Implement an ASP.NET SQL membership provider

In the Sitefinity CMS security space, all user and role management is handled through the ASP.NET Membership APIs. Sitefinity's backend uses its own custom membership and role providers, which utilize OpenAccess ORM to persist the users and roles into the Sitefinity CMS database.

If you are moving an existing solution, you've probably already performed this step. For the purposes of this sample, you are going to use the database from a Sitefinity CMS project made with the Project Manager and create the tables needed by the SqlMembershipProvider to store data. The most convenient step to do this is to use the aspnet_regsql.exe tool that ASP.NET provides for us. If you run it, it opens a wizard that guides us through the process:

This wizard is used by ASP.NET to either create the needed tables needed by the provider, or remove them if they are no longer necessary. You need to select the former option in the second step. 

The only information that the wizard needs is a connection string to the database it is going to work with. If you provide a name of a non-existing database, the wizard will create it for you. In this case you are using the same database that you have in one of your projects in Project Manager.

Following the steps you will be prompted to confirm the settings in the previous step:



When you complete these steps, the database will be ready for use by the SqlMembershipProvider.



 Now you can proceed with registering the provider with Sitefinity.

These steps are done exactly like you would do them in a regular ASP.NET application. You need to include elements in the web.config file indicating the role and membership providers you are going to use. Also, you  need to provide the connection string to the database you created in the previous step. Here are the new sections are added to the web.config file:

Create a user in the new provider using Visual Studio

To create a user in the new provider, using Visual Studio, perform the following steps:

1. Open the Command Prompt (not as administrator)
2. Navigate to the folder where IIS is installed on your machine.
3. In the command line, copy and paste the following prompt to launch an IIS instance of the Configuration Manager Site:
   "C:\Program Files\IIS Express\iisexpress.exe" /path:c:\windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles /vpath:"/asp.netwebadminfiles" /port:8089 /clr:4.0 /ntlm
   
4. Open your browser, and enter the following line in the URL:
   http://localhost:8089/asp.netwebadminfiles/default.aspx?applicationPhysicalPath=[Exact_Project_Path]\&applicationUrl=/

NOTE: Here [Exact_Project_Path] refers to the absolute path to the Visual Studio Project folder with the solution file in it.

This will start running the ASP.net Web Site Administration Tool.

Create a user in the new provider using Visual Studio 2012

This will open a web administration tool with options to configure application settings.

You can manage users and roles by clicking on the Security tab. This tool uses the project's web config file to retrieve information about your providers, so if you encounter any error here, the most likely cause is something in your web.config.

On this screen, you only need to click the "Create user" link, and then provide all the information needed for the new user. After you click Save, your new user is ready and persisted in the database.

Up to now, you have created the membership database needed by SqlMembershipProvider, registered the provider with Sitefinity CMS, and created a sample user in this provider. However, you still cannot log in with this user, because of missing rights to access the backend, noting that You do not have permission to access ...

To fix this, you need to assign the new user to a Sitefinity CMS role able to access the backend. Logging in with existing CMS user, you should be able to see the new provider and the newly created user.

Finally, go to the Edit User panel for this user to enable the user to access the site backend, and then assign the user to the Administrators role.

Now, when the user logs out and then logs in, their administrative access is allowed.

This sample demonstrates the scenario by using the ASP.NET SqlMembershipProvider. However, you can implement any membership provider and still use it with Sitefinity CMS. For more information about implementing custom membership providers, you can visit MSDN. Let us know in the forums or support system about issues you encounter.