Extending Membership Provider
I'm attempting to extend the default membership provider to allow user validation against the sitefinity database as well as an external database, assuming the default validation against the sitefinity database fails. I have created a CustomMembershipProvider extending OpenAccessMembershipProvider. I registered this custom membership provider in the backend (Administration -> Settings -> Advanced -> Security -> Membership Providers) and I set the MembershipProvider property of the Login control to use the CustomMembershipProvider. I have overridden the ValidateUser method and I can set a breakpoint and step into it, but base.ValidateUser(username, password) always returns false. Is base.ValidateUser no longer going against the original datasource?
Hi Greg,
If the user and password exist in the data source the method should return true. ValidateUser returns false if the Telerik.Sitefinity.Security.Model.User object is not found or the username and password do not match. Another reason could be if the user is not approved or it has been locked.
All the best,
Ivan Dimitrov
the Telerik team
When I change the MembershipProvider property of the Login control back to empty, it allows me to login with a valid Sitefinity login, so that rules out the account being locked or the login being invalid. This makes me believe the custom membership provider is somehow not configured correctly. Also, because I am able to breakpoint in the overridden method, I know that it is at least able to find the custom class. Is there any necessary configuration not listed in the original post that I am missing or would cause the Telerik.Sitefinity.Security.Model.User object to not be found?
Thanks.
Hello Greg,
If you query an external database and you call base.ValidateUser this will not work, because the base method uses our hash algorithms to encrypt/decrypt the password and get the user. I tried the Login control with two Membership providers and I was able to authenticate the users. I made a query to another database with my custom provider, but in this case I was not calling the base of ValidateUser and I had my custom logic.
Anyway if you can share the implementation with us I could try to come up with more details. You can also paste the provider registration that is saved inside App_Data/Sitefinity/Configuration/SecurityConfig.config.
Kind regards,
Ivan Dimitrov
the Telerik team
I'm sorry. Maybe I wasn't clear in my goal. I want to first attempt authentication with the Sitefinity DB and if that fails, I want to attempt authentication against an external DB.
I have, however, resolved the issue. I changed DefaultBackendMembershipProvider property in Advanced Security settings (Administration -> Settings -> Advanced -> Security) to the name of my custom membership provider and initial validation now correctly works when using the Sitefinity DB.
Thank you for your help.
Hi,
How can I "set the MembershipProvider property of the Login control to use the CustomMembershipProvider".
My problem was I deleted the admin user of Sitefinity and there's no way for me to login. So I came up to that possible solution but can't find the login control. Thanks!
Hi,
you have to edit SecurityConfig.config, an example with your CustomMembershipProvider :
<?xml version="1.0" encoding="utf-8"?><securityConfig authCookieName=".SFAUTH ........ defaultBackendMembershipProvider="CustomMembershipProvider"> <applicationRoles> <role id="66452b57-a42f-4653-b683-2f8b3b2d2620" name="Everyone" /> <role id="e7807969-db2b-4df5-8a7b-c45faa4c2d27" name="Anonymous" /> <role id="4dc1bd63-9bc1-47fa-8b67-7c425d360a03" name="Authenticated" /> <role id="3b64524b-81ca-4e4f-a1b5-de82de33fb10" name="Owner" /> <role id="7c4f7ee9-d872-4261-8e6b-f0d65ba0f397" name="Administrators" /> <role id="1bfaae99-c9c5-4a1b-9401-9bad2bb7cab1" name="BackendUsers" /> <role id="8fb8ea1e-e1cb-404d-a536-93e3924063c1" name="Authors" /> <role id="7c14fb75-b54d-4177-952d-e16dc362229a" name="Editors" /> <role id="ee4ebf09-5a52-4308-8a0b-df8a6580ee79" name="Designers" /> </applicationRoles> <securityProviders> <add version="4.1.1395.0" name="OpenAccessDataProvider" /> </securityProviders> <membershipProviders> <add description="" resourceClassId="" type="xxxx.xxxx.xxxxx.CustomMembershipProvider" p3:type="System.RuntimeType, mscorlib" applicationName="xxxxxx/" RequiresQuestionAndAnswer="False" EnablePasswordReset="False" EnablePasswordRetrieval="False" ResetPasswordUrl="False" PasswordRetrievalUrl="False" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="(?=.6,)" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" enabled="True" name="CustomMembershipProvider" xmlns:p3="urn:telerik:sitefinity:configuration:type" /> </membershipProviders></securityConfig>Thanks Nicolas! :)