Hi, I'm building a solution using EPiServer 4.62 and the client I am building the solution for requires their users to Authenticate using an external datasource. Enter the Configurable Authentication Provider Chain. No problem, right? I thought I'd make life easy and hook into the built-in EPiServer page access rights functionality to control access to pages on the website, so I built my custom Authentication Provider and to integrate with EPiServer roles I added a Roles table to my external datastore made sure that the rolenames in this table had matching roles in EPiServer. Once Authentication succeeds, I use the user object returned from my external datastore to create a UserSid. The code extract below is a section of the DatabaseAuthenticationProvider that has been modified to suit my needs... .... UserSid sid = new UserSid(user.Id, SecurityIdentityType.ExtranetUser); sid.FirstName = user.Firstname; sid.LastName = user.Lastname; sid.Name = user.Username; sid.Password = user.Password; sid.Active = true; foreach (string membership in user.Memberships) sid.MemberOfGroups.Add(Sid.Load(membership)); UnifiedPrincipal principal = new UnifiedPrincipal(sid); principal.UserData["IsRestrictedSession"] = user.IsRestrictedSession; principal.SetIPRestriction(sid.AllowedIPAddress, sid.AllowedIPAddressMask); if (principal.CheckIPAddress(e.ClientIP)) if (!principal.CheckPassword(e.Password)) { .... Now, everything works fine up to here. The line in the code above where I insert a value into the PersonalisedData collection... principal.UserData["IsRestrictedSession"] = user.IsRestrictedSession; ...is where everything goes belly-up. When the PersonalizedData collection is accessed for the first time, the UnifiedPrincipal tries to load it from the datastore. The problem is, it tries to retrieve the data from the EPiServer datastore for my external user which will obviously fail! I can't set the PersonalizedData collection either... principal.UserData = new PersonalizedData(); ... because it is read-only! Through trying to find a solution I did come across the (undocumented it seems) EPiServer.Personalization.PersonalizedDataProvider and EPiServer.Personalization.PersonalizedDataProviderConfigurationHandler classes which led me to believe that the PersonalizedDataProvider might be configurable. From disassembling the code I found that the static constructor of the PersonalizedDataProviderConfigurationHandler tries to initialise the PersonalizedDataProvider from the applications configuration file... ... provider = ConfigurationSettings.GetConfig("episerver/personalizedDataProvider") as PersonalizedDataProviderConfigurationHandler; ... So, naturally I tried adding a "personalizedDataProvider" node to the "episerver" node in the web.config file. This made my web application bomb, throwing the following exception... ....Unrecognized configuration section episerver/personalizedDataProvider... What is the point of enabling external authentication of your shiny new Authenticated user can't integerate with EPiServer???