Custom Membership and Role Providers - Front- & Back-End Development - Front- & Back-End Development - Progress Community
 Front- & Back-End Development

Custom Membership and Role Providers

  • Custom Membership and Role Providers
  • Hi,

    we began to work on a site. We need a custom system for user's rights.

    I developed a custom RoleProvider, MyRoleProvider inherit SitefinityRoleProvider, and a custom MembershipProvider, MyMembershipProvider inherit SitefinityMembershipProvider.

    I register this two on Administration >> Settings >> Advanced >> Security.

    I edit the web.config like this :
        <roleManager defaultProvider="MyRoleProvider" enabled="true">
            <add name="MyRoleProvider" type="Sitefinity.Tools.Security.MyRoleProvider"/>
        <membership defaultProvider="MyMembershipProvider">
            <add name="MyMembershipProvider" type="Sitefinity.Tools.Security.MyMembershipProvider"/>

    But during the first access of site backend (Sitefinity/Login?ReturnUrl=/Sitefinity/default.aspx), i obtains this message :

    Invalid provider name "MyMembershipProvider" for SitefinityMembershipProvider specified in web.config file. The name should match one of the providers configured in Sitefinity's Security.config configuration.

    If i made a refresh, i obtains the classic login page without skin...
    I verify auto-generated file SecurityConfig.config, my MembershipProvider and RoleProvider are defined.

    It seems not correctly recognized by Sitefinity, I probably omit a configuration or i have to developed a personalized login form ?
  • Hello Nicolas,

    Have you enabled the Membership provider? I do not see enabled=True attribute

            <add description="some description" resourceClassId="" type="Sitefinity.Tools.Security.MyMembershipProvider" type:type="System.RuntimeType, mscorlib" enabled="True" name="MyMembershipProvider" />

    Ivan Dimitrov
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>
  • Hi Ivan,

    it's enabled i see it but only in SecurityConfig.config, i can't edit this attribute in web.config.

    SecurityConfig.config :
            <add description="MyMembershipProviderDescription" resourceClassId="SecurityResources" type="Sitefinity.Tools.Security.MyMembershipProvider" type:type="System.RuntimeType, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" applicationName="Backend/" enablePasswordRetrieval="false" unrestrictedRole="administrator" createUsersIfUnknown="true" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="(?=.6,)" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" enabled="True" name="MyMembershipProvider" />

    Maybe i have to disable the Default membership ?

  • Hi Nicolas,

    You should use only the securityConfig.config. Please remove the settings from the root web.config file.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>
  • Hi Ivan,

    The behavior evolved, i remove settings in root web.config now i obtains a "NotImplementedException" :
    [NotImplementedException: La méthode ou l'opération n'est pas implémentée.]
       Telerik.Sitefinity.Security.MembershipProviderWrapper.GetUsers() +28
       Telerik.Sitefinity.Security.Web.UI.LoginForm.InitializeProvidersList() +366
       Telerik.Sitefinity.Security.Web.UI.LoginForm.CreateChildControls() +116
       System.Web.UI.Control.EnsureChildControls() +102
       System.Web.UI.Control.FindControl(String id, Int32 pathOffset) +20
       System.Web.UI.Control.FindControl(String id) +12
       Telerik.Sitefinity.Security.Web.UI.LoginForm.get_ChangePasswordLink() +30
       Telerik.Sitefinity.Security.Web.UI.LoginForm.UpdateVisibilityOfLinks() +121
       Telerik.Sitefinity.Security.Web.UI.LoginForm.set_ShowChangePasswordLink(Boolean value) +60
       Telerik.Sitefinity.Web.LoginRouteHandler.SetLoginLogoutFroms(Page handler, RequestContext requestContext, String view) +230
       Telerik.Sitefinity.Web.LoginRouteHandler.InitializeHttpHandler(Page handler, RequestContext requestContext) +202
       Telerik.Sitefinity.Web.RouteHandlerBase.Handler_PreInit(Object sender, EventArgs e) +199
       System.Web.UI.Page.OnPreInit(EventArgs e) +8871966
       System.Web.UI.Page.PerformPreInit() +31
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +328

    I see in trace MembershipProviderWrapper, normally is to wrap standard ASP.NET. It seems not found GetUsers() method but my MembershipProvider inherit SitefinityMembershipProvider and i can't override GetUsers method.
    May I have to create my own GetUsers method ?
  • Hello Nicolas,

    You should inherit from MembershipDataProvider or OpenAccessMembershipProvider - represents OpenAccess implementation of data provider for Sitefinity membership services

    Ivan Dimitrov
    the Telerik team
    Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!
  • Hi,

    I have almost the same problem. For our sitefinity website we had to build or own membership provider, to authenticate customers.
    The CustomMemberShiprovider is inherited from MembershipProvider we overrided the validateUser en the Initialize.

    In the SecurityConfig.config added the additional CustomMembershipProvider:
      <add description="ABP Membership provider" type:type="System.RuntimeType, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" resourceClassId="" type="ABPDynamics.Webshop.MbrProvider" applicationName="/" RequiresQuestionAndAnswer="False" EnablePasswordReset="False" EnablePasswordRetrieval="False" ResetPasswordUrl="False" PasswordRetrievalUrl="False" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10"  enabled="True" name="ABPMembershipProvider" xmlns:p3="urn:telerik:sitefinity:configuration:type" />

    In de login controle we use:


    txtLoginName.Text.Trim(), txtPassword.Text.Trim(), true);<BR><BR>


    And then we get the following error...
    [ArgumentException: Invalid type specified Telerik.Sitefinity.Security.Data.MembershipDataProvider]
       Telerik.Sitefinity.Data.ManagerBase`1.InstantiateProvider(IDataProviderSettings providerSettings, Type providerType, ExceptionPolicyName policy, ManagerBase`1 manager) +1877
       Telerik.Sitefinity.Data.ManagerBase`1.InstantiateProvider(IDataProviderSettings providerSettings, ExceptionPolicyName policy, ManagerBase`1 manager) +74
       Telerik.Sitefinity.Data.ManagerBase`1.SetProvider(String providerName, String transactionName) +510
    [TargetInvocationException: Exception has been thrown by the target of an invocation.]
       System.RuntimeMethodHandle._InvokeConstructor(IRuntimeMethodInfo method, Object[] args, SignatureStruct& signature, RuntimeType declaringType) +0
       System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +517
       Telerik.Sitefinity.Data.ManagerBase`1.InstantiateManager(String providerName, String transactionName) +249
       Telerik.Sitefinity.Data.ManagerBase`1.GetManager(String providerName, String transactionName) +570
       Telerik.Sitefinity.Security.SecurityManager.AuthenticateUser(String membershipProviderName, String userName, String password, Boolean persistent, User& user) +46
       Telerik.Sitefinity.Security.SecurityManager.AuthenticateUser(String membershipProviderName, String userName, String password, Boolean persistent) +28
       SitefinityWebApp.Widgets.WebShop.Account.Login.btnLogin_Click(Object sender, EventArgs e) in C:\Users\RKo\Documents\Visual Studio 2010\Projects\ABPDynamics.WebShop\ABPDynamics.WebShop\Widgets\WebShop\Account\Login.ascx.cs:95
       System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3707

    In sitefinity is the CustomMembershipProvider visible ?
    Whats the problem here?



  • Hello Rick,

    The default membership provider could not be removed. You need to create an instance of SecurityManager with the custom provider you have created and then authenticate the user.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>
  • Hi Ivan,

    Thanks for your help, but do you have an example for me?

    Kind Regards,

  • Hello,
    Is it possible to make available a sample website where custom role/membership providers have been utilised.

    I cannot find any documentation that shows how to configure the website for this.

    What actions are required on the web.config, securityconfig.config to implement this ? ... in terms of registering the provider and database connection strings, for the database used to house roles/members which is NOT the sitefinity one ...

  • Hello Sonia,

    Here is one post that shows how to configure a custom membership provider

    If you have custom provider that inherits from OpenAcess implementation or directly from our data provider you can register it in the configurations - Administration >> Settings >> Advanced >> Security.

    Ivan Dimitrov
    the Telerik team
    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>
  • Ivan,
    I've implemented a rough version for a custom membership and role provider that at the moment does not save to a sql server backend.

    I've setup 2 arrays, an array of users, an array of roles ...

    My providers know what custom roles my users belong to ...

    When I go to the user profile page ... the interface has not checked the custom roles my users belong to
    however if I add an 'application role' to my user, this information is saved

    Also if I assign permissions to my custom roles that information is saved

    the only thing missing is the link between the user and the role, its built in the provider to know this association but sitefinity does not recognise it

    Each time I go into the user profile the custom roles are unticked

    What is the purpose of the ApplicationRoles in the securityconfig.config file ? if I take them away my site stops working, how do I populate this programmatically with custom roles if it is necessary for them to stay ?

  • Hi Sonia,

    In your custom role provider do you implement a property of type ManagerInfo and named ManagerInfo? It is used to link a role from the role provider to a user in a membership provider. Here is a sample implementation:

    public ManagerInfo ManagerInfo
        if (this.managerInfo == null)
            this.managerInfo = new ManagerInfo()
            ApplicationName = this.ApplicationName,
            ManagerType = typeof(RoleManager).FullName,
            ProviderName = this.Name,
            Id = Guid.NewGuid()
        return this.managerInfo;

    Lubomir Velkov
    the Telerik team
    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get now >>
  • Lubomir,
    I can't find any reference to ManagerInfo in the RoleProvider class so I haven't implemented.

    However, I've downloaded the latest copy of your code (4.2) and my implementation seems to work there so there must be  bug in the previous version of sitefinity

    Also how do you disable buttons such as create new user/role and reset password on a custom role/membership provider ?