What MembershipProviders do you have in your MultiplexingRoleProvider and in what order are they registered?

For example the WindowsRoleProvider, which is a read only Provider, throw a ProviderException with the message "The method is not supported by this provider." when you try to add or remove roles on a user.

hi, I am using multiplex provider

<system.web>
    <roleManager enabled="true"
                 defaultProvider="MultiplexingRoleProvider"
                 cacheRolesInCookie="true">
      <providers>
        <clear />
        <!-- Comment the following lines when running on oracle. -->
        <add name="MultiplexingRoleProvider"
             type="EPiServer.Security.MultiplexingRoleProvider, EPiServer"
             provider1="ActiveDirectoryRoleProvider"
             provider2="WindowsRoleProvider"
             providerMap1="SqlServerMembershipProvider"
             providerMap2="WindowsMembershipProvider" />
        <!--  comment when running on oracle  -->
        <!-- Uncomment the following lines when running on oracle. -->
        <!--<add provider1="OracleRoleProvider" provider2="WindowsRoleProvider"
        providerMap1="OracleMembershipProvider" providerMap2="WindowsMembershipProvider"
         name="MultiplexingRoleProvider" type="EPiServer.Security.MultiplexingRoleProvider, EPiServer" />-->
        <!--Uncomment the lines above running oracle-->
        <add name="WindowsRoleProvider"
             applicationName="EPiServerSample"
             type="EPiServer.Security.WindowsRoleProvider, EPiServer" />
        <add name="SqlServerRoleProvider"
             connectionStringName="EPiServerDB"
             applicationName="EPiServerSample"
             type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
        <add name="ActiveDirectoryRoleProvider"
             type="EPiServer.Security.ActiveDirectoryRoleProvider, EPiServer"
             connectionStringName="ActiveDirectoryProviderConnection"
             connectionUsername="xxx"
             connectionPassword="xxx"
             attributeMapUsername="sAMAccountName" cacheTimeout="0:01:00" />
      </providers>
    </roleManager>
    <membership defaultProvider="MultiplexingMembershipProvider"
                userIsOnlineTimeWindow="10">
      <providers>
        <clear />
        <!-- Comment the following lines when running on oracle. -->
        <add name="MultiplexingMembershipProvider"
             type="EPiServer.Security.MultiplexingMembershipProvider, EPiServer"
             provider1="ActiveDirectoryMembershipProvider"
             provider2="WindowsMembershipProvider" />
        <!--  comment the lines above when running on oracle  -->
        <!-- Uncomment the following lines when running on oracle. -->
        <!--<add provider1="OracleMembershipProvider" provider2="WindowsMembershipProvider"
          name="MultiplexingMembershipProvider" type="EPiServer.Security.MultiplexingMembershipProvider, EPiServer" />-->
        <!--Uncomment the lines above running oracle-->
        <add name="WindowsMembershipProvider"
             type="EPiServer.Security.WindowsMembershipProvider, EPiServer"
             deletePrefix="BUILTIN\"
             searchByEmail="true" />
        <add name="SqlServerMembershipProvider"
             type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
             connectionStringName="EPiServerDB"
             requiresQuestionAndAnswer="false"
             applicationName="EPiServerSample"
             requiresUniqueEmail="true"
             passwordFormat="Hashed"
             maxInvalidPasswordAttempts="5"
             minRequiredPasswordLength="7"
             minRequiredNonalphanumericCharacters="0"
             passwordAttemptWindow="10"
             passwordStrengthRegularExpression="" />
        <add name="ActiveDirectoryMembershipProvider"
             type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
             connectionStringName="ActiveDirectoryProviderConnection"
             connectionUsername="xxxx"
             connectionPassword="xxx"
             enableSearchMethods="true"
             attributeMapUsername="sAMAccountName"/>

      </providers>
    </membership>

What I can see you have a Multiplexing where you define both ActiveDirectoryRoleProvider and WindowsRoleProvider. Both of them are kind of read only and throws an Exception when you try to add or remove users from a role.

In what situation do you want to add users to roles?

Hi, thanks for your reply. 

I have users and groups defined in AD. I am importing users using from AD to episever using the plugin https://www.coderesort.com/p/epicode/browser/Epinova.ActiveDirectoryImport/6.x/Services/ActiveDirectoryService.cs?rev=1957 

Now, when I add a group for user in AD, the group is not importing into episerver for that user. I have written code to get groups for each user and I am thinking to add those groups for respective users.

I think I understand.

As I mentioned the WindowsRoleProvider and ActiveDirectoryRoleProvider does not allow you to create roles.

Do you have any other members that are supposed to log on except those in the Active Directory that is your import source?

If not I would suggest that you changed to using SqlRoleProvider and SqlMembershipProvider if the idea is that you want to store your users and roles locally on your web site.

HI, After I changed my defaultRole provider as SqlRoleProvider and defaultMembershipProvider as SqlMemberShipProvider, I couldn't even login. 

thanks.

Hi Suresh, 

Below is example of setting Multiplexing membership & role providers using SQL and windows : 

<roleManager enabled="true" defaultProvider="MultiplexingRoleProvider" cacheRolesInCookie="true">
<providers>
<clear/>
<add name="MultiplexingRoleProvider" type="EPiServer.Security.MultiplexingRoleProvider, EPiServer" provider1="SqlServerRoleProvider" provider2="WindowsRoleProvider" providerMap1="SqlServerMembershipProvider" providerMap2="WindowsMembershipProvider"/>
<add name="WindowsRoleProvider" applicationName="EPiServerSample" type="EPiServer.Security.WindowsRoleProvider, EPiServer"/>
<add name="SqlServerRoleProvider" connectionStringName="EPiServerDB" applicationName="EPiServerSample" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
<membership defaultProvider="MultiplexingMembershipProvider" userIsOnlineTimeWindow="10">
<providers>
<clear/>

<add name="MultiplexingMembershipProvider" type="EPiServer.Security.MultiplexingMembershipProvider, EPiServer" provider1="SqlServerMembershipProvider" provider2="WindowsMembershipProvider"/>
<add name="WindowsMembershipProvider" type="EPiServer.Security.WindowsMembershipProvider, EPiServer" deletePrefix="BUILTIN\" searchByEmail="true"/>
<add name="SqlServerMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="EPiServerDB" requiresQuestionAndAnswer="false" applicationName="EPiServerSample" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>

After setting this, login with your windows user and create a SQL user from Admin mode and assign him to a group (Webadmins, Webeditors). Then you should be able to login with your sql account. 

OK, I understand. thanks. 

then I just would like to import AD groups in episerver. but it seems there is a limitation AD groups are imported in episerver if only if user logins with windows user login. 

Could you tell me any work around for this ?

thanks. 

What kind of limitation do you mean?

An other solution could be that you create your own RoleProvider and MembershipProvider that use your imported pages in the same way as SqlMembershipProvider use the database or WindowsMembershipProvider use your Windows accounts.

I mean, AD groups are syncing into episerver when user logins. Some times, I would like to have those AD groups in Episever even though user doesn't login. 

This could be an usefull tool in this case: 
https://www.coderesort.com/p/epicode/wiki/Epinova.ActiveDirectoryImport