Storing IDP and EPiServer user credentials in EPi database


I have to implement site with multiple authentications with IDP and local EPiServer as well. How are the credentials stored in EPi database? How does it work on such scenarios?

Feb 21, 2019 15:16

Hi xztrwigt

New Episerver solutions will usually use the ASP.Net Identity middleware for OWIN.

This means that users, roles, claims etc. will be stored in tables in the SQL database. User's passwords will be hashed (using PBKDF2) and stored in the AspNetUsers table.

When using OWIN, you can add more authentication middlewares. In Episerver's documentation, this is called mixed-mode OWIN authentication. If you implement the code as per this documentation, and log on using the external IDP for the first time, then Episerver will import that logged-in user to another special user table. This is imported so that you can assign Episerver rights and roles to that user.

The sample code on that documentation page shows how to integrate with Active Directory, but you are not limited to that.

Mar 04, 2019 15:06
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.