c a n d l a n d . n e t

Setup N2Cms to Use the Asp.Net Providers for Authentication and Authorization

Dusty Candland | |

Continued from Setup N2Cms on an Asp.Net MVC

Setup the data

Add the asp.net sql tables by executing aspnet_regsql.exe

aspnet_regsql.exe -C "data source=.\SQLEXPRESS;Integrated Security=SSPI ;User Instance=true" -A all -d c:\projects\red27\app_data\red27.mdf

http://weblogs.asp.net/lhunt/archive/2005/09/26/425966.aspx

Next add the Administrators and Editors roles to the db using the aspnet_Roles_CreateRole stored procedure.

aspnet_Roles_CreateRole &lsquo;/&rsquo;, &lsquo;Administrators&rsquo; <br />aspnet_Roles_CreateRole &lsquo;/&rsquo;, &lsquo;Editors&rsquo;

Next update the web config roleManager to be enabled and remove all but the AspNetSqlRoleProvider provider.

http://code.google.com/p/n2cms/wiki/WebConfig

<roleManager enabled="true">
  <providers>
    <clear />
    <add connectionStringName="N2CMS" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</roleManager>

Create the admin account

Now create a new user by going to the /Account/Register page. Then log off.

Log in to the /edit section of the site using the credentials found in the forms authentication section.

<authentication mode="Forms">
  <forms loginUrl="edit/login.aspx" protection="All" timeout="30000" path="/">
    <credentials passwordFormat="Clear">
      <user name="admin" password="changeme"/>
    </credentials>
  </forms>
</authentication>

Click on Manage Users and then edit your newly created account, adding it to the Administrators and Editors roles. Log off and back on with your new account.

Clean Up

Now remove the credentials section from the forms authentication section.

<authentication mode="Forms">
  <forms loginUrl="edit/login.aspx" protection="All" timeout="30000" path="/"/>
</authentication>

Open the web.config in the Edit directory and remove the users attribute from the authorization section.

<authorization>
  <allow roles="Administrators,Editors"/>
  <deny users="*"/>
</authorization>

Webmentions

These are webmentions via the IndieWeb and webmention.io. Mention this post from your site: