Enabling the Switching Providers

For the security providers to work together with the standard Sitecore security providers (and other custom providers) the following changes should be made in the web.config:

Change the realProviderName attribute value of the sitecore provider element under system.web » membership » providers from "sql" to "switcher". It should look like this:

<add name="sitecore" type="Sitecore.Security.SitecoreMembershipProvider, Sitecore.Kernel" realProviderName="switcher" providerWildcard="%" raiseEvents="true" />

Change the realProviderName attribute value of the sitecore provider element under system.web » membership » roleManager from "sql" to "switcher”. It should look like this:

<add name="sitecore" type="Sitecore.Security.SitecoreRoleProvider, Sitecore.Kernel" realProviderName="switcher" raiseEvents="true" />

Change the defaultProvider attribute value of the system.web » profile element to "switcher". It should look like this:

<profile defaultProvider="switcher" enabled="true" inherits="Sitecore.Security.UserProfile, Sitecore.Kernel">

Enabling the Providers

For contact authentication, with the multi-role package, the security providers should be configured by adding the following elements (Multi-Role Only):

to the sitecore » switchingProviders » membership element (the order is not important)

<provider providerName="salesforceContact" storeFullNames="false" wildcard="%" domains="salesforce" isMultiRole="true" />

to the sitecore » switchingProviders » roleManager element (the order is not important)

<provider providerName="salesforceContact" storeFullNames="false" wildcard="%" domains="salesforce" />

to the Sitecore » switchingProviders » profile element (it must come before the "sql" definition in this group)

<provider providerName="salesforceContact" storeFullNames="false" wildcard="%" domains="salesforce" />

Configuration Example

<switchingProviders>
  <membership>
      <provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />
    <provider providerName="salesforceContact" storeFullNames="false" wildcard="%" domains="salesforce" isMultiRole="true" />
  </membership>
  <roleManager>
    <provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />
    <provider providerName="salesforceContact" storeFullNames="false" wildcard="%" domains="salesforce" />
  </roleManager>
  <profile>
    <!-- This line must go before the SQL provider which can handle all requests -->
    <provider providerName="salesforceContact" storeFullNames="false" wildcard="%" domains="salesforce" />
    <provider providerName="sql" storeFullNames="true" wildcard="%" domains="*" />

Please view the Low-Level Sitecore Security and Custom Providers article for details:

https://sdn.sitecore.net/Articles/Security/Low_level_Sitecore_Security_and_Custom_Providers.aspx

Importance or Order

The phrase “the order is not important” means that the definition will work in any case. The only difference the order makes is the order of users/roles in Sitecore security tools. For instance, if you put the Salesforce membership mapping before the sql one, you’ll see the represented Salesforce users in User Manager before the default Sitecore ones.

Next Step

Configuring the Membership Provider (Pre-Sitecore 9)

Steps