AI OnAI Off

Cannot get SqlServerMembershipProvider to work

magnus.farje@exor.se
magnus.farje@exor.se
Vote:
 

Hi!

I'm trying to create a sql user with no luck.

If i use WindowsMembershipProvider i cannot create SQL-users.

If i use MultiplexingMembershipProvider i cannot login with my domain account. I can login with a local windows admin account but has no access to the admin page in Episerver.

MultiplexingMembershipProvider do work when the site is published on another server but if i set up a SQL account there and move the database to my local machine the user/group looses its administration permissions.

What am i supposed to do?

Why dosen't my domain account work when using MultiplexingMembershipProvider?

    <roleManager enabled="true" defaultProvider="MultiplexingRoleProvider" cacheRolesInCookie="true">
      <providers>
        <clear />
        <add name="MultiplexingRoleProvider" type="EPiServer.Security.MultiplexingRoleProvider, EPiServer.Framework" provider1="SqlServerRoleProvider" provider2="WindowsRoleProvider" providerMap1="SqlServerMembershipProvider" providerMap2="WindowsMembershipProvider" />
        <add name="WindowsRoleProvider" applicationName="EPiServerSample" type="EPiServer.Security.WindowsRoleProvider, EPiServer" />
        <add name="SqlServerRoleProvider" connectionStringName="EPiServerDB" applicationName="EPiServerSample" type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>
    <membership defaultProvider="MultiplexingMembershipProvider" userIsOnlineTimeWindow="10" hashAlgorithmType="HMACSHA512">
      <providers>
        <clear />
        <add name="MultiplexingMembershipProvider" type="EPiServer.Security.MultiplexingMembershipProvider, EPiServer.Framework" provider1="SqlServerMembershipProvider" provider2="WindowsMembershipProvider" />
        <add name="WindowsMembershipProvider" type="EPiServer.Security.WindowsMembershipProvider, EPiServer" deletePrefix="BUILTIN\" searchByEmail="true" />
        <add name="SqlServerMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="EPiServerDB" requiresQuestionAndAnswer="false" applicationName="EPiServerSample" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
      </providers>
    </membership>
#86826
Jun 02, 2014 16:12
Johan Petersson
Johan Petersson
Vote:
 

Hi,

Make sure you have mapped the correct groups in EPiServerFramework.config, i.e. CmsAdmin and CmsEditors. By default I think those groups are only mapped to Administrators. You might need to add AD groups as well.

<episerver.framework>
	<scanAssembly forceBinFolderScan="true" />
	<virtualRoles replacePrincipal="true">
		<providers>
			<add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" />
			<add name="Everyone" type="EPiServer.Security.EveryoneRole, EPiServer.Framework" />
			<add name="Authenticated" type="EPiServer.Security.AuthenticatedRole, EPiServer.Framework" />
			<add name="Anonymous" type="EPiServer.Security.AnonymousRole, EPiServer.Framework" />
			<add name="Creator" type="EPiServer.Security.CreatorRole, EPiServer" />
			<add name="PackagingAdmins" roles="WebAdmins, Administrators" mode="Any" type="EPiServer.Security.MappedRole, EPiServer.Framework" />
			<add name="CmsAdmins" roles="WebAdmins, Administrators" mode="Any" type="EPiServer.Security.MappedRole, EPiServer.Framework" />
			<add name="CmsEditors" roles="WebEditors" mode="Any" type="EPiServer.Security.MappedRole, EPiServer.Framework" />
		</providers>
	</virtualRoles>
	<geolocation defaultProvider="maxmind">
		<providers>
			<add name="maxmind" databaseFileName="[appDataPath]\Geolocation\GeoLiteCity.dat" type="EPiServer.Personalization.Providers.MaxMind.GeolocationProvider, EPiServer.ApplicationModules" />
		</providers>
	</geolocation>
	<virtualPathProviders>
		<clear />
		<add name="ProtectedAddons" virtualPath="~/ui/" physicalPath="[appDataPath]\Modules" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider, EPiServer.Framework" />
	</virtualPathProviders>
	<appData basePath="..\AppData" />
</episerver.framework>


You need those groups in web.config as well. Search for <authorization>, then you will find all places that needs to be updated. You can add all additional groups here, or just add CmsAdmins or CmsEditors instead.

#86828
Edited, Jun 02, 2014 18:37
Dejan Caric
Dejan Caric
Vote:
 

Hi Magnus,

I have the same "problem" on my work laptop :)
When I'm in the office I can log in to admin mode with my AD account.
When I'm at home, and don't use VPN, I cannot log in to admin mode with the same AD account.

What always helps is SqlServer Role/Membership provider.

In this forum thread, I've described how to create an epi admin user from the code: http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=86653
Or you can create one "by hand" using ASP.NET Configuration tool in Visual Studio.

Your web.config looks fine.

If you only want to use SqlServer Role/Membership provider, then your web.config should look like this:

<roleManager enabled="true" defaultProvider="SqlServerRoleProvider" cacheRolesInCookie="true">
  <providers>
	<clear />
	<add name="SqlServerRoleProvider" connectionStringName="EPiServerDB" applicationName="EPiServerSample" type="System.Web.Security.SqlRoleProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</roleManager>
<membership defaultProvider="SqlServerMembershipProvider" userIsOnlineTimeWindow="10" hashAlgorithmType="HMACSHA512">
  <providers>
	<clear />
	<add name="SqlServerMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="EPiServerDB" requiresQuestionAndAnswer="false" applicationName="EPiServerSample" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
  </providers>
</membership>

Hope this helps!

#86829
Jun 02, 2014 18:49
Magnus Olsson
Magnus Olsson
Vote:
 
#86842
Jun 03, 2014 9:40
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.