When working with an ASP.NET site that requires some sort of user authentication (almost every time, I'd say), we often need to establish our own logic, and use our own database instead of the one provided by ASP.NET (with our own data model or stuff).
There are basically two reasons why you'd want to create a custom membership provider class:
- You wish to store your membership information in a database different from the one ASP.NET provides (which is an SQL Server Express database), like an Oracle or MySQL database or a Web Service.
- You wish to store your membership information in an SQL Server database whose schema (data model) differs from the default one used by the System.Web.Security.SqlMembershipProvider class. An example of this would be if our company already has a shared membership SQL Server database for all applications.
Given this, it's pretty likely you'll have to create your own membership class, and here's one way to do it:
First of all, implement a class that inherits from the abstract class System.Web.Security.MemershipProvider. This class, as well, inherits from another abstract class, System.Configuration.Provider.ProviderBase, so we should implement those methods as well. Basically, what needs to be created is a class with the following definition:
public class MyProvider : MembershipProvider
After that, we need to initialize (implement) the class variables used by the base class, setting each one to the value required by our business logic:
private int minRequiredPasswordLength = 6;
private int minRequiredNonAlphanumericCharacters = 0;
private bool enablePasswordRetrieval = true;
private bool enablePasswordReset = false;
private bool requiresQuestionAndAnswer = true;
private string applicationName = "MYAPP";
private int maxInvalidPasswordAttempts = 3;
private int passwordAttemptWindow = 10;
private bool requiresUniqueEmail = true;
private MembershipPasswordFormat passwordFormat = new MembershipPasswordFormat();
private string passwordStrengthRegularExpression = String.Empty;
Next, implement all the methods you need, with your own custom logic:
public override bool ValidateUser(string username, string password)
return username == password;
If by any chance you decide not to implement any of the base class methods (and not use the base logic, either), just throw a new NotImplemetedException
public override string GetUserNameByEmail(string email)
throw new NotImplementedException();
The final step is to modify our Web.config file:
<add type="MyProvider" name="MyProvider">
This is obviously an alternative that requires time and work, but if well implemented, it's sure worth it.