Custom Membership Provider

Topics: General
Jul 8, 2011 at 2:09 PM

Hi, I would like to know if its possible to use a custom provider for logging into composite itself, overriding the standard users. This would ideally read from an SQL (since I already have a large database of users from another website). I am new to Composite so any help would be appreciated. Thanks!

Jul 11, 2011 at 10:16 AM

Hi @naibla The security related logic isn't completly separated. You can make it work by:

1) Copying users from your database to C1's database. That would be something like

using(var conn = new DataConnection()) {
   foreach(User user in myUserDatabase) {
      Guid userId = user.Id;

      // Checking whether the user already exists
      if(conn.GetData<IUser>(u => u.Id == userId).Any()) continue;
      var newUser = conn.New<IUser>();
      newUser.Id = userId;
      newUser.Username = ...;

      // Assigning user group rights
      var roleAssigment = conn.New<IUserUserGroupRelation>();
      roleAssigment.UserId = userId;
      roleAssigment.UserGroupId = ... /* Id of a user group which rights should be inherited */;

If password aren't encrypted in your User database, that would be the only step. Just execute this code f.e. on every startup to keep user databases syncronyzed

2) If passwords are hashed, you need to override password validation logic.

Create a custom Composite.dll version, in which interface Composite.C1Console.Security.Plugins.LoginProvider.IFormLoginProvider and class DataBasedFormLoginProvider are public (not internal as it is now)

Create a class which implements IFormLoginProvider and inherits DataBasedFormLoginProvider, overridethe method that validates passowords  
Edit Composite.config, Configure Composite.C1Console.Security.Plugins.LoginProviderConfiguration to use the new provider

<Composite.C1Console.Security.Plugins.LoginProviderConfiguration defaultLoginProviderPlugin="DataBasedFormLoginProvider">
      <add name="AllWindowsLoginProvider" type="Composite.Plugins.Security.LoginProviderPlugins.ValidateAllWindowsLoginProvider.ValidateAllWindowsLoginProvider, Composite" />
      <add name="DataBasedFormLoginProvider" type="Composite.Plugins.Security.LoginProviderPlugins.DataBasedFormLoginProvider.DataBasedFormLoginProvider, Composite" />
      <add name="FormLoginProvider" type="Composite.Plugins.Security.LoginProviderPlugins.ConfigBasedFormLoginProvider.ConfigBasedFormLoginProvider, Composite">
          <add password="19A2768D-429C-41e0-8969-E80ECB1D9829" name="admin" />

It was done at least once by @burningice, so it should work

Jul 11, 2011 at 4:43 PM

Thank you so much! I will give it a shot.

Jul 12, 2011 at 4:23 PM
Edited Jul 12, 2011 at 4:52 PM

I've been having trouble getting it to run at start up. I followed the instructions here:

and to some extent here:


Currently, when I reboot Composite, nothing happens.

I put the dll in /bin, but do I need to reference it in the web.config? If so, where?

EDIT: Fixed it, I had not made the OnBeforeInitialize() and OnInitialized() public :p