Intro
There are several people who are experts in the area of Custom Authorization Providers in MOSS. I want to thank each one of them who have helped me over the last year on my authorization provider. First and foremost I would like to thank Steve Peschka in relation to the base structure and more recently Mitch Prince both from MSFT. What I would like to demonstrate in this post is writing a brand new Custom Authentication Provider for MOSS for the beginner. I will make mention that in a different Post I will be addressing Site Minder integration with the custom provider, however, what you need to know here is that this provider will work regardless.
I will be utilizing a basic SQL table structure although you will see that it is not necessary, however, for simplicity sake, I figure it will be the easiest to demonstrate.
Creating the Data Structure
The first thing we are going to do is just set up some simple tables that we are going to store our users and roles (groups) in.
CREATE TABLE dbo.spUser( username VARCHAR (50) NOT NULL, email VARCHAR (200) NOT NULL, )
GO
CREATE TABLE dbo.spRole( spRole VARCHAR (200) NOT NULL ) |
GO
CREATE TABLE dbo.spRole_spUser( username VARCHAR (50) NOT NULL, spRole VARCHAR (200) NOT NULL, ) |
Normally, you would add identities, primary keys, foreign keys with relationships etcetera but you get the point. We have a table to store users a table to store roles and an association between the two. Once again, this could be whatever data store you wish and have whatever other attributes like telephone number, password, hair color….
Understanding the Methods (Membership)
Now that we have the base data structure we are going to open up .NET and build our role Provider. In this case, I will be hooking each critical method up to a SQL Stored Procedure simply because I am more comfortable with this approach.
The first thing we will do is have an understanding of the methods and what they are used for. I will be only going over the necessary overloads that you must implement and correctly write for your provider to work. There will be several other properties and methods that you must override, but we will simply throw an exception on these.
public
Initialize simply will set the properties of the provider. Usually these properties are set in the web.config and read in as a NameValueCollection. |
public
The Validate User method simply takes in a user name and password and returns true or false based on your credential cache. Here is where you would authenticate. Your login page then would check this method first and based on the result do something. |
public
This Overload of the Get User method will simply return a Membership User object based on an object. The way that I normally implement this is to actually take the ID, and pass to the other Get User Method as a .ToString(). This way there is only one code base. |
public
Here we will be getting the Membership User based on name. Use intellisense on the new MembershipUser( |
public
I have searched and searched but cannot find where this method is actually called, however, easy enough to implement and so just get the string that you would pass to the GetUser method based on the email passed in. |
public
This method is called on the people picker and will be hit when searching for a person. Simply pass in the email and set the totalRecords (you can do this with your MembershipCollection.Count property and you are good to go. |
public
This method is also hit as part of the people picker. It is the most important people picker method in my opinion and you can write your own wildcard characters. So something like: SELECT username, Email FROM spUser WHERE UserName LIKE %userNameToMatch% |
The following methods we will not implement even though "must override" is on. We will set Booleans to false or throw not implemented exceptions here.
public
override
MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out
int totalRecords)
public
override
bool DeleteUser(string name, bool deleteAllRelatedData)
public
override
int GetNumberOfUsersOnline()
public
override
MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out
MembershipCreateStatus status)
public
override
bool ChangePasswordQuestionAndAnswer(string name, string password, string newPwdQuestion, string newPwdAnswer)
public
override
string GetPassword(string name, string answer)
public
override
bool ChangePassword(string name, string oldPwd, string newPwd)
public
override
string ResetPassword(string name, string answer)
public
override
void UpdateUser(MembershipUser user)
public
override
bool UnlockUser(string userName)
public
override
bool EnablePasswordRetrieval
public
override
bool EnablePasswordReset
public
override
bool RequiresQuestionAndAnswer
public
override
string ApplicationName
public
override
int MaxInvalidPasswordAttempts
public
override
int PasswordAttemptWindow
public
override
bool RequiresUniqueEmail
public
override
MembershipPasswordFormat PasswordFormat
public
override
int MinRequiredPasswordLength
public
override
int MinRequiredNonAlphanumericCharacters
public
override
string PasswordStrengthRegularExpression
No comments:
Post a Comment