Membership Providers

Membership Providers

Sitecore Security Types

  • Sitecore CMS Security refers to the configuration of CMS users and roles associated with the different tasks that can be performed on content, such as create or edit
  • Extranet Security refers to who can browse content on a published site

Membership Providers

  • Software modules that provide a uniform interface between a service and a data source
  • Implement a well-defined interface consisting of methods and properties defined in an abstract base class named MembershipProvider
  • Used to abstract physical storage media so that membership services can interact with them without knowing how they store the data
  • Changing providers only requires a configuration change in web.config

Provider Types

  • The Membership Provider provides operations to get the user, create, update, delete, validate by username and password, and change the user password
  • The Role Provider provides operations to get the roles, create, delete, add users to, and remove the users from roles
  • The Profile Provider provides operations to get/set the properties of the user profile, and operations on the profile objects (delete/find profiles, etc.)

Provider Configuration

  • The <membership> element in the web.config contains the attributes and settings for all three provider types
  • The attributes for the <membership> element and for the <roles> element are nearly identical
  • The enabled attribute of the <roles> element specifies whether roles are enabled on the application
  • The defaultProvider attribute of the <membership> element specifies the provider to be used by ASP.NET login controls

The Profile Element

  • The profile element contains two groups, <providers> and <properties>
  • The <providers> group contains the definitions of the profile providers similar to the membership and role sections
  • The <properties> section contains additional properties the user profile should hold

Configuration Settings

<membership defaultProvider="sitecore"> 
        <add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="sql" providerWildcard="%" raiseEvents="true"/> 
        <add name="sql" type="System.Web.Security.SqlMembershipProvider" connectionStringName="core" applicationName="sitecore" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="256"/> 
        <add name="switcher" type="Sitecore.Security.SwitchingMembershipProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/membership"/> 

<roleManager defaultProvider="sitecore" enabled="true"> 
        <add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="sql" raiseEvents="true"/> 
        <add name="sql" type="System.Web.Security.SqlRoleProvider" connectionStringName="core" applicationName="sitecore"/> 
        <add name="switcher" type="Sitecore.Security.SwitchingRoleProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/roleManager"/> 

<profile defaultProvider="sql" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel"> 
        <add name="sql" type="System.Web.Profile.SqlProfileProvider" connectionStringName="core" applicationName="sitecore"/> 
        <add name="switcher" type="Sitecore.Security.SwitchingProfileProvider, Sitecore.Kernel" applicationName="sitecore" mappings="switchingProviders/profile"/> 

        <add type="System.String" name="SC_UserData"/>