I'm developing a fairly simple website for a friend and want to provide some admin access features using .Net membership authentication.
views:
44answers:
3
A:
Yes, you can implement your own custom Memebrship and Role Providers to authenticate/authorise against any datastore.
Mark Redman
2009-12-18 17:38:19
+2
A:
Sure, you just need to roll your own MembershipProvider and RoleProvider that reads the XML file instead of a database. The MembershipProvider and RoleProvider have a lot of properties and functions that must be overridden, but only a handful of them are actually needed to make it functional -- I left a lot of the functions to add new users etc. throwing a not supported exception because I edit user information directly in the database.
pjabbott
2009-12-18 17:39:24
A:
pjabbott gave the correct answer to this, but I thought I'd show the code I've come up with to provide a more complete answer. This is about as simple as you could possibly make this by the way.
I created a class which inherits from System.Web.Security.MembershipProvider as shown below.
namespace MySolution
{
public class MembershipProvider : System.Web.Security.MembershipProvider
{
public override string ApplicationName
{
get
{
return "PopupGallery";
}
set
{
throw new NotImplementedException();
}
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
throw new NotImplementedException();
}
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
throw new NotImplementedException();
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
throw new NotImplementedException();
}
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
throw new NotImplementedException();
}
public override bool EnablePasswordReset
{
get { return false; }
}
public override bool EnablePasswordRetrieval
{
get { return false; }
}
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new NotImplementedException();
}
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
throw new NotImplementedException();
}
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
throw new NotImplementedException();
}
public override int GetNumberOfUsersOnline()
{
throw new NotImplementedException();
}
public override string GetPassword(string username, string answer)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(string username, bool userIsOnline)
{
throw new NotImplementedException();
}
public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
{
throw new NotImplementedException();
}
public override string GetUserNameByEmail(string email)
{
throw new NotImplementedException();
}
public override int MaxInvalidPasswordAttempts
{
get { return 20; }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { return 0; }
}
public override int MinRequiredPasswordLength
{
get { return 6; }
}
public override int PasswordAttemptWindow
{
get { throw new NotImplementedException(); }
}
public override MembershipPasswordFormat PasswordFormat
{
get { throw new NotImplementedException(); }
}
public override string PasswordStrengthRegularExpression
{
get { throw new NotImplementedException(); }
}
public override bool RequiresQuestionAndAnswer
{
get { throw new NotImplementedException(); }
}
public override bool RequiresUniqueEmail
{
get { throw new NotImplementedException(); }
}
public override string ResetPassword(string username, string answer)
{
throw new NotImplementedException();
}
public override bool UnlockUser(string userName)
{
throw new NotImplementedException();
}
public override void UpdateUser(MembershipUser user)
{
throw new NotImplementedException();
}
public override bool ValidateUser(string username, string password)
{
if (username == ConfigurationManager.AppSettings["Username"] &&
password == ConfigurationManager.AppSettings["Password"])
{
return true;
}
else
{
return false;
}
}
}
}
I then added the following entries into my web.config file to wire it all up.
<appSettings>
<add key="Username" value="admin"/>
<add key="Password" value="password"/>
</appSettings>
<system.web>
<membership defaultProvider="CustomMembershipProvider"
userIsOnlineTimeWindow="30">
<providers>
<remove name="AspNetSqlProvider" />
<add name="CustomMembershipProvider"
type="MySolution.MembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
passwordFormat="Hashed"
applicationName="/" />
</providers>
</membership>
<authentication mode="Forms"/>
</system.web>
mdresser
2009-12-31 00:34:09