1

After I was learning about ASP .NET Membership built-in framework I have decided that this stuff is almost suitable for me. But there are couple features and edits I would like to have:

  1. Two step registration: after user have typed all account information, verification letter should be send to typed email. Before email address is verified it impossible to log in (some message should appear, telling user that email verification is needed before it's allowed to use account).

  2. Membership DB Scheme:

    • There is no need to store user question for restoring password.
    • Illegal attempts to login is uneccessary.
    • Default aspnet_ prefix is likely to be changed.
    • ... and so on

For the first item I know that I could use own class derived from SqlMembershipProvider. Am I right about this? Could you point me at some good post where I could get learned.

For the second improvement it's seems like a trouble. In this book I have read that isn't so easy:

• The built-in SQL storage providers need direct access to your database, which feels a bit dirty if you have a strong concept of a domain model or use a particular ORM technology elsewhere.

• The built-in SQL storage providers demand a specific data schema that isn’t easy to share with the rest of your application’s data schema.

kseen
  • 359
  • 8
  • 56
  • 104

2 Answers2

1

The biggest problem I've encountered with subclassing SqlMembershipProvider is it doesn't give you the connection string to work with. You have to hack the class to pieces to get anything useful for the way most modern login systems work.

I'm not sure about the database tables names - I don't think that's controlled by the SqlMembershipProvider but is actually inside an ASP.NET installer class.

My advice would be to create your own from scratch, and use the built in FormsAuthentication helpers. It's really not a big task compared to hours of annoyance having to conform to the providers. I did this with Roadkill after going down the Membership Provider route, and discovering it a cul-de-sac particularly for Active Directory support.

Chris S
  • 64,770
  • 52
  • 221
  • 239
  • It seems like you break all my doubts about building own mechanism for membership-wide tasks. – kseen Nov 29 '11 at 13:05
  • @kseen the biggest p.i.t.a. is you can't change your username http://stackoverflow.com/questions/1001491/is-it-possible-to-change-the-username-with-the-membership-api/ – Chris S Nov 29 '11 at 13:46
  • So do you advice me to make my own provider that will be derived from [MembershipProvider Class](http://msdn.microsoft.com/ru-ru/library/system.web.security.membershipprovider.aspx). Is everything right? – kseen Nov 29 '11 at 13:53
  • @kseen yes, if you want to stick to the provider pattern. – Chris S Nov 29 '11 at 16:12
0
  1. You can completely control your membership DB schema by Implementing Custom Membership User (of course you also need to implement Membership Provider for the User).
  2. Customize user creation steps by configuring CreateUserWizard control. You will change its' template and handle events, I don't think you need to override it.
idm
  • 1,728
  • 2
  • 19
  • 26
  • I don't use ASP .NET Web Forms. I develop a ASP .NET MVC3 Application, so second your list item is inappropriate. – kseen Nov 29 '11 at 13:03