DotNetNuke User Roles and Security

By December 22, 2009 No Comments

One of the many benefits of DotNetNuke is the ability to easily control which users of the website can see and interact with what content. You can control the security and settings at the Page and Module level. This is useful if you wanted to create sections of your website that are for registered website users, members only, or for employee only sections.


A role is usually a group of users. There are a couple default roles such as Registered User, Unauthenticated user as well as a subscriber. However, you can create as many roles as you may need for your website. Examples may include PaidMembership, Employee, BoardofDirector, or Blogger. You can then add users of the website to a role.


A user is anyone who has a username and password to access the website. You may have created them an account, or possibly they registered and created their own account. By default every user will be in the Registered Users and Subscribers role. You can then manually add that user to additional roles as needed. Some modules like the 3rdparty Store can automatically add users to roles after buying a certain product. For example, after they purchase a ‘membership’ it can add them into a member’s role.

You can read about page and module settings to learn more about how to configure what users on your website can access which areas or control who can edit what.

Managing Users

From the admin Users page, which can be accessed in the upper right corner under ‘common tasks,’ you are able to Add/Edit/Delete Users, manage passwords, as well as determine what fields you want to collect when a user registers.

Extending User Profile & Account Registration

By default, when you register DotNetNuke will collect a username, first name, last name, display name, email address, and a password. If you want to collect more information than the basics, roll over the blue arrow on the Users module and select Manage Profile Properties. You will notice when you access this area that you will see many more properties that you can enable and also you can add more fields by clicking Add New Profile Property. If Required is checked then the user must provide a value for that field. If visible is selected then it will be shown on the new user registration page.

However, by default, DotNetNuke is configured for the basics registration options unless explicitly told otherwise. To get DNN to honor the custom profile fields you need to access the Users section then select “User Settings.”

The setting you want to change is Require a valid Profile for Registration. Set that to true and DNN will then use the custom profile fields on the new user registration page.

User Settings

You will notice a lot of settings in the User Settings area. The first two sections regarding Membership Provider Settings and Password Aging Settings are all controlled from your DotNetNuke web.config file. These cannot be configured from within DNN, only by editing that file. Many of the User Account settings are for configuring how the administrators User list is displayed. Then you have some valuable options like where to redirect the user after logging in, after logging out, or after registering. You can also require them to complete a CAPTCHA during the login or registration process. The require valid profile option is to show the user the additional profile properties when creating an account. Require a valid profile for login is an option in case you want to create someone’s username and password then send that to them. Once they login, they will have to complete the rest of their profile before getting access to the site.

Executive's Guide to Web Development

80 pages of topics and tips to navigate your way to a better website.

Leave a Reply