Topics

All topics

Create a custom membership provider

Overview

This article explains how to build our own custom Membership Provider to let users authenticate to Sitefinity CMS using an external database or service. You can use the provider to either authenticate users for the frontend and the backend of the website.

Background information

In the Sitefinity CMS security realm, the management of users and roles is handled through the ASP.NET Membership Provider APIs. Sitefinity CMS uses its own implementations of the membership and role providers, which utilize Telerik OpenAccess to persist users and roles into Sitefinity CMS database.

ASP.NET membership APIs

Sitefinity supports the standard ASP.NET membership APIs, detailed in the Microsoft Learn article MembershipProvider Class. Once you have your membership provider, register it in the web.config file, as described in the MSDN article Configuring an ASP.NET Application to Use Membership. When working with the standard ASP.NET membership APIs, the Sitefinity blog article Using the ASP.NET Sql Membership Provider in Sitefinity provides Sitefinity-specific details on creating and registering your custom ASP.NET membership providers.

There are, however, limitations to this provider such as performance issues in querying users. The standard membership APIs provide only the method GetAllUsers(int page, int pageSize, out totalRecords) for querying users. While this might be adequate for systems with a constrained number of users, when the user base becomes very large, any filtering and sorting of the collection of users requires loading all the users into memory, and then applying the filtering and search algorithms there. That behavior could result in memory management issues as well as performance degradation.

Sitefinity offers a workaround for this limitation: If you want to optimize your ASP.NET SQL membership provider (or any other membership provider that inherits from the standard ASP.net membership APIs) in Sitefinity, implement a custom membership provider.

Custom Membership Provider

Sitefinity has its own base MembershipDataProvider class that does not inherit from the ASP.NET membership provider. Instead it provides an abstraction to persist and query the users and roles into the Sitefinity database, and avoids the limitations in the standard Membership Provider APIs. The following diagram illustrates the provider’s classes:

Class diagram of MembershipDataProvider

The MembershipDataProvider class implements the standard CRUD operations in a unified interface for accessing users. This class also has a GetUsers method that returns an IQueryable<User>. That’s how you filter and sort user data.

The MembershipDataProvider class has two inheritors:

  • OpenAccessMembershipProvider
    Uses Telerik DataAccess ORM to and works with a table in the database (sf_users) that holds the users for the current application. The default provider that Sitefinity uses is described in the Create a custom membership provider article. This provider is similar to the default one used in the backend (OpenAccessMembershipProvider), but provides a different implementation of the MembershipDataProvider class that is similar to the default one, yet customized to provide the GetUsers method that returns the IQueryable<User>. By implementing MembershipDataProvider base class, you do not need to enhance this provider using the sample in GitHub unless you want additional functionality.
  • MembershipProviderWrapper
    Used when the user registers a membership provider built with the ASP.NET membership provider APIs. This provider inherits from MembershipDataProvider, but holds the internal instance of the MembershipProvider registered in the web.config file. This way the wrapper forwards every method call to the underlying membership provider.

NOTE: Only the methods of the base provider are called by the system, so the system does not know which provider is currently in use -- it just knows about the abstract MembershipDataProvider.

Scope

The scope of this article is to build a custom Membership Provider, which persists data into an external, custom database. You will be using the Entity Framework to define the model and to handle the communication with the external database.

The article implements the methods that let you manage your external users from the Sitefinity CMS backend and be able to login to the backend with your user.

Finally, you will see how you can create a public login page that makes use of the new Membership Provider.

NOTE: If you are using MVC widgets on your page, you need to have a hybrid page to add a Login name widget because it is a Web Forms widget. For more information, see Page templates.

The following is a short video demonstrating the usage of a custom membership provider:

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

Implement an ASP.NET SQL membership provider