ActiveDirectoryMembershipProvider vs WindowsMembershipProvider


In my setup, I will have two public facing servers in a DMZ, and one internal server inside our network.  Our staff should be able to authenticate against each.  The DMZ servers are not in the domain.  They will use the ActiveDirectoryMembershipProvider.

Ideally, internally we would like to have "pass through authentication" on the internal box... no extra login if the user is in IE.  This is what the organization is "used to" on our existing intranet.  My plan was to use WindowsMembershipProvider on this machine.

The issue I'm seeing is that the ActiveDirectoryMembershipProvider using sAMAccountName returns the username as Username, while the WindowsMembershipProvider returns the username as Domain\Username.

The end result is that EPiServer sees the same user as *two different users* depending on the membership provider used.  They are logged to the database as both "Username" and "Domain/Username".

Any suggestions on how to get around this?

Jul 11, 2013 3:38

I should mention that the deletePrefix="DOMAIN\" only seems to delete prefixes from the groups (based on experimentation).  The username still comes across as "DOMAIN\USERNAME".


Also, the deletePrefix doesn't seem to work *at all* when the WindowsMembershipProvider is called via the EPiServerCommonMembershipProvider.

Jul 11, 2013 3:41

Hi Gregory!

Did you find a solution to this problem? I would also like to have the users without prefix.


Sep 12, 2013 11:57

If you need to modify the values returned by one of the providers maybe a wrapper like what is described here could help?

Sep 12, 2013 13:52

Hakan is correct, I ended up using my own derived versions of ActiveDirectoryMembershipProvider, ActiveDirectoryRoleProvider, and WindowsRoleProvider so that I could make them all behave the same.

Sep 12, 2013 15:07

Ok, thanks.

Sep 12, 2013 15:08
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.