Sitecore on Azure PaaS – AD integration – The multiple providers service is OFF.

Since last few weeks I’ve been trying to get to the bottom of Active Directory integration with Sitecore when hosted on Microsoft Azure as PaaS. While that goal is now successfully achieved – have a read of the blog post if you already haven’t as this blog post forms a part of it.

During the process of integration and configuration of Sitecore Active Directory module, I also came across this particular message:

The multiple providers service is OFF

which resulted because during the process, configuring Activating the Switching Providers (the instructions mentioned in the Active Directory module’s guide page 10) was missed off completely in our excitement of getting this PoC working!

How did we encounter this?

Since this is Active Directory Domain integration with Sitecore CM web app has to be secure we wanted to check if the configuration and integration we have done has been properly done or not.

Moreover we were doing this for the first time and we couldn’t see the Active Directory Domain Groups or Users being exposed in Sitecore’s Role, User or Domain Managers. We did some further reading in Sitecore’s AD module guide and came across The Status Page!

The special Status Page of the AD module is a feature which allows one to troubleshoot for potential security problems and is available on the below url:

http://[yoursite]/sitecore/admin/ProviderStatus.aspx

So in our case, we tried to visit

http://sitecorevanilla.azurewebsites.net/sitecore/admin/ProviderStatus.aspx

Once the page loaded we found the message “The multiple providers service is OFF. In order to enable an option to work with multiple providers, set default Membership and Roles providers to switcher.” as shown below.

The multiple providers service is OFF

The Active Directory module’s guide (page 30) describes some high level status information about each provider:

  • If the status is ON, the provider is functioning and can serve the requests.

  • If the status is OFF, the provider has refused a simple request and the system has marked it as broken.

Coming back to problem on hand, after quick research within the web.config and Sitecore.config alongside Sitecore logs (which are now available in the Kudu console of the web app) and Application & Security logs under Windows Logs in Event Viewer on the VM (on which the Active Directory domain under test was hosted),  we discovered that the simple requests were getting refused.

Going through the configuration steps mentioned in the Active Directory module guide again was the obvious choice – to make sure that everything has been understood, followed and implemented correctly!

The finding was that we had missed out on Activating the Switching Providers:

  • Basically in web.config file, in <system.web> section, search for <membership> element, find the provider called sitecore and set its realProviderName attribute to switcher.
    <membership defaultProvider="switcher" hashAlgorithmType="SHA1">
  • Same way within <system.web> section, search for <roleManager> element, find the provider inside called sitecore and set its realProviderName attribute to switcher.
    <roleManager defaultProvider="switcher" enabled="true">

    Refer page 10 of the Active Directory module’s guide for more details.

Finally, after making these config changes, restarting the Sitecore CM web app we saw the screen that was expected

Verify the status of security providers

Hope this helps my fellow Sitecorians in the world of Azure!

Happy Sitecoring!

Reference Materials: