This content is archived. See latest version here

Last updated: Mar 31 2014

Introduction

EPiServer Commerce has full support for the standard EPiServer Membership and Role Providers, including Multiplex and Active Directory. EPiServer Commerce uses the ASP.NET membership provider model to provide secure user management for the framework. By using the provider model, one can write a custom provider to store the user information in any system and still have it function within EPiServer Commerce.

Adding a membership provider

The first step when using custom membership is to add the custom provider to the application by adding a reference to the library containing the provider. By default you do not need this because the "custom" provider is already referenced.

Defining the membership provider

Next, you need to define the membership provider in the application web.config file:

XML
<membership defaultProvider="CMSMembershipProvider">
<providers>
<add connectionStringName="MembershipSqlConnection"
applicationName="eCommerceFramework"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
passwordStrengthRegularExpression=""
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
name="CMSMembershipProvider"
type="Mediachase.Commerce.Customers.Profile.Providers.CustomerSqlMembershipProvider, Mediachase.Commerce"
/>
</providers>
</membership>

The above code shows the configuration of the CustomerSqlMembershipProvider. You would need to change the type to point to your new provider should you want to replace the provider.

Remarks

In EPiServer Commerce we need some way of associating an authenticated user (as given by the membership provider or Thread.CurentPrincipal) with a Contact/Customer. Since there is a common property named UserName on the MembershipUser, which is a unique key identifying the user and Name, and a property called Name for IIdentity in Principal , that is the identifier we will use for Contacts too. In the case the Contact/Customer doesn't exist for the authenticated user it will be created.

See also

  • Additional topics in the Security section in the EPiServer Commerce SDK
  • Authentication and Authorization in the Security section in the EPiServer CMS SDK

Do you have feedback on this documentation? Send an email to documentation@episerver.com. For development-related questions and discussions, refer to our Forums on https://world.episerver.com/forum/