I can see Lars' example got lost so I'll try adding an example of how to permit a new group to access the editmode pages:
<authorization> <allow roles="WebEditors, WebAdmins, Administrators,
<deny users="*" /> </authorization>
Now the Multiplexing provider works fine. I can log in via my AD account to Episerver CMS.
But I get another error when managing groups and users in Episerver, ie trying to insert new users via SQL Server provider.
In the multiplexing provider, I have specified that the first choice of Role provider and Membership provider should be SQL Server (ASP.NET tables) and the second choice is Active Directory provider.
And I can log in now, and I can create groups via SqlServerRoleProvider. So far so good. But when trying to add a new user, I get an error immediately when trying to reach that page.
[ArgumentException: The parameter 'username' must not be empty.Parameter name: username] System.Web.Util.SecUtility.CheckParameter(String& param, Boolean checkForNull, Boolean checkIfEmpty, Boolean checkForCommas, Int32 maxSize, String paramName) +830853 System.Web.Security.ActiveDirectoryMembershipProvider.CheckUserName(String& username, Int32 maxSize, String paramName) +29 System.Web.Security.ActiveDirectoryMembershipProvider.GetUser(String username, Boolean userIsOnline) +86 EPiServer.Security.MultiplexingMembershipProvider.FindMembershipUser(String username) +81 EPiServer.Security.MultiplexingMembershipProvider.get_CurrentMembershipUser() +74 EPiServer.Security.MultiplexingMembershipProvider.get_CurrentProvider() +70 EPiServer.Security.MultiplexingRoleProvider.get_CurrentProvider() +60 EPiServer.Security.VirtualRoles.GetAllRolesForUser(String username) +67 EPiServer.UI.Edit.UserMembership.PopulateRoleFields() +71 EPiServer.UI.Edit.UserMembership.OnLoad(EventArgs e) +901 System.Web.UI.Control.LoadRecursive() +47 System.Web.UI.Control.LoadRecursive() +131 System.Web.UI.Control.LoadRecursive() +131 System.Web.UI.Control.LoadRecursive() +131 System.Web.UI.Control.LoadRecursive() +131 System.Web.UI.Control.LoadRecursive() +131 System.Web.UI.Control.LoadRecursive() +131 System.Web.UI.Control.LoadRecursive() +131 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1436
Insert of a new user is ok IF I in web.config change the default provider to SqlServerMembershipProvider, while I am logged in to my Episerver site.
If I then try the link "Create user" I get the input fields for adding a new user and I can add the user.
But when I log out, I can not login again with my AD account (because I do not use the multiplexing provider) so the story begins again...
Something is wrong with having multiplexingprovider that uses both sql server and ad? Or have I missed something?
Both these issues is known issues with EPiServer:
#9151: CreatePrincipal("nonExistingUser") throws ProviderException with AD provider
#11957: Can't create SQL-user when using multiplexing provider with SQL and AD
Both are marked as fixed in our tracking system, but the're untested. They will probably be included in the R2 release coming later this year.
Those of you who are using the Active Directory Membership Provider, are you able to search for a user by user name or e-mail address? We're having difficulties with it (we have about 2000+ users in the AD).
I think there is a limitation in DirectorySearcher to 1000 users. Maby this is causing the problems for you?
Hi Petter! I thought the 1000 users limit was a default which applies when you don't specify a limit explicitly? I can still retrieve a list of all 2000+ users, I just can't search for a specific username or e-mail address through the EPiServer admin interface.
I´m having the same problem as Ted. Can´t search for AD-users by name or email when using Active Directory Membership Provider.
Did you solve this one?
The ActiveDirectoryMembershipProvider (build by Microsoft btw) do use *paged searches*, so it can handle resultsets spanning more than 1000 entries (which is a max limit implied by the AD-_server_. You can define a limit _less_ than 1000, but any limit > 1000 will still get you only 1000 in each searchresult).