K Khan
Nov 22, 2017
  12209
(10 votes)

Migrate from SQL membership to asp.net identity

If your EPiServer website is still on ASP.Net membership system, think the ASP.NET membership system was introduced with ASP.NET 2.0 back in 2005, and since then there have been many changes in the ways web applications typically handle authentication and authorization. Your organization may be looking for a multifactor authentication or want to move the responsibility for identification to some other party. Whatever the solution that your organization will be choosing, most probably, the first step that you will have to do is migrate your website to ASP.Net Identity and migrate existing membership users to Identity so they could log in without any hitch. The solution can be different for different infrastructures, under this post, I am collecting bits and pieces at one place that we will require doing this. Proposed solution is based on http://world.episerver.com/documentation/developer-guides/CMS/security/episerver-aspnetidentity/.


1. Install the following NuGet package, EPiServer.CMS.UI.AspNetIdentity

  • This means Users, roles and access rights can be managed from admin view of episerver
  • Implements the UIUsersManager, UIRoleManager, SecurityEntityProvider and SignInManager providers

2. Set the authentication mode in the system.web section of the web.config file as following

<authentication mode="None"></authentication>


3. Clear the membership and rolemanager providers from web.config as following

<membership><providers><clear /></providers></membership>
<roleManager enabled="false"><providers><clear /></providers></roleManager>

4. Prepare OWIN pipeline to use in a startup class to configure the application

https://gist.github.com/khurramkhang/08409560f9b04cb1520a1e6321220c18  

Alternatives: use default app.AddCmsAspNetIdentity<ApplicationUser>(); but we will not be able to add custom stuff that we will require e.g. password hashing.

5. Prepare SQL Hasher to allow migrated user login with their old password

https://gist.github.com/khurramkhang/f279284f2aecbed80ac1bbafe046c945 

6. Build OWIN pipeline in a startup class needed to configure the application

[assembly: OwinStartup(typeof(Startup))]

public void Configuration(IAppBuilder app)
{
   string loginPath = "/util/login.aspx";

            // Add CMS integration for ASP.NET Identity
            //https://gist.github.com/khurramkhang/08409560f9b04cb1520a1e6321220c18
            app.SetupAspNetIdentity<ApplicationUser>();

            // Use cookie authentication
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString(loginPath),
                Provider = new CookieAuthenticationProvider
                {
                    OnValidateIdentity =
                        SecurityStampValidator
                            .OnValidateIdentity<ApplicationUserManager<ApplicationUser>, ApplicationUser>(
                                validateInterval: TimeSpan.FromMinutes(30),
                                regenerateIdentity: (manager, user) => manager.GenerateUserIdentityAsync(user))
                }
            });
}


7. Compile and run your application, browse to episerver cms login page and try to use your existing login, This will result a login failure as you are required to migrate users from membership to asp.net identity tables. Till this stage following new tables would have been created in episerver db

  • AspNetRoles
  • AspNetUserClaims
  • AspNetUserLogins
  • AspNetUserRoles
  • AspNetUsers

8. You can use following script to migrate users to ASP.Net Identity, Password hasher will resolve password with HMACSHA512 hashing
https://gist.github.com/khurramkhang/f9110994e6dd771db87e0e26a394c557 

References:

http://world.episerver.com/documentation/developer-guides/CMS/security/episerver-aspnetidentity/

http://sveinaandahl.blogspot.nl/2015/08/how-to-integrate-aspnet-identity-with.html

https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/introduction-to-aspnet-identity

https://docs.microsoft.com/en-us/aspnet/identity/overview/migrations/migrating-an-existing-website-from-sql-membership-to-aspnet-identity

Alternative approach: http://sveinaandahl.blogspot.nl/2015/08/how-to-integrate-aspnet-identity-with.html

Nov 22, 2017

Comments

Aria Zanganeh
Aria Zanganeh Nov 22, 2017 11:16 PM

this is a great article .. if Episerver could build generic ASP.Net Identity admin are (same as membership provider) would be great.. so admin can add/update/delete -> user/role .. 

K Khan
K Khan Nov 23, 2017 12:54 AM

Thanks, glad you like it, by installingEPiServer.CMS.UI.AspNetIdentity you can us built in episervet admin area with asp.net identity.

Tom Dickie
Tom Dickie Feb 15, 2018 01:07 PM

@kKhan - Thank you for an easy to follow guide, this worked like a charm.

However, I noticed an issue with the SQL migration script in your gist. It's not migrating email addresses from the membership tables. I forked your script and added email to it.

https://gist.github.com/tdickie/893f44e51eb0886fc961297266b0d585

K Khan
K Khan Feb 15, 2018 01:40 PM

Glad, It helped, Script is updated, Thanks for sharing!

/K

Peter Törnqvist
Peter Törnqvist Mar 27, 2022 12:34 PM

Thanks for an excellent tutorial, but when I implemented it the CustomPasswordHasher is not used when logging in causing an error. I've verified that the Startup code is executed by setting a breakpoint so it seems the custom SetupAspNetIdentity is not used by Episerver and/or set as the current OwinContext. Any clues what could be the problem here?

Thanks, Peter

 

Please login to comment.
Latest blogs
Recraft's image generation with AI-Assistant for Optimizely

Recraft V3 model is outperforming all other models in the image generation space and we are happy to share: Recraft's new model is now available fo...

Luc Gosso (MVP) | Nov 8, 2024 | Syndicated blog

ExcludeDeleted(): Prevent Trashed Content from Appearing in Search Results

Introduction In Optimizely CMS, content that is moved to the trash can still appear in search results if it’s not explicitly excluded using the...

Ashish Rasal | Nov 7, 2024

CMS + CMP + Graph integration

We have just released a new package https://nuget.optimizely.com/package/?id=EPiServer.Cms.WelcomeIntegration.Graph which changes the way CMS fetch...

Bartosz Sekula | Nov 5, 2024

Block type selection doesn't work

Imagine you're trying to create a new block in a specific content area. You click the "Create" link, expecting to see a CMS modal with a list of...

Damian Smutek | Nov 4, 2024 | Syndicated blog