Configuring membership providers

Episerver Commerce has full support for the standard Episerver Membership and Role Providers, including Multiplex and Active Directory. Episerver Commerce uses the ASP.NET membership provider model to provide secure user management for the framework. By using the provider model, one can write a custom provider to store the user information in any system and still have it function within Episerver Commerce.

Adding a membership provider

The first step when using custom membership is to add the custom provider to the application by adding a reference to the library containing the provider. By default you do not need this because the "custom" provider is already referenced.

Defining the membership provider

Next, you need to define the membership provider in the application web.config file:

<membership defaultProvider="CMSMembershipProvider">
 <providers>
   <add connectionStringName="MembershipSqlConnection"
     applicationName="eCommerceFramework"
     enablePasswordRetrieval="false"
     enablePasswordReset="false"
     requiresQuestionAndAnswer="false"
     requiresUniqueEmail="true"
     passwordFormat="Hashed"
     passwordStrengthRegularExpression=""
     minRequiredPasswordLength="1"
     minRequiredNonalphanumericCharacters="0"
     name="CMSMembershipProvider"
     type="Mediachase.Commerce.Customers.Profile.Providers.CustomerSqlMembershipProvider, Mediachase.Commerce"
     />
  </providers>
</membership>

The above code shows the configuration of the CustomerSqlMembershipProvider. You would need to change the type to point to your new provider should you want to replace the provider.

Notes

In Episerver Commerce, you need some way of associating an authenticated user (as given by the membership provider) with a Contact/Customer. Because there is a property named ProviderUserKey on the MembershipUser object (as returned by a membership provider) which is a unique key identifying the user, that is the identifier we will use.

Unfortunately ProviderUserKey is typed as Object and there is no generic way to convert it into something that you can store and use for comparisons. To handle this, Episerver Commerce has code to select different conversion methods to/from a string, depending on the type of ProviderUserKey. It currently supports Guids (used by SqlMembershipProvider), Int32 (common choice for database identifier), SID (Windows identity) and byte[] (binary data). This means that out-of-the-box, any membership provider that uses any of the four data types for the ProviderUserKey will work.

If your membership provider uses any other data type for the ProviderUserKey, then you need to implement an interface (IConvertUserKey) and register your class with the IoC container in Episerver Commerce.