Yes, it is possible to do this. There is a backoffice membership provider as well.
However, you need to create the users in each umbraco install to be able to determine the user permissions level, so the provider is mostly just used for authentication so you only maintain your password in one place.
That should be it really. As mentioned you still need to create the users in the umbraco backend to give them access/set permissions. But the login/password is validated against the sql provider.
Thats great, thanks for the extra info. So the username in Umbraco will need to match the username used with the membership provider for authentication? Struggling to see how Umbraco matches them up otherwise?
Matching the membership provider username with the umbraco username would definitely make the most sense. Your membership provider will more than likely first test to see if the username/password is in the central membership database if they are authenticated on that, then your membership provider see if that username exists in umbracoUsers and if not, then it will create that users with some default settings. Morten, how do you handle changing passwords/adding new members in your central membership (did you just create a user control for this?).
OK, so I am making slow progress on this however I did hit a problem. Here is what I have done so far:
Made sure my username and email for my Umbraco user account match those with my custom provider
Logged out
Added custom membership provider to web.config
Changed the DefaultBackOfficeProvider to the new provider
Logged back into Umbraco back office ok
Attempted to create a new user to allow access to back office and got an exception so tried again and nothing happens and no user is created with no UI feedback
Having taken a look at the logs I can see an exception is being thrown "Failed to create the user. Error from provider: DuplicateUserName" so I checked in the provider DB and the user has been created in there. The obvious problem here is that to allow access to the back office you need to create your users first then switch providers and if you want to add any further users access to backoffice you need to manually add them to the umbracoUsers table. This is not ideal and I am not sure if this is being addressed in any future versions but I would like to add it my list of things to look at in the future.
If anyone has had more success than me on this I would be interested to hear, perhaps you Morten, how do you handle this?
Well, in our scenario the users are maintained in a central website, and whenever they are updated we call webservices on the other umbraco installs that need to have the users created/updated, and then we do that through the umbraco API.
So I don't have much experience with creating the users directly in the Umbraco UI.
Sharing Users Across Installations
Is it possible to have the same users (not members) across Umbraco installs so that users just maintain a single login across Umbraco sites?
Hio Simon,
Is it posible to use Active directory?
It's very simple to use.
Ron
Yes, it is possible to do this. There is a backoffice membership provider as well.
However, you need to create the users in each umbraco install to be able to determine the user permissions level, so the provider is mostly just used for authentication so you only maintain your password in one place.
Do either of you have any further information on how to implement each solution so I can assess which is the most appropriate to implement?
In our case, we have a central membership database that is separate from umbraco. We are using Microsofts SqlMembershipProvider for this.
Then, in the configuration -> system.web -> membership section we added the provider:
<add name="CustomUserProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="Membership" applicationName="MyApplicationName" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="1000" passwordFormat="Hashed" />We also added the connection string in the configuration -> connectionstrings:
Now, in the umbracoSettings.config you need to specify which provider you want to use for the backoffice:
That should be it really. As mentioned you still need to create the users in the umbraco backend to give them access/set permissions. But the login/password is validated against the sql provider.
Thats great, thanks for the extra info. So the username in Umbraco will need to match the username used with the membership provider for authentication? Struggling to see how Umbraco matches them up otherwise?
Matching the membership provider username with the umbraco username would definitely make the most sense. Your membership provider will more than likely first test to see if the username/password is in the central membership database if they are authenticated on that, then your membership provider see if that username exists in umbracoUsers and if not, then it will create that users with some default settings. Morten, how do you handle changing passwords/adding new members in your central membership (did you just create a user control for this?).
OK, so I am making slow progress on this however I did hit a problem. Here is what I have done so far:
Having taken a look at the logs I can see an exception is being thrown "Failed to create the user. Error from provider: DuplicateUserName" so I checked in the provider DB and the user has been created in there. The obvious problem here is that to allow access to the back office you need to create your users first then switch providers and if you want to add any further users access to backoffice you need to manually add them to the umbracoUsers table. This is not ideal and I am not sure if this is being addressed in any future versions but I would like to add it my list of things to look at in the future.
If anyone has had more success than me on this I would be interested to hear, perhaps you Morten, how do you handle this?
Well, in our scenario the users are maintained in a central website, and whenever they are updated we call webservices on the other umbraco installs that need to have the users created/updated, and then we do that through the umbraco API.
So I don't have much experience with creating the users directly in the Umbraco UI.
is working on a reply...