ASPNet Membership Controls

[Rory Becker]

Hi All

I have a database which has it's own set of tables for users etc

I already successfully use the Login control by handling the Authenticate
event and checking the suitable values against my own DB.

Now I need to use the ChangePassword control but I cannot stop the system
from trying to create a database.

I would implement my own membershipprovider but that really seems like a
lot of work.

Is there a way customising the ChangePassword control so it calls my code
to check if the change is valid and to actually perform the change?

Many thanks in advance

 

[Cowboy \(Gregory A. Beamer\)]

Create a custom membership provider rather than kludging all of the events.
Through a custom provider, you can tailor all of the processes to use your
table structure instead of the one MS provides.

Here are a couple of links:
http://www.devx.com/asp/Article/29256
http://www.15seconds.com/issue/050216.htm
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

and one video
http://www.asp.net/Learn/videos/video-189.aspx

 

[Steven Cheng [MSFT]]

Thanks for Gregory for the informative inputs on custom membership
providers.

Hi Rory,

If you just want to reuse the ChangePassword control without involving the
membership provider layer, I think you should register the
"ChangingPassword" event and put your own changing code there. Also, make
sure you call "e.Cancel=true" in that event so that it code logic won't go
further to the built-in control's code logic( that's why you see it always
create thet default sqlexpress database).

For example:

=======================
protected void ChangePassword1_ChangingPassword(object sender,
LoginCancelEventArgs e)
{
e.Cancel = true;

//your own password changing code logic here.

Response.Write("<br/>Old Password: " +
ChangePassword1.CurrentPassword);

Response.Write("<br/>New Password: " + ChangePassword1.NewPassword);
}
=====================

BTW, it is also possible that you create a custom control which derive from
the ChangePassword control. I have checked the ChangePassword control's
code in reflector, you can simply override the following code which is the
one that control the postback processing logic:

===
protected override bool OnBubbleEvent(object source, EventArgs e)
{
..............

==========

You can do your own work such as (call your own function that changing
password ) in this event

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

Date: Tue, 15 Jul 2008 15:40:43 +0000 (UTC)
Message-ID: <[email protected]>
From: Rory Becker <[email protected]>
Subject: ASPNet Membership Controls

 

[Rory Becker]

Hello Cowboy (Gregory A. Beamer),

Create a custom membership provider rather than kludging all of the
events. Through a custom provider, you can tailor all of the processes
to use your table structure instead of the one MS provides.

Here are a couple of links:
http://www.devx.com/asp/Article/29256
http://www.15seconds.com/issue/050216.htm
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
and one video
http://www.asp.net/Learn/videos/video-189.aspx

Those are some great links. Thanks very much.

I also found this post "http://davidhayden.com/blog/dave/ar...mMembershipProviderASPNETWebsiteSecurity.aspx"
in which David hayden points out that you do not need to implement every
method and can in fact throw NotImplementedExceptions for all others.

I finally created a Custom MembseshipProvider as you suggested

The only methods I needed to implement were 'Initialize', 'GetUser', 'ChangePassword'
and 'ValidateUser'.

I also overrode al the properties but supplied only backing fields for these
and initialised all of these to suitable default values.

I reduced the 1200(approx) line file suggested in the video you linked to,
to (approx) 200 lines.

I'm sure I will need to implement more for some of the other controls that
I might want to use later on but this was fantastic.

Thanks very much

 

[Rory Becker]

Hello Steven Cheng [MSFT],

If you just want to reuse the ChangePassword control without involving
the membership provider layer, I think you should register the
"ChangingPassword" event and put your own changing code there. Also,
make sure you call "e.Cancel=true" in that event so that it code logic
won't go further to the built-in control's code logic( that's why you
see it always create thet default sqlexpress database).

Thanks Steven, this makes a great deal of sense.

I have recently discovered (as indicated in my reply to Cowboy) that the
implementation of a MembershipProvider need not be as complicated as I thought
an so have gone in this direction instead.

I am curious however, from a theoretical standpoint... If I were to take
your suggestion and cancel the further processing within the ChangingPassword
event, how then would I get the control to visually react to the success
or failure of my attempt to change the password?

Thanks again for your help

 

[Steven Cheng [MSFT]]

Thanks for your reply Rory,

Yes, per your scenario, since you won't have much time to implement a
complete new membershp provider, simply intercepting the login control's
event and do your own code logic will be better.

For your new question. Yes, since you cancel the event, the built-in
behavior of LoginControl will not continue as normal. However, based on my
understanding, those LoginControl won't do much more for sucessful or
failure result. Therefore, I think you can also add your own code logic to
display the result. For example, put a label to display successful or
failure condition. How do you think?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------

Date: Wed, 16 Jul 2008 16:35:59 +0000 (UTC)
Message-ID: <[email protected]>
From: Rory Becker <[email protected]>
Subject: RE: ASPNet Membership Controls

Hello Steven Cheng [MSFT],

If you just want to reuse the ChangePassword control without involving
the membership provider layer, I think you should register the
"ChangingPassword" event and put your own changing code there. Also,
make sure you call "e.Cancel=true" in that event so that it code logic
won't go further to the built-in control's code logic( that's why you
see it always create thet default sqlexpress database).

Thanks Steven, this makes a great deal of sense.

I have recently discovered (as indicated in my reply to Cowboy) that the
implementation of a MembershipProvider need not be as complicated as I thought
an so have gone in this direction instead.

I am curious however, from a theoretical standpoint... If I were to take
your suggestion and cancel the further processing within the ChangingPassword
event, how then would I get the control to visually react to the success
or failure of my attempt to change the password?

Thanks again for your help