1

I wish to use an SQL database that it already in use on my network, so I have written code to override ValidateUser():

public override bool ValidateUser(string username, string password)
{
    return true;
}

I've set this so that it returns true, without checking my database for now, just to test the theory of it.

Is that all I need to do, or is there more to do so that it works properly with the other functions, like storing the username information so that it can be retrieved later on, or do I simply store this information in a session variable?

Once this function returns true, it the user effectively authenticated?

Luke
  • 22,826
  • 31
  • 110
  • 193

1 Answers1

1

You don't need to override or implement all of the methods if you already inherit from SqlmembershipProvider.

If you want to override ValidateUser (for example to log invalid login attempts), you don't need to store the user manually(he's stored in DB and identified via cookie) and can be retrieved by Membership.GetUser.

For example:

public override bool ValidateUser(string username, string password)
{
    // check in database with SqlmembershipProvider
    bool isValid = base.ValidateUser(username, password);
    // get user from database
    var user = Membership.GetUser(username);
    if(isValid)
    {
        // ...
    }
    else{
        // log wrong attempt if you want
    }
    return isValid;
}
Tim Schmelter
  • 450,073
  • 74
  • 686
  • 939
  • Sorry I didn't include that in my question, I am currently inheriting `SqlMembershipProvider` in my class and then overriding the ValidateUser(). I notice that you're calling base.ValidateUser() within an override of ValidateUser(), is that correct? – Luke Aug 23 '12 at 15:08
  • @Coulton: Yes, because i want to validate the user by using the `SqlMembershipProvider`. I've just added some code to show how you can extend the functionality. Basically with `SqlmembershipProvider` you don't need to override methods at all. It's a fully working provider. – Tim Schmelter Aug 23 '12 at 15:15
  • @Coulton: The method will be called when `Membership.ValidateUser(login.UserName, login.Password)` is called for example from a login form and the user will be authenticated if it returns true. Then you can call [`RedirectFromLoginPage`](http://msdn.microsoft.com/en-us/library/ka5ffkce.aspx) – Tim Schmelter Aug 23 '12 at 15:18
  • I take it that if I want to call from my own existing database, I need to add my own database logic in there somewhere? – Luke Aug 23 '12 at 15:27
  • @Coulton: If you execute [`Aspnet_regsql.exe`](http://msdn.microsoft.com/en-us/library/ms229862%28v=vs.100%29.aspx) you can specify which Sql-Server database you want to use. Then all necessary tables and other objects(e.g. Stored-procedures) are created automatically. No need to do something manually. But of course you can [**extend the functionality**](http://stackoverflow.com/questions/6532418/how-to-combine-using-membership-api-with-own-application-related-data/6532611#6532611) if you want. – Tim Schmelter Aug 23 '12 at 15:30