+1-888-365-2779
Try Now
More in this section

Forums / Sitefinity SDK / Extending Membership Provider

Extending Membership Provider

8 posts, 0 answered
  1. Greg Mattison
    Greg Mattison avatar
    15 posts
    Registered:
    14 Jul 2005
    28 Feb 2011
    Link to this post
    I'm attempting to extend the default membership provider to allow user validation against the sitefinity database as well as an external database, assuming the default validation against the sitefinity database fails.  I have created a CustomMembershipProvider extending OpenAccessMembershipProvider.  I registered this custom membership provider in the backend (Administration -> Settings -> Advanced -> Security -> Membership Providers) and I set the MembershipProvider property of the Login control to use the CustomMembershipProvider.  I have overridden the ValidateUser method and I can set a breakpoint and step into it, but base.ValidateUser(username, password) always returns false.  Is base.ValidateUser no longer going against the original datasource?
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    01 Mar 2011
    Link to this post
    Hi Greg,

    If the user and password exist in the data source the method should return true. ValidateUser returns false if the Telerik.Sitefinity.Security.Model.User object is not found or the username and password do not match. Another reason could be if the user is not approved or it has been locked.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!
  3. Greg Mattison
    Greg Mattison avatar
    15 posts
    Registered:
    14 Jul 2005
    01 Mar 2011
    Link to this post
    When I change the MembershipProvider property of the Login control back to empty, it allows me to login with a valid Sitefinity login, so that rules out the account being locked or the login being invalid.  This makes me believe the custom membership provider is somehow not configured correctly.  Also, because I am able to breakpoint in the overridden method, I know that it is at least able to find the custom class.  Is there any necessary configuration not listed in the original post that I am missing or would cause the Telerik.Sitefinity.Security.Model.User object to not be found?

    Thanks.
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    01 Mar 2011
    Link to this post
    Hello Greg,

    If you query an external database and you call base.ValidateUser this will not work, because the base method uses our hash algorithms to encrypt/decrypt the password and get the user. I tried the Login control with two Membership providers and I was able to authenticate the users. I made a query to another database with my custom provider, but in this case I was not calling the base of ValidateUser and I had my custom logic.

    Anyway if you can share the implementation with us I could try to come up with more details. You can also paste the provider registration that is saved inside App_Data/Sitefinity/Configuration/SecurityConfig.config.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!
  5. Greg Mattison
    Greg Mattison avatar
    15 posts
    Registered:
    14 Jul 2005
    01 Mar 2011
    Link to this post
    I'm sorry.  Maybe I wasn't clear in my goal.  I want to first attempt authentication with the Sitefinity DB and if that fails, I want to attempt authentication against an external DB.

    I have, however, resolved the issue.  I changed DefaultBackendMembershipProvider property in Advanced Security settings (Administration -> Settings -> Advanced -> Security) to the name of my custom membership provider and initial validation now correctly works when using the Sitefinity DB.

    Thank you for your help.
  6. rcfausto
    rcfausto avatar
    5 posts
    Registered:
    23 Sep 2010
    19 Jul 2011
    Link to this post
    Hi,
    How can I  "set the MembershipProvider property of the Login control to use the CustomMembershipProvider".
    My problem was I deleted the admin user of Sitefinity and there's no way for me to login. So I came up to that possible solution but can't find the login control. Thanks!
  7. Nicolas
    Nicolas avatar
    156 posts
    Registered:
    19 Jan 2011
    19 Jul 2011
    Link to this post
    Hi,

    you have to edit SecurityConfig.config, an example with your  CustomMembershipProvider :

    <?xml version="1.0" encoding="utf-8"?>
    <securityConfig authCookieName=".SFAUTH ........ defaultBackendMembershipProvider="CustomMembershipProvider">
        <applicationRoles>
            <role id="66452b57-a42f-4653-b683-2f8b3b2d2620" name="Everyone" />
            <role id="e7807969-db2b-4df5-8a7b-c45faa4c2d27" name="Anonymous" />
            <role id="4dc1bd63-9bc1-47fa-8b67-7c425d360a03" name="Authenticated" />
            <role id="3b64524b-81ca-4e4f-a1b5-de82de33fb10" name="Owner" />
            <role id="7c4f7ee9-d872-4261-8e6b-f0d65ba0f397" name="Administrators" />
            <role id="1bfaae99-c9c5-4a1b-9401-9bad2bb7cab1" name="BackendUsers" />
            <role id="8fb8ea1e-e1cb-404d-a536-93e3924063c1" name="Authors" />
            <role id="7c14fb75-b54d-4177-952d-e16dc362229a" name="Editors" />
            <role id="ee4ebf09-5a52-4308-8a0b-df8a6580ee79" name="Designers" />
        </applicationRoles>
        <securityProviders>
            <add version="4.1.1395.0" name="OpenAccessDataProvider" />
        </securityProviders>
        <membershipProviders>
            <add description="" resourceClassId="" type="xxxx.xxxx.xxxxx.CustomMembershipProvider" p3:type="System.RuntimeType, mscorlib" applicationName="xxxxxx/" RequiresQuestionAndAnswer="False" EnablePasswordReset="False" EnablePasswordRetrieval="False" ResetPasswordUrl="False" PasswordRetrievalUrl="False" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="(?=.{6,})" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" enabled="True" name="CustomMembershipProvider" xmlns:p3="urn:telerik:sitefinity:configuration:type" />
        </membershipProviders>
    </securityConfig>


    Regards,
    Nicolas
  8. rcfausto
    rcfausto avatar
    5 posts
    Registered:
    23 Sep 2010
    19 Jul 2011
    Link to this post
    Thanks Nicolas! :)
8 posts, 0 answered