Tutorial: Implement an ASP.NET SQL membership provider in Sitefinity

In the Sitefinity CMS security space, all user and role management is handled through the ASP.NET Membership APIs. Sitefinity's backend uses its own custom membership and role providers, which utilize OpenAccess ORM to persist the users and roles into the Sitefinity CMS database. Before the 4.1 release of Sitefinity CMS, we didn't provide the option to substitute these providers with your own. Since then doing this is a piece of cake.

We've seen a lot of requests asking how you can use the default ASP.NET Sql Membership Provider to log into the Sitefinity CMS backend. This is a common need for users who are moving their existing applications to Sitefinity CMS. Here is how you can do this:

If you are moving an existing solution, you've probably already performed this step. For the purposes of this sample, we're going to use the database from a Sitefinity CMS project made with the Project Manager and create the tables needed by the SqlMembershipProvider to store data. The most convenient step to do this is to use the aspnet_regsql.exe tool that ASP.NET provides for us. If we run it, it opens a wizard that guides us through the process:

This wizard is used by ASP.NET to either create the needed tables needed by the provider, or remove them if they are no longer necessary. We need to select the former option in the second step. 

The only information that the wizard needs is a connection string to the database it is going to work with. If you provide a name of a non-existing database, the wizard will create it for you. In our case we are using the same database that we have in one of our projects in Project Manager version 6.1 (the name of the database is Sitefinity):

Following the steps you will be prompted to confirm the settings in the previous step:



When we complete these steps, the database will be ready for use by the SqlMembershipProvider.



 Now we can proceed with registering the provider with Sitefinity.

These steps are done exactly like you would do them in a regular ASP.NET application. We need to include elements in the web.config file indicating the role and membership providers we are going to use. Also, we need to provide the connection string to the database we created in the previous step. Here are the new sections we've added to the web.config file:

After this step your provider is fully functional, but has no data in it. If we want to login with a user from this provider, we have to first create a single user. Before we do this, though, you should remove the entry in web.config for the Sitefinity CMS membership provider, if you have it. Sitefinity CMS doesn't rely on the web.config to register its own providers, but the ASP.NET configuration tool might frown upon it:

Creating a user in the new provider using Visual Studio 2013

To create a user in the new provider using Visual Studio 2013, follow the steps below:

PREREQUISITES: Ensure that yoursite is working on .NET Framework 4.0 and above.

To create a user in the new provider, using Visual Studio 2013, perform the following steps:

1. Open the Command Prompt (not as administrator)
2. Navigate to the folder where IIS is installed on your machine.
3. In the command line, copy and paste the following prompt to launch an IIS instance of the Configuration Manager Site:
   "C:\Program Files\IIS Express\iisexpress.exe" /path:c:\windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles /vpath:"/asp.netwebadminfiles" /port:8089 /clr:4.0 /ntlm
4. Open your browser, and enter the following line in the URL:
   
   http://localhost:8089/asp.netwebadminfiles/default.aspx?applicationPhysicalPath=[Exact_Project_Path]\&applicationUrl=/

NOTE: Here [Exact_Project_Path] refers to the absolute path to the Visual Studio Project folder with the solution file in it.

This will start running the ASP.net Web Site Administration Tool.

Creating a user in the new provider using Visual Studio 2012

This will open a web administration tool with options to configure application settings.

We can manage users and roles by clicking on the Security tab. This tool uses the project's web config file to retrieve information about your providers, so if you encounter any error here, the most likely cause is something in your web.config.

On this screen, we only need to click the "Create user" link, and then provide all the information needed for the new user. After we click "Save", our new user is ready and persisted in the database.

Up to now, we've created the membership database needed by SqlMembershipProvider, registered the provider with Sitefinity CMS, and created a sample user in this provider. However, we still cannot log in with this user, because of missing rights to access the backend:



To fix this, we need to assign the new user to a Sitefinity CMS role able to access the backend. Logging in with existing CMS user, we should be able to see the new provider and the newly created user.

The only thing left to do is go to the edit screen and assign the new user to the Administrators role.

After this, we should be able to log out, and then log in with our new user.

This sample demonstrates the scenario by using the ASP.NET SqlMembershipProvider. However, you can implement any membership provider and still use it with Sitefinity CMS. For more information about implementing custom membership providers, you can visit MSDN. Let us know in the forums or support system about issues you encounter.