This training article will teach you about user accounts, roles, and registration forms in DNN.
Personas and User Accounts - What Is a Persona?
Personas are subjective descriptions of user types. It is essential that you understand into which persona the user fits so you can accurately assess their intention and skill level.
Some common personas are:
- Superuser (Host): Has full permissions for all sites within the DNN instance.
- Administrator: Has permissions to manage one or more specific sites.
- Regular User: Has permissions based on predefined or custom roles within a specific site.
- Content Manager: Users with permissions to manage (add/delete/modify/reposition) content within a page.
- Content Editor: Users with permissions to edit the content on a page.
- Developer: Builds and modifies themes and extensions.
- Designer: Designs and implements the visual design elements of the site.
- Community Manager: Manages and moderates a site's social community.
Users can have multiple personas. A small business owner might be a Superuser and also a Content Manager, Content Editor, and Designer.
What Is a User Account?
User accounts are the physical accounts and permissions stored in DNN. For further information, please refer to User Accounts. While DNN utilizes the ASP.NET membership provider, it still provides a lot of functionalities for user accounts, such as:
A traditional user login tool with a password reset option.
A user registration tool that allows users to register as users of a given site.
A password recovery tool.
Page and module permissions that can be granted on an individual basis.
Customizable Profile Properties
Customizable profile properties such as address, company, profile image, etc.
Roles are ways to group user accounts. Roles can be used to assign security permissions to groups of users or to categorize users into social groups. For example, you can use roles to allow only paid subscribers to access your site. DNN provides the following default roles:
- Administrators: Administrators have full permissions to manage their specific site, including permissions to add, delete, and edit all pages and modules on the site. They can also authorize other users to access the Site Administration modules, as well as other pages. This role cannot be deleted or modified.
- Registered Users: All authenticated users (i.e., users who are registered and logged in). These user accounts can be authorized or unauthorized to access specific pages/modules. This role cannot be deleted or modified.
- Unverified Users: An unverified user is someone who has registered for an account but has not yet verified their email address.
- Subscribers: Subscribers are users that sign up for a subscription to the site. All registered users are added to this role by default. Authenticated users can unsubscribe or re-subscribe to this role under Membership Services on the View Profile module. Administrators can delete or modify this role.
- Translators: A role for translators is automatically added for the default site language; for example, "Translators (en-US)" if the site's default language is set to English (US). When content localization is enabled, another Translator role is added for each installed language. Registered users must be manually assigned to this role.
- Content Editors: Content Editors are users with permissions to edit the content on a page.
- Content Managers: Content Managers are users with permissions to manage (add/delete/modify/reposition) content within a page.
"Default roles, like Administrators and Registered Users, can't be modified because some functions in DNN are hardcoded to use them."
-Ben Nelson, DNN Expert.
Roles are portal-specific, so there will be a role for each portal. However, there are three pseudo-roles which are the exception to this rule which are:
- All Users: All site visitors, whether they are authenticated or not.
- Superusers: Superusers do not belong to any roles because they have full permissions to manage any site in the entire DNN installation. Superusers can only be created by other superusers.
- Unauthenticated Users: Anonymous users who are not logged in to the site.
"Speaking of superusers, they do not belong to any roles or portals by default because their permissions are unlimited and therefore supersede the permissions of all roles."
Jeffrey Binney, DNN Expert
Role groups categorize multiple roles for ease of management. For example, a role group named Staff could include the following security roles:
- All Staff
- Information Technology
While role groups are used very infrequently, it is important to know they exist.
Various registration options can be set for a site to allow the creation of User Accounts. Settings include choosing the page to which users are redirected after registration, enabling and disabling the CAPTCHA security code feature, and adding validation requirements.
- Private: Visitors can apply to become a site member. DNN creates a user account for them. However, access to the Registered User role is restricted until the account is authorized.
- Public: Visitors who successfully register gain immediate access to the Registered User security role. This is the default option.
- Verified: Visitors who successfully register must verify their account by entering a verification code the first time they log in to the site. Once the account is verified the user gains access to the Registered User security role. This ensures the email address provided during registration is valid.
- None: Select to disable registration. This will remove the Register link from the site pages, the Account Login page and any other Account Login modules.
The AspNetMembershipProvider is a feature that enables AspNet developers to create websites that allow users to create a unique username and password combinations. This feature also includes password strength and authentication cookies.
Similar to User Accounts, DNN registration is also handled by the AspNetMembershipProvider.
Customizable Profile Properties
Each user account has customizable profile properties. These attributes make up a single Profile Property Definition. They are stored in the
ProfilePropertyDefinition database table.
Users often create new profile properties for their sites. The settings that tend to confuse users the most are:
Data Types: List, Unknown, and Country/Region.
Validation Expression: Regular expressions (regex) can be tricky as they are very syntactically specific.
Default Visibility: Changing default visibility only sets the visibility for new users who populate the property. Updating the visibility on all existing profile properties can be done via SQL Server Management Studio (SSMS) on the
Required: To ensure that a profile property is populated by all users, this setting should be used in conjunction with a customized registration form and a valid profile for login settings. Otherwise, it will only perform the validation when saving the user profile.
- Localization: The second page of the profile property definition editor sets localized values for the text related to the property. This allows you to reuse the same properties on multilingual sites.
Developers can create their own authentication providers to replace the default DNN login. Authentication providers allow the website to verify usernames and passwords against external identities. For example, logging into a website using your Google or Facebook accounts.
An example of an additional authentication provider that actually ships with the Evoq package is the Active Directory provider.
Only site Administrators have full permissions to create users. For instructions on how to create a user, please refer to Creating a User.
Managing User Passwords
Passwords can be reset in three ways:
You can change the password for the user. If the site is configured with password rules (i.e., minimum length), the initial password you assign must obey those password rules.
You can send the user a password reset link valid for 24 hours.
You can force the user to change their password at the next login. This action cannot be undone.
For further information, please refer to Managing a User Password.
Promoting Users to Hosts
Hosts (also known as Superusers) have full permissions to all sites within the DNN instance. Only a Host can promote or demote a user account to or from a Host account. For further information, please refer to Promoting a User to Host.
For a complete list of user account tasks please refer to User Accounts.
Common Confusing Settings
Some of the DNN settings that most often confuse users are:
- Email as Username: Using an email address as username can cause a problem if the site previously had non-unique email addresses registered.
- Superusers (aka Hosts): Superuser accounts should only be used for site-level tasks like installing extensions and running SQL queries since they have access to everything and we want to avoid accidents. It is recommended to remove any unused Superuser accounts from sites.
- Sharing Users Between Portals: If a user registers on a second portal using the exact same first name, last name, username, email, and password; it will use the existing account and add it to the additional portal.
- Bulk Importing Users: Bulk importing users can be accomplished by third parties. However, if a user has done this by themselves, it can be relevant to support if it was not done properly.
If data entry or modification directly via SQL is needed, the tables that are relevant to User Accounts are:
- Any of the
Adding/Deleting/Editing a Role
Assigning Users to a Role
Assigning users to a role is another common role task. Users added to a role immediately gain access to any modules or pages available to members of that role. The user might need to refresh their browser to view those modules and pages.
Please refer to Assigning Users to a Role for further instructions.
Using RSVP Codes
These codes can be used by site administrators to enable users to subscribe to a private role. To do this, the site administrator can send out an RSVP link containing the code (e.g via the newsletter function/email) to the users.
The actual code is chosen by the site's administrator and is associated with site Security Roles, so it can avail of all the capabilities of roles such as time-limited roles. To gain access to the role, the user can either click the RSVP link or log into the site and click the manage services link in their profile and enter the code directly.
Using Roles for Messaging
The DNN message center module allows users to send messages to all users or only users in specific roles.
If you need to do bulk data entry or modification directly via SQL, the tables that are relevant to User Roles are:
Customizing Registration Form Fields
DNN comes with a default registration form with certain fields pre-defined and available for account creation of User Accounts. Oftentimes, users will want to gather more information at account registration.
Please refer to Customizing Registration Form Fields in Version 9.0+ to learn how to customize the form fields.
3rd Party Extensions
Due to the DNN registration form being very simple, several users will want additional functionality which can be provided by third-party extensions.
Thousands of third-party modules and themes are available from the DNN Store.
If you need to enter or modify data entry or modification directly via SQL, the tables relevant to User Accounts are:
- Creating a User
- Assigning Users to a Role
- Customizing Registration Form Fields in Version 9.0+
- Editing Roles
- Configuring and Copying Page Permissions
- Granting SuperUser permission via SQL Server
- Mapping custom roles to Persona bar permissions