Create the custom membership provider class

At this point you can start to write the custom Membership Provider class.

  1. Under the root of your project, create a folder named Providers.
  2. Add a new class to this folder and name it CustomMembershipProvider.cs.
  3. Inherit from the MembershipDataProvider class that is inside the Telerik.Sitefinity.Security.Data namespace.
    You can override a lot of methods, depends on the case you are writing this provider for.
  4. For all the methods that need to access the external database, you can define a property named ProviderEntities, which is of type CustomMembershipProviderEntities.
    This class is corresponding with the ADO.NET Entity Data Model. It is initialized in the Initialize() method and you must use the name you entered when creating the model.

For more information, see Custom membership provider: Full code.

Validating Users

Start with the methods you need to validate a user on the frontend. You must override the following methods:

  • ValidateUser(string username, string password)
  • ValidateUser(User user, string password)

The above methods use the following private methods, which you added to the class:

  • CheckValidPassword(User user, string password)
  • CheckValidPassword(string enteredByUser, string original, MembershipPasswordFormat passwordFormat)

Password encoding

You can use different encodings regarding the passwords. This example uses the Encrypted format, which allows you to read back the password, so that the user can do a password retrieval, if needed.
The available formats are the following:

  • Clear
    No encoding.
  • Hashed
    A hashed password that is one-way.
  • Encrypted
    An encrypted password.

Getting users

You use a number of methods to retrieve the user information that is needed. There are a couple of methods for getting a single user and one method for getting a collection of users:
  • GetUser(Guid id)
  • GetUserByEmail(string email)
  • GetUser(string userName)
  • GetUsers()

NOTE: The GetUsers() method returns an IQueryable result set of all users. When querying the result using LINQ, it takes place in the memory, causing a performance hit.
In the default Sitefinity CMS provider this does not happen, as Sitefinity CMS uses its own queryable LINQ implementation with OpenAccess, which returns the user records already filtered.

Creating and deleting users

You also implement the methods to create and delete users from the backend. Since you are using encrypted passwords, it is not that easy to just enter some vanilla data inside the table. You must enable the logic to do this from the backend, using the following:

  • CreateUser(Guid id, string userName)
  • CreateUser(string userName)
  • CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
  • Delete(User item)

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?