Topics

All topics

Create the custom membership provider class

At this point you can start to write the custom Membership Provider class.

Under the root of your project, create a folder named Providers.
Add a new class to this folder and name it CustomMembershipProvider.cs.
Inherit from the MembershipDataProvider class that is inside the Telerik.Sitefinity.Security.Data namespace.
You can override a lot of methods, depends on the case you are writing this provider for.
For all the methods that need to access the external database, you can define a property named ProviderEntities, which is of type CustomMembershipProviderEntities.
This class is corresponding with the ADO.NET Entity Data Model. It is initialized in the Initialize() method and you must use the name you entered when creating the model.

For more information, see Custom membership provider: Full code.

Validating Users

Start with the methods you need to validate a user on the frontend. You must override the following methods:

ValidateUser(string username, string password)
ValidateUser(User user, string password)

The above methods use the following private methods, which you added to the class:

CheckValidPassword(User user, string password)
CheckValidPassword(string enteredByUser, string original, MembershipPasswordFormat passwordFormat)

You can use different encodings regarding the passwords. This example uses the Encrypted format, which allows you to read back the password, so that the user can do a password retrieval, if needed.
The available formats are the following:

Clear
No encoding.
Hashed
A hashed password that is one-way.
Encrypted
An encrypted password.

Getting users

You use a number of methods to retrieve the user information that is needed. There are a couple of methods for getting a single user and one method for getting a collection of users:

GetUser(Guid id)
GetUserByEmail(string email)
GetUser(string userName)
GetUsers()

NOTE: The GetUsers() method returns an IQueryable result set of all users. When querying the result using LINQ, it takes place in the memory, causing a performance hit.
In the default Sitefinity CMS provider this does not happen, as Sitefinity CMS uses its own queryable LINQ implementation with OpenAccess, which returns the user records already filtered.

Creating and deleting users

You also implement the methods to create and delete users from the backend. Since you are using encrypted passwords, it is not that easy to just enter some vanilla data inside the table. You must enable the logic to do this from the backend, using the following:

CreateUser(Guid id, string userName)
CreateUser(string userName)
CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
Delete(User item)

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Yes No

Would you like to submit additional feedback?

Your feedback about this content is important

How helpful is this article?

Very helpful Somewhat helpful Not helpful

How can we improve this article?(Optional)

Fix typos or links

Fix incorrect information

Add or update code samples

Add or update illustrations

Add information about...

Send feedback Cancel

Add the new provider to the Sitefinity CMS providers collection