Introduction

 
Membership providers allow a custom authentication module to be developed and implemented where the built-in forms, LDAP, Basic, Windows, or SAML offerings do not provide a solution. Usually custom membership providers point to a custom user base or attempt to offer a mixed-mode authentication where multiple checks are made against different systems.
A membership provider should not only authenticate users but manage their group subscriptions which control access to individual forms and administrator applications.

Membership Provider Development Walkthrough

The walkthrough below is intended to provide a basic example of how to develop and install a custom membership provider.

How to Develop a ‘Hello World’ Membership Provider

 
1.       Open Visual Studio and create a new Class Library Project and give it a meaningful name. For this example, we will use ‘HelloWorldMembershipProvider’. Ensure that the latest version of the .Net Framework is selected.
 
 
2.       Rename Class1 to something more appropriate and click Yes to rename all references.
 
 
 
3.       Add the following references to the project
·         .Net References
o   System.Configuration
o   System.Web
o   System.Web.ApplicaitonServices
·         Infiniti References (usually located C:\inetpub\wwwroot\Infiniti\Produce\bin)
o   Intelledox.Controller
o   Intelleodx.DataObjects
o   Intelledox.MembershipSecurity
o   Intelleodx.Model
 
               
 
4.       Inherit InfinitiMembeshipProviderBase and override the required membership provider methods.
 
Note: Infiniti implements only the ValidateUser method, and the rest are reserved for future use.
Provide your code for your implementation.
 
In the example below, the user’s credentials are compared to a fixed list.
 
 
      using System;
using System.Collections.Generic;

using Intelledox.Controller;
using Intelledox.MembershipSecurity;
using Intelledox.Model;

namespace HelloWorldMembershipProvider
{
    public class HelloWorldMembership : InfinitiMembershipProviderBase
    {
        private string m_EnvironmentLevelSetting;

        public HelloWorldMembership()
        {
            //Config settings can be stored in the web.config file
            System.Web.Configuration.MembershipSection section = (System.Web.Configuration.MembershipSection)System.Configuration.ConfigurationManager.GetSection("system.web/membership");

            foreach (System.Configuration.ProviderSettings ps in section.Providers)
            {
                if (ps.Type.ToLower() == "helloworldmembership")
                {
                    for (int i = 0; i < ps.Parameters.Count; i++)
                    {
                        if (ps.Parameters.GetKey(i).ToLower() == "environmentlevelsetting")
                        {
                            m_EnvironmentLevelSetting = ps.Parameters.Get(i);
                        }
                    }

                    break;
                }
            }
        }

        public override string ApplicationName
        {
            get { return ""; }
            set { }
        }

        public override bool EnablePasswordReset
        {
            get { return false; }
        }

        public override bool EnablePasswordRetrieval
        {
            get { return false; }
        }

        public override int MaxInvalidPasswordAttempts
        {
            get { return 0; }
        }

        public override int MinRequiredNonAlphanumericCharacters
        {
            get { return 0; }
        }

        public override int MinRequiredPasswordLength
        {
            get { return 0; }
        }

        public override int PasswordAttemptWindow
        {
            get { return 0; }
        }

        public override System.Web.Security.MembershipPasswordFormat PasswordFormat
        {
            get { return System.Web.Security.MembershipPasswordFormat.Clear; }
        }

        public override string PasswordStrengthRegularExpression
        {
            get { return ""; }
        }

        public override bool RequiresQuestionAndAnswer
        {
            get { return false; }
        }

        public override bool RequiresUniqueEmail
        {
            get { return true; }
        }

        public override bool ChangePassword(string username, string oldPassword, string newPassword)
        {
            return true;
        }

        public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
        {
            return true;
        }

        public override System.Web.Security.MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out System.Web.Security.MembershipCreateStatus status)
        {
            status = System.Web.Security.MembershipCreateStatus.Success;
            return null;
        }

        public override bool DeleteUser(string username, bool deleteAllRelatedData)
        {
            return true;
        }

        public override System.Web.Security.MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            totalRecords = 0;
            return null;
        }

        public override System.Web.Security.MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
        {
            totalRecords = 0;
            return null;
        }

        public override System.Web.Security.MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
        {
            totalRecords = 0;
            return null;
        }

        public override int GetNumberOfUsersOnline()
        {
            return 0;
        }

        public override string GetPassword(string username, string answer)
        {
            return "";
        }

        public override System.Web.Security.MembershipUser GetUser(object providerUserKey, bool userIsOnline)
        {
            return null;
        }

        public override System.Web.Security.MembershipUser GetUser(string username, bool userIsOnline)
        {
            return null;
        }

        public override string GetUserNameByEmail(string email)
        {
            return "";
        }

        public override string ResetPassword(string username, string answer)
        {
            return "";
        }

        public override bool UnlockUser(string userName)
        {
            return true;
        }


        public override void UpdateUser(System.Web.Security.MembershipUser user)
        {
        }

        public override bool ValidateUser(string username, string password)
        {
            //Dummy Userbase
            Dictionary<string, string> userDictionary = new Dictionary<string, string> {
                { "user1", "password1"},
                { "user2", "password2"},
                { "user3", "password4"}
            };
            List<string> groupList = new List<string>() { "staff", "people" };
            
            bool exceedsLicenseLimit = false;
            bool success = false;
            User checkUser = default(User);
            AddressBookItem userAddress = default(AddressBookItem);
            Intelledox.DataObjects.User user = default(Intelledox.DataObjects.User);

            //Check access
            if (userDictionary.ContainsKey(username) && userDictionary[username] == password)
            {
                success = true;

                //Check if user has exists and create and/or updated use in Infiniti
                checkUser = UserController.FindUserByUsername(username);

                if (checkUser == null)
                {
                    //Create User
                    user = new Intelledox.DataObjects.User();
                    user.ID = 0;
                    user.Username = username;
                    user.WinNTUser = false;
                    user.BusinessUnitGuid = BusinessUnitController.GetBusinessUnits()[0].BusinessUnitGuid; //Multi Tenant?
                    user.Update(ref exceedsLicenseLimit);

                    //unsuccessful
                    if (user.ID == 0)
                    {
                        success = false;
                    }
                    else
                    {
                        checkUser = UserController.FindUserByUsername(username);
                        user.UserGroups.Load(Guid.Empty, Intelledox.DataObjects.DataMemberBase.IDTypeEnum.typeUserID, checkUser.UserId);
                    }
                }
                else
                {
                    user = new Intelledox.DataObjects.User();
                    user.Load(checkUser.UserId, Intelledox.DataObjects.DataMemberBase.IDTypeEnum.typeUserID);
                    user.UserGroups.Load(Guid.Empty, Intelledox.DataObjects.DataMemberBase.IDTypeEnum.typeUserID, checkUser.UserId);
                }

                if (success)
                {
                    //User details
                    try
                    {
                        userAddress = AddressController.GetUserAddress(checkUser.UserId);

                        userAddress.FirstName = "TestFirstName";
                        userAddress.LastName = "Test Surname";
                        userAddress.FullName = (userAddress.FirstName + " " + userAddress.LastName).Trim();
                        userAddress.EmailAddress = "testUser@intelledox.com";

                        AddressController.Update(userAddress);
                        user.AddressId = userAddress.AddressId;
                        user.Update(ref exceedsLicenseLimit);
                    }
                    catch
                    {
                        //Address update Error
                    }

                    //Update group subscriptions
                    foreach (Group infinitiGroup in GroupController.GetGroups(user.BusinessUnitGuid))
                    {
                        foreach (var userGroup in groupList)
                        {
                            if (infinitiGroup.Name.ToLower() == userGroup.ToLower())
                            {
                                //Add user to group
                                if (user.UserGroups[infinitiGroup.GroupId.ToString()] == null)
                                {
                                    user.SubscribeUserGroup(infinitiGroup.GroupId);
                                }

                                //Remove user from group
                                if (user.UserGroups[infinitiGroup.GroupId.ToString()] != null)
                                {
                                    user.UnsubscribeUserGroup(infinitiGroup.GroupId);
                                }
                            }
                        }
                    }
                }
            }
            else
            {
                success = false;
            }

            return success;
        }
    }
}
 
 
 
5.       Build your action to ensure it complies without error, it is now ready to be deployed and tested.
 

Deploying a Membership Provider

 
Membership Providers are deployed to an Infiniti environment by copying the provider’s .dll file to the Produce and Manage directories and referencing it in the respective web.config files.
 
Note: Although Membership providers are deployed to both the Produce and Manage applications, testing can occur on one application only.
 
1.       Locate your ‘HelloWorldAction.dll’ file and copy it to the Produce bin directory (usually located C:\inetpub\wwwroot\Infiniti\Produce\bin).
2.       Open the produce web.config file and locate the <membership><providers> section of the file. It will contain references to other membership providers that already exist.
3.       Modify the defaultProvider attribute of the membership element and add a new Membership provider element using the following syntax to the web.config <add name="name" type="namespace.class"/>  as seen in the example below.
 
<membership defaultProvider="FormsMembershipProvider">
  <providers>
    <clear />
    <add name="FormsMembershipProvider" type="Intelledox.MembershipSecurity.FormsMembershipProvider" />
    ...
    <add name="HelloWorldMembership" type="HelloWorldMembershipProvider.HelloWorldMembership" />
  </providers>
</membership> 
4.       Save the web.config file.
5.       Navigate to Produce in your browser to test your membership provider.

Related Articles

Keywords