Sitefinity CMS
Contents
Implementing Multiple Membership Providers Send comments on this topic.
See Also
Developing with Sitefinity > Programming Security > Implementing Multiple Membership Providers

Glossary Item Box

Sitefinity takes full advantage of the .NET role based security by providing a powerful interface for managing users and roles. Sitefinity even allows you to use multiple membership/role providers in a single application. For example, you can implement the SQL providers to validate user credentials and manage roles as well as passwords and e-mail addresses of your registered 'public' users; and at the same time, you can use the Active Directory membership and role providers to grant permissions to your internal network users for the CMS backend.

 

You can use the default membership and role providers for public users and the Active Directory ones for administrators to log in the CMS with their domain credentials. All you have to do is configure some settings in the web.config file.

 

What needs to be done is first to change the default membership and role providers’ name from Sitefinity to another name, such as "Public". Then, add both Active Directory providers to the membership and role sections and name them “Sitefinity”.

 

Role Providers

Described below is the definition of the role providers. Keep in mind that the connectionUsername and connectionPassword attributes need to be set to the values for the specific connection. Also, the attribute groupMaps is set here just to illustrate an example of how to specify which groups from the domain to be included and processed. It could be excluded so that the role provider works with the whole domain.

Role Providers Copy Code
<roleManager enabled="true" cacheRolesInCookie = "true" defaultProvider = "Sitefinity">
<providers>
  <clear/>
  <add
      name="Sitefinity"
      applicationName="/"
      description="Telerik Role provider for Active Directory"
      authenticationType="Secure"
      userSearchFilter="(&(sAMAccountType=805306368)(sAMAccountName={0}))"
      roleSearchFilter="(&(objectClass=group)(sAMAccountName={0}))"
      userDefinitionFilter="sAMAccountType=805306368"
      groupDefinitionFilter="(objectClass=group)"
      connectionStringName="ActiveDirectory"
      type="Telerik.Security.ActiveDirectory.TelerikADRoleProvider, Telerik.Security"
      connectionUsername="username"
      connectionPassword="password"
      groupMaps="Domain group 1, Domain group 2, Domain group 3"
  />
  <add
      applicationName="/"
      connectionStringName="DefaultConnection"
      name="Public"  
      type="Telerik.DataAccess.AspnetProviders.TelerikRoleProvider, Telerik.DataAccess"
  />
</providers>
</roleManager>

 

Here, "Domain group 1", "Domain group 2" and "Domain group 3" are groups from the specific domain.

 

Membership Providers

Following is a possible implementation of the membership providers. Keep in mind that the connectionName and connectionPassword attributes need to be set to the values for the specific connection.

Membership Providers Copy Code
<membership defaultProvider ="Sitefinity" userIsOnlineTimeWindow="15" hashAlgorithmType="">
  <providers>
    <clear/>
    <add
        name = "Sitefinity"
        connectionStringName = "ActiveDirectory"
        enableSearchMethods = "true"
        attributeMapUsername = "sAMAccountName"
        connectionUsername = "userName"
        connectionPassword = "Password"
        type="Telerik.Security.ActiveDirectory.TelerikADMembershipProvider, Telerik.Security"
     />
     <add
        name="Public"
        connectionStringName="DefaultConnection"
        type="Telerik.DataAccess.AspnetProviders.TelerikMembershipProvider, Telerik.DataAccess"
        enablePasswordRetrieval="false"
        enablePasswordReset="true"
        requiresQuestionAndAnswer="false"
        applicationName="/"
        requiresUniqueEmail="false"
        passwordFormat="Hashed"
        maxInvalidPasswordAttempts="5"
        passwordAttemptWindow="10"
        passwordStrengthRegularExpression=""
        minRequiredPasswordLength="1"
        minRequiredNonalphanumericCharacters="0"
     />  
  </providers>
</membership>


  
 Connection Strings

A connection string for each type of provider should be set. The Sitefinity connection string is used by the Public provider, while the ActiveDirectory connection string is used by the Sitefinity (default) provider. The strings need to be correctly set for the specific providers.

Connection Strings Copy Code
<connectionStrings>
   <add
       name="Sitefinity"
       connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|Sitefinity.mdf" providerName="System.Data.SqlClient"
   />
   <add
       name="ActiveDirectory"
       connectionString=LDAP://your_domain.com
   />
</connectionStrings>

 

Group Permissions

Another thing that needs to be done is to give unrestricted permissions for a given domain group. To do that you have to add a line similar to this:

Group Permissions Copy Code
<add name="Domain group" permission="Unrestricted"/>

The Domain group is a group from the specific domain.

 

See Also