EPiServer - How to log in to admin / edit mode

Introduction

I was recently demonstrating EPiServer 7.5 to a group of experienced Wordpress developers. They liked it a lot, and according to them, EPiServer is a way cooler and stronger than Wordpress. The only problem they had: how to log into the admin mode?

Most content management systems come with an installation wizard where you can create the administrator account, or you get an admin user with a default password which you have to change after the first login.

I had some issues with AlloyTech project and multiplexing provider on my company laptop when I'm not connected to the VPN. Windows caches your username and password so that you can log in to Windows using your domain account when you don't have internet or VPN connection. However, WindowsMembershipProvider doesn't work in offline mode.

In this blog post, I’ll show you how to create the admin user in AlloyTech website. This is how I do it; there are probably easier / better ways, so your feedback is greatly appreciated!

1. Change role and membership providers

In AlloyTech, the default provider is set to Multiplexing provider. We will change it to SqlServerMembershipProvider so that we can create users and user groups in the database.

This can be done in the web.config.

Before:

EPiServer role and membership providers

After:

EPiServer role and membership providers

2. Creating users and roles

If you take a closer look at the web.config file, you'll find the following section:

<virtualRoles addClaims="true">
    <providers>
        <add name="Administrators" type="EPiServer.Security.WindowsAdministratorsRole, EPiServer.Framework" />
        <add name="Everyone" type="EPiServer.Security.EveryoneRole, EPiServer.Framework" />
        <add name="Authenticated" type="EPiServer.Security.AuthenticatedRole, EPiServer.Framework" />
        <add name="Anonymous" type="EPiServer.Security.AnonymousRole, EPiServer.Framework" />
        <add name="CmsAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
        <add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors" mode="Any" />
        <add name="Creator" type="EPiServer.Security.CreatorRole, EPiServer" />
        <add name="PackagingAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators" mode="Any" />
    </providers>
</virtualRoles>

Everyone, Authenticated, Anonymous, CmsAdmins, CmsEditors, Creator, and PackagingAdmin are the built-in virtual roles. All roles inside role=”something” (WebAdmins, WebEditors, Administrators, etc.) are the real roles from SQL Server or AD.

We will keep this section as is, and create WebAdmins and WebEditors groups.

In Visual Studio, click on Project / ASP.NET Configuration:

EPiServer visual studio

I'm using Visual Studio 2012, so this might look different in other editions of Visual Studio.

You'll get a Web Site Administration Tool page:

web site administration tool page

Click on Security, and then Create or Manage roles:

Create WebAdmins and WebEditor roles and click the Back button.

Now create a new user and make sure 'Active User', 'WebAdmins', and 'WebEditors' are checked:

That's it!

3. Granting access to admin mode

In web.config file you'll find something like this:

<location path="EPiServer/CMS/admin">
    <system.web>
        <authorization>
            <allow roles="WebAdmins, Administrators" />
            <deny users="*" />
        </authorization>
    </system.web>
</location>

Here, I prefer to use virtual roles instead of roles that are stored in SQL server.

My location sections for admin and edit mode look like this:

<location path="EPiServer/CMS/admin">
    <system.web>
        <authorization>
            <allow roles="CmsAdmins" />
            <deny users="*" />
        </authorization>
    </system.web>
</location>

<location path="EPiServer">
    ...
    <system.web>
        <authorization>
            <allow roles="CmsAdmins, CmsEditors" />
            <deny users="*" />
        </authorization>
    </system.web>
    ...
</location>

NOTE: If you cannot log into existing website and EPiServer doesn't throw any validation errors, this means that your username and password are correct, but allow roles are not properly configured in the above location sections.

4. Switching back to Multiplexing providers

Now you can switch back to multiplexing providers (from step 1), log into the admin mode, find which AD groups should be granted access rights to, and update virtual roles from step 2 :)

comments powered by Disqus