So it turns out that if you want to use an existing ASP.NET membership store with Graffiti, there's one thing you need to do with your existing users - add them to the "gEveryone" role.

If you don't do that, your users will be able to sign in, but will get an "access denied" error when they redirect back to the page they came from. Not ideal.

Fortunately there's a quick and dirty way to do this, using direct SQL. And here it is!

declare @gEveryone uniqueidentifier

select @gEveryone = RoleId 
from aspnet_Roles 
where RoleName = 'gEveryone'

insert into aspnet_UsersInRoles (UserId, RoleId)
select UserId, @gEveryone
from aspnet_Users 
where not exists (
    select 1
    from aspnet_UsersInRoles ur
    where ur.UserId = aspnet_Users.UserId 
        and ur.RoleId = @gEveryone)