tags:

views:

29

answers:

1
+1  Q: 

Can you use a custom membership provider with userNamePasswordValidationMode?

Every example I see uses the default Membership Provider with the userNamePasswordValidationMode, but can I specify MembershipProvider for userNamePasswordValidationMode in the ServiceCredentials for a WCF REST Service if I have a Custom Membership Provider? Is the following route the best to take if this is possible:

  1. Create a custom membership provider that implements Membership Provider.

  2. Create a CustomUserNamePasswordValidator that implements UserNamePasswordValidator and override the Validate Method.

  3. In the Validate method, validate whether a user exists in the database.

Issues I am having are, if I have a login method in my service and it is called from an a web browser with the url http://test.com/service.svc/login, how can I get the username and password. Assume that it the username and password can be typed into a web page or it can come from a smart device application (android, iphone, etc)

A: 

You should be able to: [HowToUseNonDefaultMembershipProvider][1] In Step 1 the page has two additional links, the first shows you how to build the membership provider class, the second shows the config entries necessary. While the second link talks about specifying the default provider you can actually specify any number of providers in the config, one of them would just happen to be the default:

<system.web>
    <membership defaultProvider="SqlProvider">
        <providers>
            <clear />
            <add name="SqlProvider"
  type="System.Web.Security.SqlMembershipProvider"
  connectionStringName="MySqlConnection"
  applicationName="MyApplication"
  enablePasswordRetrieval="false"
  enablePasswordReset="true"
  requiresQuestionAndAnswer="true"
  requiresUniqueEmail="true"
  passwordFormat="Hashed" />
            <add name="MyProvider"
                     type="MyCompany.MyNamespace.MyMembershipProvider" />
        </providers>
    </membership>
</system.web>

Now in the sample code from the link above you could have a line in the AuthenticationService_Authenticating method like so:

e.Authenticated = Membership.Providers["MyProvider"].ValidateUser(e.UserName, e.Password);

In your custom provider class you would implement the ValidateUser method. This could contain whatever logic necessary to validate the username & password (which are passed to the method).

[1]: http://How to: Use Non-default Membership Provider for WCF Authentication Service

Steve Ellinger  2010-10-06 00:25:40
Steve, I think your link got messed up.
Xaisoft  2010-10-06 01:46:11
dang it! here it is: http://msdn.microsoft.com/en-us/library/bb386455.aspx
Steve Ellinger  2010-10-06 02:03:07

related questions

Mocking WebResponse's from a WebRequest
What's the best way to learn server RESTful code?
JAX-RS Frameworks
SOAP or REST
Are REST request headers encrypted by SSL?
REST in Java
REST type API for non web based applications, Is It a good idea?
Getting started with REST
Plain text passwords in Ruby on Rails using Restful_Authentication
Where WCF and ADO.Net Data services stand?
REST how to handle query parameters when put to resource?
Any way to handle Put and Delete verbs in ASP.Net MVC?
How do you implement resource "edit" forms in a RESTful way?
Friendly URLs for ASP.NET
Possible to create REST web service with ASP.NET 2.0
Strange Rails Authentication Issue
How to respond to an alternate URI in a RESTful web service
Guide to choosing between REST vs SOAP services?
guid REST URL for ado.net dataservice call?
RESTful web services and HTTP verbs
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Best Practices for securing a REST API / web service
Document or RPC based web services
Modify Address Bar URL in AJAX App to Match Current State