Vulnerability in EPiServer.Forms
Sorry im new to EPiServer. I need to create a new user in an existing EPi site so i can login and admin, editor, dashbord etc. Can i somehow create a user in the web.config file or is this done elsewhere?
Localy on my machine i mean.
Welcome to the EPiServer community.
To get a good base knowledge on working with EPiServer I suggest that you read the admin and editor manuals found on
Users are setup in EPiServer with the .net MemberShip and RoleProviders. You can read about it in the EPiServer Whitepapers
A normal setup on a developer machine is that you use WindowsMembershipProvider and use your normal Windows account (which normally is an administrator)
I hope this gives you some assistance on getting EPiServer up and running on your machine.
Great, thank you!
Like Alf says, on developer machines you are typically logged in with a Windows account (with local administrator privileges, meaning it will be automatically be a member of the built-in Administrators group). You'll then use your Windows credentials to log into your site.
For Windows login to work you need to use either WindowsMembershipProvider/RoleProvider or MultiplexingMembershipProvider/RoleProvider.You can find this in your web.config:
However, if you want to create or edit users you need to use Multiplexing as your Membership/Role Provider. (Because you can't add/edit Windows accounts from within EPiServer).
Oh, and if all login options fail, you can always "break into" your site by removing/commenting all occurances of " in your web.config, as described here: http://blog.fredrikhaglund.se/blog/2010/03/08/episerver-security-and-access-control-12/
That way you can go straight to /EPiServer (or whatever your UI path is) without authentication, and create/edit users in Admin mode, then put "deny users" back in your web.config.
Just don't ever do that on production environments!
Or like this: http://www.dcaric.com/blog/episerver-how-to-create-admin-users-from-the-code