SharePoint 2007 Membership Provider & Role Provider
I have recently had to implement custom authentication providers for MOSS 2007 (MembershipProvider & RoleProvider). While I found a lot of excellent information on the Web to help me with this task, I learned a couple of interesting snippets of information that I wanted to share here.
First, let me summarize the different blog entries that helped me with the implementation:
- Steve Peschka's entry, "Configuring Multiple Authentication Providers for SharePoint 2007", is a good and detailed general article about MOSS authentication providers.
- Liam Cleary's series of articles ("Write your own Custom Authentication Provider") is even more detailed and contains step-by-step instructions: Part 1, Part 2, Part 3, Part 4.
- Harshawardhan Chiplonkar4s entry, "Forms Based Authentication in MOSS", contains a complete series of web.config examples.
One thing that wasn't clear to me is the minimal set of methods that I needed to implement in my custom providers to get MOSS to work. ASP.NET providers are very flexible and offer many entry points, but not all of them make sense in the SharePoint context; yet I couldn't find a definitive list of the methods SharePoint requires. After experimenting a bit and exchanging a few e-mails on internal mailing lists, here's what I gathered.
The minimal set of methods to implement for a SharePoint Server 2007 MembershipProvider:
- GetUser()
- GetUserNameByEmail()
- ValidateUser()
- FindUsersByEmail()
- FindUsersByName()
The minimal set of methods to implement for a SharePoint Server 2007 RoleProvider:
- GetRolesForUser()
- RoleExists()
TODO: call sequence, which methods are called when -- at login time, at rights assignment time
The last thing I learned is how the ASP.NET providers and MOSS interact to handle login names and display names. The trick here is that ASP.NET's MembershipUser class, which is used to represent users, does not include a "display name" property, which means that you have no way to pass a nice display name up to MOSS (e.g. "Thomas Conté"). So, the MOSS "Display Name" property ends up being equal to the MembershipProvider "UserName" property (e.g. "tconte"), which is not as nice. The other little detail to remember is that, because MOSS can deal with multiple custom authentication providers, it has to make your LoginName unique. In order to achieve that, it will prefix the UserName with the Provider Name property, e.g. "mycustomprovider:tconte".
Hope this helps!