Click here to Skip to main content
Click here to Skip to main content
Go to top

Creating a custom membership provider

, 11 Oct 2013
Rate this:
Please Sign up or sign in to vote.
When working with an ASP.NET site that requires some sort of user authentication (almost every time, I'd say), we often need to establish our own

Editorial Note

This articles was originally at wiki.asp.net but has now been given a new home on CodeProject. Editing rights for this article has been set at Bronze or above, so please go in and edit and update this article to keep it fresh and relevant.

When working with an ASP.NET site that requires some sort of user authentication (almost every time, I'd say), we often need to establish our own logic, and use our own database instead of the one provided by ASP.NET (with our own data model or stuff).

There are basically two reasons why you'd want to create a custom membership provider class:

  • You wish to store your membership information in a database different from the one ASP.NET provides (which is an SQL Server Express database), like an Oracle or MySQL database or a Web Service.
  • You wish to store your membership information in an SQL Server database whose schema (data model) differs from the default one used by the System.Web.Security.SqlMembershipProvider class. An example of this would be if our company already has a shared membership SQL Server database for all applications. 

Given this, it's pretty likely you'll have to create your own membership class, and here's one way to do it:

First of all, implement a class that inherits from the abstract class System.Web.Security.MemershipProvider. This class, as well, inherits from another abstract class,  System.Configuration.Provider.ProviderBase, so we should implement those methods as well. Basically, what needs to be created is a class with the following definition:

public class MyProvider : MembershipProvider

After that, we need to initialize (implement) the class variables used by the base class, setting each one to the value required by our business logic:

//Minimun password length
private int minRequiredPasswordLength = 6;
//Minium non-alphanumeric char required
private int minRequiredNonAlphanumericCharacters = 0;
//Enable - disable password retrieval
private bool enablePasswordRetrieval = true;
//Enable - disable password reseting
private bool enablePasswordReset = false;
//Require security question and answer (this, for instance, is a functionality which not many people use)
private bool requiresQuestionAndAnswer = true;
//Application name
private string applicationName = "MYAPP";
//Max number of failed password attempts before the account is blocked, and time to reset that counter
private int maxInvalidPasswordAttempts = 3;
private int passwordAttemptWindow = 10;
//Require email to be unique 
private bool requiresUniqueEmail = true;
//Password format
private MembershipPasswordFormat passwordFormat = new MembershipPasswordFormat();
//Regular expression the password should match (empty for none)
private string passwordStrengthRegularExpression = String.Empty;

Next, implement all the methods you need, with your own custom logic:
public override bool ValidateUser(string username, string password)
{
//For our example, user will be authenticated if username and password are the same
return username == password;
}

If by any chance you decide not to implement any of the base class methods (and not use the base logic, either), just throw a new NotImplemetedException:

public override string GetUserNameByEmail(string email)
{
throw new NotImplementedException();
}

The final step is to modify our Web.config file:
<configuration>
<system.web>
...
...
...
...
<membership defaultprovider="MyProvider">
<providers>
<add type="MyProvider" name="MyProvider">
</providers>
</membership>
</system.web>
</configuration>

This is obviously an alternative that requires time and work, but if well implemented, it's sure worth it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

ASP.NET Community

United States United States
The ASP.NET Wiki was started by Scott Hanselman in February of 2008. The idea is that folks spend a lot of time trolling the blogs, googlinglive-searching for answers to common "How To" questions. There's piles of fantastic community-created and MSFT-created content out there, but if it's not found by a search engine and the right combination of keywords, it's often lost.
 
The ASP.NET Wiki articles moved to CodeProject in October 2013 and will live on, loved, protected and updated by the community.
Group type: Collaborative Group

247 members


Comments and Discussions

 
-- There are no messages in this forum --
| Advertise | Privacy | Mobile
Web02 | 2.8.140926.1 | Last Updated 11 Oct 2013
Article Copyright 2013 by ASP.NET Community
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid