Custom membership provider: Create the custom membership provider class
At this point you can start to write the custom Membership Provider class.
- Under the root of your project, create a folder named Providers.
- Add a new class to this folder and name it CustomMembershipProvider.cs.
- Inherit from the MembershipDataProvider class that is inside the Telerik.Sitefinity.Security.Data namespace.
You can override a lot of methods, depends on the case you are writing this provider for.
- For all the methods that need to access the external database, you can define a property named ProviderEntities, which is of type CustomMembershipProviderEntities.
This class is corresponding with the ADO.NET Entity Data Model. It is initialized in the Initialize() method and you must use the name you entered when creating the model.
For more information, see Custom membership provider: Full code.
Start with the methods you need to validate a user on the frontend. You must override the following methods:
- ValidateUser(string username, string password)
- ValidateUser(User user, string password)
The above methods use the following private methods, which you added to the class:
- CheckValidPassword(User user, string password)
- CheckValidPassword(string enteredByUser, string original, MembershipPasswordFormat passwordFormat)
You can use different encodings regarding the passwords. This example uses the Encrypted format, which allows you to read back the password, so that the user can do a password retrieval, if needed.
The available formats are the following:
A hashed password that is one-way.
An encrypted password.
You use a number of methods to retrieve the user information that is needed. There are a couple of methods for getting a single user and one method for getting a collection of users:
- GetUser(Guid id)
- GetUserByEmail(string email)
- GetUser(string userName)
NOTE: The GetUsers() method returns an IQueryable result set of all users. When querying the result using LINQ, it takes place in the memory, causing a performance hit.
In the default Sitefinity CMS provider this does not happen, as Sitefinity CMS uses its own queryable LINQ implementation with OpenAccess, which returns the user records already filtered.
Creating and deleting users
You also implement the methods to create and delete users from the backend. Since you are using encrypted passwords, it is not that easy to just enter some vanilla data inside the table. You must enable the logic to do this from the backend, using the following:
- CreateUser(Guid id, string userName)
- CreateUser(string userName)
- CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
- Delete(User item)