HomeDev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityDoc feedbackLog In
GitHubNuGetDev CommunityDoc feedback

You can configure the application to use `AspNetIdentity` as the authentication module for managing users and roles. This configuration requires the following NuGet package as a dependency: _EPiServer.CMS.UI.AspNetIdentity_.

**To use and configure AspNetIdentity OWIN-based authentication:**

  1. Set the authentication mode in the **system.web** section of the _web.config_ file as shown:

  2. Clear the membership and rolemanager providers from _web.config_ as shown:

  3. Because OWIN pipeline is a startup class needed to configure the application, add the following code to the startup class:


The _EPiServer.CMS.UI.AspNetIdentity_ NuGet package implements the `UIUsersManager`, `UIRoleManager`, `SecurityEntityProvider` and `SignInManager` providers, which need to be integrated with the Optimizely user interface. This means the users, roles and access rights can be managed from admin view. And, the Optimizely user interface login page (_/util/login.aspx_) can be used for login.

## Custom user database

By default, the `ApplicationContext` uses the `EPiServerDB` as a connection string name to save AspNet Users and roles. You can override it like this: 

## Custom user model

There are two ways to define a custom user model.

  • Inherit from `EPiServer.Cms.UI.AspNetIdentity.ApplicationUser`, like this:

  • Inherit from `Microsoft.AspNet.Identity.EntityFramework.IdentityUser` and the `EPiServer.Shell.Security.IUIUser` interfaces, like this:


After defining a custom user model, you need to configure it in the OWIN startup class, like this:

## SecurityEntityProvider 

The `EPiServer.CMS.UI.AspNetIdentity` implements and registers the `UIUserProvider`, `UIRoleProvider`, `UISignInManager` and `SecurityEntity` provider in the container. To override them, you need to programmatically register it in the `InitializeModule`, like this:

## Extend the Cms Asp.net Identity implementation

The Asp.net Identity system is using the Owin pipeline which makes it a bit harder to replace our default implementation, it is not just a matter of registering a new class in the IoC container.

Instead, you need to take control of the pipeline setup. We are exposing the default create delegates for all standard Asp.net Identity classes, which means that you need to create your own Pipeline initialization method and call the create delegates in the correct order. This is an example on how you can do that in your own `IAppBuilder` extension method.

When you have your new setup method you need to call that method in the `Startup` instead of the built-in one.

When you have your custom pipeline running, it is possible to change things like the default `PasswordHasher`, the default `PasswordValidator`, etc.

The first thing you need to do is to create a new create delegate for the `ApplicationUserManager` and change the relevant values.

When you have your own create delegate you have to replace the default create delegate in the `SetupCustomAspNetIdentity` method.