A little note to self about custom Membership and Role Providers and SharePoint 2010 Claims

Table of Contents

1. Creating custom Membership and Role Providers
2. Registering custom Membership and Role Providers with SharePoint 2010 Claims
3. Resources

Creating custom Membership and Role Providers

You can create a custom Membership provider by inheriting from the System.Web.Security.MembershipProvider class. For a custom Role Provider you need to inherit from the System.Web.Security.RoleProvider class.

A custom Membership Provider has to implement at least the following methods in order to work with SharePoint 2010:

• FindUsersByEmail
• FindUsersByName
• GetUser(string, bool)
• GetUser(object, bool)
• GetUserNameByEmail
• ValidateUser

A custom Role Provider has to implement at least the following methods in order to work with SharePoint 2010:

• GetRolesForUser
• RoleExists

Deploy the assembly to GAC as it’s being used outside the context of the Web Application.

In case you need to debug the Membership and/or Role provider you need to attach the debugger to the w3wp process associated with the SecurityTokenServiceApplicationPool application pool (use appcmd.exe list wp to find out which one it is).

The STSAppPool can be refreshed by resetting it through IIS Manager or resetting IIS.

All login errors are being logged to the ULS log so it’s worth to have a look in there in case of trouble.

Registering custom Membership and Role Providers with SharePoint 2010 Claims

• Create a custom Web Application that uses Claims Authentication
• Select FBA and provide names for the Membership and Role Providers
• Register both providers with your Web Application (web.config)
  • system.web/membership/providers/add
  • system.web/roleManager/providers/add
• Register both providers with Central Administration (web.config). You have to add the whole roleManager and membership sections here.
• Register both providers with the Security Token Service (web.config located in 14\WebService\SecurityToken. Add the following code snippet:
  

  <system.web>
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
      <providers>
        <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
        <add name="MyRoleProvider" type="MyRoleProvider, MyAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=0000000000000000"/>
      </providers>
    </roleManager>
    <membership defaultProvider="i">
      <providers>
        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
        <add name="MyMembershipProvider" type="MyMembershipProvider, MyAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=0000000000000000"/>
      </providers>
    </membership>
  </system.web>

Resources

• Forms Authentication in SharePoint Products and Technologies (Part 2): Membership and Role Provider Samples (watch out for the HttpContext.Current as it’s NULL when using with SP2010 Claims)
• Configure Forms Based Authentication (FBA) with SharePoint 2010

Bookmark this post

Possibly related posts

• Programmatically granting permissions to claims
• Programmatically determining which Claims Authentication Type has been used to login with Claims Based Authentication
• Programmatically converting login name to claim and vice versa
• Microsoft SharePoint 2010 Development Cookbook–book review
• Preventing authenticated visitors from browsing system pages