MembershipProviders - Front- & Back-End Development - Front- & Back-End Development - Progress Community
 Front- & Back-End Development

MembershipProviders

  • MembershipProviders
  • I see that the membership provider listed in the web.config is:
    Telerik.Sitefinity.Security.Data.SitefinityMembershipProvider
    (this one seems to be very incomplete)

    The one in the SecurityConfig.config is:
    Telerik.Sitefinity.Security.Data.OpenAccessMembershipProvider
    (this one seems to implement all methods and then some)

    Q1.) Why are there two different providers?

    Q2.) In trying to plan on how to extend the membership aspect of sitefinity, will we need to consider extending both providers?

    Thanks
    Joe


  • Hi Joe,

    OpenAccessMembershipProvider inherits from MembershipDataProvider. MembershipDataProvider has abstract methods that its inheritors should implement.

    OpenAccessMembershipProvider - OpenAccess implementation of data provider for Sitefinity membership services. This provider creates, gets, deletes users for a given OA scope.

    MembershipDataProvider is an abstract class. It includes abstract methods. OpenAccessMembershipProvider is a child class of the abstract MembershipDataProvider. MembershipDataProvider class might look uncompleted, but abstract classes are "generic" classes.

    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  • One additional point of clarification is needed.... why is there a SitefinityMembershipProvider used in the web.config, and an OpenAccessMembershipProvider defined in the securityconfig.config?

    Please explain why there are two.. is one used for front-end members and one used for back-end members?

    I want to add additional functionalities during the validateuser method, will I need to be sure to extend both providers?



  • Hi Joe,

    SitefinityMembershipProvider acts as the standard ASP.NET provider and in ASP.NET you declare the membership providers in the web.config.

    OpenAccessMembershipProvider is a provider that inherits from SitefinityMembershipProvider and it is used for the backend and front end. If you implement a custom provider you should inherit from OpenAccessMembershipProvider and register it in SecurityConfig.config or replace the  default OpenAccessMembershipProvider.

    For completely custom implementations ( for instance you want to store your user data in XML) you have to inherit from SitefinityMembershipProvider

    You can override ValidateUser method in your custom provider - the method in the base class is virtual.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  • Hi Joe,

    Let me try to explain Membership implementation in little bit more details. The names are quite confusing and I see Ivan has mixed them a bit.

    MembershipDataProvider is the base class for UserManager data providers. It represents standard Sitefinity data provider, note: it is not ASP.Net Membership provider. OpenAccessMembershipProvider is a concrete implementation of MembershipDataProvider which utilizes OpenAccess as underlying storage. Sitefinity's membership providers differ significantly from ASP.Net providers. The most obvious difference is that you can query using LINQ if use UserManager or MembershipDataProvider.

    On the other hand SitefinityMembershipProvider is just a wrapper around MembershipDataProvider that provides a bridge to the standard ASP.Net Membership API. We do not use it in Sitefinity, but if you feel more comfortable with the ASP.Net Membership, you could use it. Also it might be used by other applications to access Sitefinity membership data.

    There is another class named MembershipProviderWrapper, which does exactly the opposite of SitefinityMembershipProvider.  It wraps standard ASP.Net provider to allow Sitefinity to work with third party membership providers that were not specifically designed for Sitefinity. This class is internal and you cannot use it directly but Sitefinity will automatically wrap all membership providers that are declared in web.config and they will become available in Sitefinity. In other words, providers declared in both web.config and SecurityConfig.config will be merged and they all will be available in Sitefinity UI.

    The wrappers in both directions are still incomplete and they are not included in our BAT tests yet. For the time being, your only option is to inherit form MembershipDataProvider and implement it the Sitefinity way.

    I hope this information is helpful. Let me know if you have further questions.

    All the best,
    Bob
    the Telerik team


    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  • I too am looking into these providers and here is some background information so that maybe someone can help me make the right choice for my customizations. We have an existing authentication infrastructure, where users authenticate with their email address and a password. We have several applications that use this single credential model, and we would to get this to work in SiteFinity. To accomplish this, how should I proceed?

    Thanks in advance. 


  • Hello Mike,

    1. There is no problem to use an email for username. In your case it looks like that it is better to create a custom membership provider that inherits from SitefinityMembershipProvider.

    2. There is not out of the box implementation for Single Sign On in Sitefinity.

    Kind regards,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  • Is it possible to create a SSO with Windows authentication.
    What I mean is, if I log in in a windows operating system I don´t want to log in again, I want to be able to use my windows credentials to sitefinity web portal. Is it possible? And how?

    I know we can use a AD provider in older 3.x version and with 4.0?

    Thanks in advance.
  • Hi Filipe,

    By default Sitefinity relies on FormsAuthentication cookie . We use our onw identity object SitefinityIdentity  - represents a user identity authenticated by Sitefinity and this class cannot inhereirted. SitefinityIdentity is
    build againt HttpContextBase and FormsAuthenticationTicket

    There is no problem to use Active Directory for which we have built-in provider. We are going to implement SSO out of the box, but this will happen after the official release of Sitefinity 4.0.

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  • Actual SSO on final release?

    Now I really want the membership provider code completed.

    Where does the custom provider wrapper implementation fall on the priority scale at this point Ivan?

    Thx

  • Hello Bill,

    SSO and finishing the membership wrappers are scheduled for about Q1 next year. As you can see we started uploading weekly builds, so if something is done earlier you can benefit from the feature by patching your project through the Project Manager and its upgrade functionality.

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  • Can you please tell me where Telerik.Framework.Security.IExtendedMembershipProvider has gone?
    Does 4.0 not support this?
  • Hello Lorne,

    IExtendedMembershipProvider is part of Sitefinity 3.x and we do not have this interface in Sitefinity 4.0. If you want to create a custom provider you should inherit from MembershipDataProvider and implement it the Sitefinity way.

    Regards,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  • Hi Ivan,

    Does this mean that I need to implement my own OpenAccessDataProvider as well?