Hello John, I too am going to advise to go the Custom Membership Provider route.
depending on how integrated you want the custom provider to be, you need to implement the following methods:
- ValidateUser: use the available user and password to authenticate on your external service
- GetUser(username, isOnline) and GetUser(providerUserKey, isOnline): when the providerUserKey is used, you need two custom methods that can translate between a GUID (SF user id) and your User Id, and viceversa. For this, I use emails as my user ids, so I have a table that stores SF_guid, email, and use that to translate to SF when it needs a user from me.
To return a MembershipUser, you can instantiate it as a new object, and assign the properties from your user, at least the ones you have... the important thing is the providerUserKey, where I rely on my method GetGuidFromEmail, so I use the email to figure out the guid SF needs.
I think these two methods will let you now authenticate users with a SF login widget that is set up to use your custom provider
I also needed role management on my users, and used the roles in SF, so I had to make these methods work so that I can see the users in the backend and assign SF roles to them (and so that the user search worked):
basically, find the users, loop thru them and create the collection of MembershipUsers to return to SF.
Other methods I implemented:
- GetUserNameByEmail: I dont know if this one was required.
The other methods I did not care about, changePassword, passwordChange settings, etc