecuritypolicy.md): Implement a Content Security Policy (CSP) to protect your Umbraco site from XSS and data injection. - [Content/MIME Sniffing Protection](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/contentsniffingprotection.md): Protect your Umbraco site from MIME sniffing vulnerabilities using security headers like X-Content-Type-Options. - [Cross-Site Scripting Protection (X-XSS-Protection Header)](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/crosssitescriptingprotection.md) - [Debug Compilation Mode](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/debugcompilationmode.md): Disable debug compilation mode in Umbraco to boost performance by updating JSON configuration. - [Excessive Headers](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/excessiveheaders.md) - [Fixed Application URL](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/fixedapplicationurl.md) - [Folder & File Permissions](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/folderandfilepermissions.md) - [HTTPS Configuration](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/httpsconfiguration.md) - [Notification Email Settings](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/notificationemail.md) - [SMTP](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/smtp.md) - [Strict-Transport-Security Header](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/stricttransportsecurityheader.md): Learn about the health checks that check for cookie hijacking and protocol downgrade attacks protection. - [Untrusted Database Constraints](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/health-check/guides/untrusteddatabaseconstraints.md): Checks that all Umbraco foreign key and check constraints on SQL Server are trusted. - [Database Availability Checks](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/database-availability.md): Describes the checks Umbraco will do on startup to determine the availability of the database, and how this behavior can be customized. - [Distributed Locks](https://docs.umbraco.com/umbraco-cms/run-in-production/infrastructure-and-ops/distributed-locks.md) - [Tutorials](https://docs.umbraco.com/umbraco-cms/run-in-production/tutorials.md): Step-by-step tutorials for configuring authentication providers and maintenance pages in Umbraco. - [Add Microsoft Entra ID Authentication (Members)](https://docs.umbraco.com/umbraco-cms/run-in-production/tutorials/add-microsoft-entra-id-authentication.md): Learn how to use Microsoft Entra ID (Azure Active Directory) credentials to login to Umbraco as a member. - [Add Google Authentication (Users)](https://docs.umbraco.com/umbraco-cms/run-in-production/tutorials/add-google-authentication.md): A tutorial on setting up Google authentication for the Umbraco CMS backoffice users. - [Create a Custom Maintenance Page](https://docs.umbraco.com/umbraco-cms/run-in-production/tutorials/create-a-custom-maintenance-page.md): Learn how to make your site visitors aware of any ongoing maintenance on the project. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.umbraco.com/umbraco-cms/run-in-production.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.