LogoDOCUMENTATION

SELECT PRODUCT DOCUMENTATION

Sitefinity CMSSitefinity InsightSitefinity CloudKnowledge Base
Security
Web security module
Web security settings
Authentication
Users
Roles
Permissions
Authentication settings
Create a custom membership provider
Implement an ASP.NET SQL membership provider
Customize the email notification for password change
Best practices for Authentication
Troubleshooting Authentication
HomeCreate a custom membership providerCreate the custom membership provider class

Create the custom membership provider class

At this point you can start to write the custom Membership Provider class.

  1. Under the root of your project, create a folder named Providers.
  2. Add a new class to this folder and name it CustomMembershipProvider.cs.
  3. Inherit from the MembershipDataProvider class that is inside the Telerik.Sitefinity.Security.Data namespace.
    You can override a lot of methods, depends on the case you are writing this provider for.
  4. For all the methods that need to access the external database, you can define a property named ProviderEntities, which is of type CustomMembershipProviderEntities.
    This class is corresponding with the ADO.NET Entity Data Model. It is initialized in the Initialize() method and you must use the name you entered when creating the model.

For more information, see Custom membership provider: Full code.

Validating Users

Start with the methods you need to validate a user on the frontend. You must override the following methods:

  • ValidateUser(string username, string password)
  • ValidateUser(User user, string password)

The above methods use the following private methods, which you added to the class:

  • CheckValidPassword(User user, string password)
  • CheckValidPassword(string enteredByUser, string original, MembershipPasswordFormat passwordFormat)

Password encoding

You can use different encodings regarding the passwords. This example uses the Encrypted format, which allows you to read back the password, so that the user can do a password retrieval, if needed.
The available formats are the following:

  • ClearNo encoding.
  • HashedA hashed password that is one-way.
  • EncryptedAn encrypted password.

Getting users

You use a number of methods to retrieve the user information that is needed. There are a couple of methods for getting a single user and one method for getting a collection of users:

  • GetUser(Guid id)
  • GetUserByEmail(string email)
  • GetUser(string userName)
  • GetUsers()

NOTE: The GetUsers() method returns an IQueryable result set of all users. When querying the result using LINQ, it takes place in the memory, causing a performance hit.
In the default Sitefinity CMS provider this does not happen, as Sitefinity CMS uses its own queryable LINQ implementation with OpenAccess, which returns the user records already filtered.

Creating and deleting users

You also implement the methods to create and delete users from the backend. Since you are using encrypted passwords, it is not that easy to just enter some vanilla data inside the table. You must enable the logic to do this from the backend, using the following:

  • CreateUser(Guid id, string userName)
  • CreateUser(string userName)
  • CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
  • Delete(User item)
Want to learn more?
Enhance your Sitefinity skills by enrolling in free training sessions. Become Sitefinity certified through Progress Education Community to strengthen your professional credentials.
course-book
Get started with Integration Hub | Sitefinity Cloud
This free lesson teaches administrators, marketers, and other business professionals how to use Sitefinity Integration Hub to create automated workflows between Sitefinity and other business systems.
course-book
Web Security for Sitefinity Administrators
This free lesson teaches administrators the basics about protecting your Sitefinity instance and your sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.
course-book
Foundations of Sitefinity ASP.NET Core Development
The free on-demand video course teaches developers how to use Sitefinity ASP.NET Core and take advantage of its decoupled architecture and modern development model.
This Article Contains
Validating UsersPassword encodingGetting usersCreating and deleting users
New to Sitefinity?
Get a demoPlatform overview
Documentation
About Sitefinity
Resources
Learn
New to Sitefinity
+1-888-365-2779