.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Custom Membership Provider - ValidateUser is not called

Posted By:      Posted Date: October 04, 2010    Points: 0   Category :SharePoint


I am trying to implement a custom membership provider for forms based authentication under SharePoint foundation 2010.

In WSS3.0 everything works as expected but in SP2010 I find that whilst the Initialize method of my custom class is called ValidateUser is not??! I do get an error in the event log "An exception occurred when trying to issue security token. The security token username and password could not be validated". This is accompanied by an ASP.NET information log "Event code: 4006 Event message: Membership credential verification failed" 

Is there some change associated with "Claims authentication" that requires a different base class for this purpose now? 


Andrew Wiles - www.it-workplace.com - MDX made simple

View Complete Post

More Related Resource Links

Implementing a custom Membership Provider vs. using aspnet_Profile table - Which should I do?


I wanted to expand the amount of information that is associated with each user(MembershipUser) in the ASPNETDB.MDF database file. Adding columns like FirstName, LastName, etc. So I began implementing my own custom Membership Provider. I created a derived MembershipUser class with the extra private variables that I wanted each MembershipUser record to store. Its basically done. Almost after I did this I stumbled across the columns in the ASPNETDB.MDF->aspnet_Profile table called "PropertyNames" and "PropertyValuesString".  Could I have simply used these two columns to accomplish what I was attempting to do or are these columns for global application configuration settings?  

Is the aspnet_Profile table purpose to store expanded/related information about users such as personal information? Or is it for something else? Thanks.

Adding additional fields to my custom membership provider

Hi, i have been playing around with the membership provider model for the last week and have it got it working with a basic table schema.  The trouble i have is that i wish to add an additional field (eg First Name) but am not sure how i can do this.  Here's what i have so far: public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)    {        MembershipUser user = new MembershipUser(Name, username, providerUserKey, email, passwordQuestion, null, isApproved, false, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now, DateTime.Now);        string sql = "INSERT INTO USERS(USERNAME,PASSWORD,EMAIL,ISACTIVE) VALUES(@UID,@PWD,@EMAIL,@ISACTIVE)";        db.AddParameter("@UID", username);        db.AddParameter("@PWD", password);        db.AddParameter("@EMAIL", email);        db.AddParameter("@ISACTIVE", (isApproved == true ? "Y" : "N"));        int i = db.ExecuteNonQuery(sql); 

Custom Membership Provider Problem

Hi there, I'm writing a web app using C# and .NET 2.0 (corporate environment, so I can't use 4.0) and I'm running into an issue with custom membership providers. Everything compiles, and looks like it should work, but I get this error when viewing the WSAT Security tab:  Could not load type 'BinCSF.Security.CUser' from assembly 'App_Code.f4qdas9h, Version=, Culture=neutral, PublicKeyToken=null' <membership> section of web.config: http://illogi.ca/l/snippets/bincsf_web_config.html BinCSF.Security.UserProvider: http://illogi.ca/l/snippets/bincsf_userprovider.html BinCSF.Security.CUser: http://illogi.ca/l/snippets/bincsf_cuser.html Any help would be greatly appreciated.

Custom membership provider and FormsAuthentication.

Hello folk, I've implemented my custom membership provider. I use third server for authentication (call web method that validates user/password). I need this user/password for retrieve some additional data from this server. Asp.net MVC uses FormsAuthentication and cookie for keep 'login state' by default. It works well when I login on site first time. But when I close and open site again sometime after, cookie keeps it 'login' but I don't have credential for access to server data. I can change cookieless attribute (to 'UseUri' for example) in configure file but in this case I should login again if I open second tab with this app in same browser. My questions: Is way to call SingOut of FormsAuthentication (remove authentication ticket from browser) when user closes asp.net mvc app?Is secure way to pass user/password data through session? Because server is unstable and interrupt connection often and app should have possibility for silent reconnect.

How to write a Custom Membership Provider

Hi guys, Can someone please tell me where to start with creating a custom membership and roles provider? I've found tons of information on how to implement a custom provider but not how to actually create it. I have an Oracle database with a users table. In this table I have a "Platform" column. I would like to authenticate through FBA only the users from this table who have a specific Platform value. Now I know i need to write a custsom membership provider that handles all sorts of requests but i really dont know what to base it on, where to add it in the sharepoint solution etc.   your help will be soooo greatly appreciated!The world is the mollusc of your choice

Web.config for Custom Membership Provider

I am trying to set-up the connection strings to my Membership Provider. I am using the Sql server database and not the default aspnet_db. Iam giving the Fully Qualifying namespace+class in my "type"  and it still throws an error msg "connection string cannot be blank". Web.config: < < < < membership defaultProvider="CustomMembershipProvider">providers>clear />add connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="RavLoginApp" description="Stores and retrieves membership data from the local Microsoft SQL Server database" name="CustomMembershipProvider" type="MyNamespace.CustomMembershipProvider" />  </providers> </membership <connectionStrings > <remove name="LocalSqlServer" /> <add name="LocalSqlServer" connectionString="data source=;database=MyLocaldb;uid=xxxxx;pwd=xxxxxx" providerName="System.Data.SqlClient" /> <

Custom membership provider using MYSQLMemberShipr Provider

hi, I am implementing my custom membership provider for MYSQL for this I write thi code: public class CustomSqlMembershipProvider :MySQLMembershipProvider {   public override void Initialize(string name, NameValueCollection configs) { base.Initialize(name, configs); } } When I am compiling this class, getting an error: 'Project.Models.CustomSqlMembershipProvider': cannot derive from sealed type 'MySql.Web.Security.MySQLMembershipProvider' C:\Workarea\\Project\Models\CustomSqlMembershipProvider.cs Why I getting this error. I have added the MySql.web and MySql.Data assembly references thanks in advance Aayushi

membership provider with custom login form problem / question

Hi all, I am using the .net membership provider, and I can get past the membership.validate user ok and into my secure page.   The problem I have is that when I reach the secured page, I have a login status control which isn't changing from login to logout.   Below is my login code:If Membership.ValidateUser(txtUsername.Text, txtPassword.Text) Then Response.Redirect("/auth/Default.aspx") If chkRememberMe.Checked Then FormsAuthentication.SetAuthCookie(txtUsername.Text, True) Else FormsAuthentication.SetAuthCookie(txtUsername.Text, False) End If Else lblLoginStatus.Text = "Oops! Login not found!" End If    Thanks in advance.

Custom membership provider not returning values from my web.config


I created a custom membership provider in my ASP.NET 4.0 web site, stored  in App_Code, and referenced in my web.config.

However, it doesn't appear to be pulling values out of web.config during initialization.

The code was taken from http://www.asp.net/general/videos/how-do-i-create-a-custom-membership-provider, and the only modifications were changing "connectionStringName" here to the name of my connection string:

    Dim ConnectionStringSettings As ConnectionStringSettings = _

The connection string always comes back as nothing in this line:

    If ConnectionStringSettings Is Nothing OrElse ConnectionStringSettings.ConnectionString.Trim() = String.Empty Then
      Throw New ProviderException("Connection string cannot be blank.")
    End If

No matter what I change the password format to in web.config, the default value here is always used:

    Dim temp_format As String = config("passwordFormat")
    If temp_format Is Nothing Then
      temp_format = "Has

custom membership provider with WSS API problem


Hi, I just ran into a weird problem when writing a custom membership provider for a wss site.

This is how we validate user, since the authentication is using webserivce, we need to call the web user and passing user name and password to the webserice then update the WSS Profile based on the webservice call. This is how we do for ValidateUser(string username, string password)

 public override bool ValidateUser(string username, string password)
      edwsusermaintWS.edwsusermaint usermgt_ws = new ASP.NET.CustomMembership.edwsusermaintWS.edwsusermaint();
      bool isvalid = false;

        string userinfo = usermgt_ws.validatePassword(username, password);

        if (userinfo != null && userinfo.Length > 0)
          SPWeb siteEval = null;
              using (SPSite siteCollection = new SPSite(SPContext.GetContext(System.Web.HttpContext.Current).Site.Url))
                SPWeb site = siteCollection.OpenWeb();
                siteEval = site;

            siteEval.AllowUnsafeUpdates = true;
            //This is not efficient process, because everytime, people logs in,it queries the webservice to update

Custom Membership Provider Permissions Inconsistency


Hi there,

I've built a custom membership provider and a custom role provider and successfully deployed it. I've also managed to debug it by attaching all my w3wp.exe processes in Visual Studio 2010.

Trying to login with forms authentication seems to be working fine but obviously tells me access denied and it also hits the membership provider and the role provider in the debugger (i've got breakpoints on all the methods).

So then i log in with windows authentication using AD and try to set up permissions for forms-based user. The people-picker finds my FBA user and then i click on the "Add" button but when the picker returns focus to the permissions page, the page tells me the user cannot be found and underlines the username with a red squiggly. If i then type out the username and click the validate button (icon of a person with green tick-mark) then it takes a couple of seconds and resolves the username just fine. But when i then click on "OK" it loses validation and underlines the entered username with a red squiggly again. Also at this point nothing is hitting the debugger at all.

I've checked and re-checked my web.configs and i cannot determine where the problem lies!

Am i supposed to build a Claims Augmentation as well? My current understanding of the Claims-Based Identity Framework is that this is not nec

SPContext.Current is null In Custom Membership ValidateUser


Hi,I just get a problem getting SPContext.Current in Custom membership Provider.

We have successfully plugin the custom membership into Sharepoint foundation 2010. We tried to programmically update the user's full name after user logs in and it failed in 2010 version. (good in 2007)

This is the simplified code. The class is a custom membership provider.Strangely, this only happens in 2010 version and never raised a problem in 2007.

public override bool ValidateUser(string username, string password)
   bool isvalid = false;

    if(username=="admin" && password="pwd")
      isvalid = true;
     var webContext = SPContext.Current.Web; //this returns null

   catch (System.Web.Services.Protocols.SoapException exp)
    Logger.WriteLog(exp.InnerException.ToString(), "wss login error");
   return isvalid;


Please Help. Thank you.



Custom Login Page , with custom membership provider for sharepoint 2010


Dear All,

I am new to sharepoint, i am developing a custom application on sharepoint 2010. i need to create a custom login page in sharepoint 2010 with a custom membership provider which will authenticate against a 3rd party web service. 

Can anybody guide me with the steps i need to do for this. do i need to write a custom claims provider for this or is it enough if i write a custom authentication provider and use it for my login page which we do for asp.net.

i am confused about these. 

thanks in advanace 


Login controls and custom membership provider


I am working on implementing a custom membership provider that works against an existing schema in my database and have a few thoughts/question.

The login control will automatically call the ValidateUser method of the membership provider, so no matter how I implement the provider the only thing the login control cares about the bool value returned by this method.  What I am confused about is there could be numerous reasons why a login attempt failed; user is locked out, too many tries in a period of time, etc.  There is no way that I see to convey that to the control so it could display the proper message.  Other properties of the membership provider such as PasswordStrengthRegularExpression have absolutely no effect on the login control as well (out of the box), I would have hoped that it would automatically somehow translate into regular expression validators, but that doesn't seem to be the case.  So it seems that I need to initialize the login control properties with these settings out of the provider configuration if I want them to take on the control itself.

If the only thing that the Login control does out of the box (without manually handling events and doing the initialization as described above) is call the ValidateUser method on the membership provider, I see no way to convey back to the Login control why the validation

Password Encryption with Custom Membership Provider


 I am using a custom membership provider with a custom ValidateUser method.  The ValidateUser sends and additional parameter to authenticate my users (Username, Password, and Dealer).  I created a custom stored procedure for ValidateUser to call.  I copied over all my users from another table and encrypted all the passwords in the aspnet_membership table using the code below.  My question is, how do I take the password the user enters in the login form and validate that against what is in my aspnet_membership table?  Is there a method I need to call to encode/decode to do the password check?  Thank you very much for your help!

Here is the code I used to encrypt the passwords (not even sure this was the right way to encrypt. Please tell me if I did this wrong):

public static string EncodePasswordNow(string originalPassword)

        Byte[] originalBytes;
        Byte[] encodedBytes;
        MD5 md5;        //Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash (encoded password)       

Sharepoint 2010 Custom Membership Provider



I'm trying to create a site with fba using my own memebership and role provider.
The problem i have is when i am creating the sitecollection from the central administration, my web app has windows and fba authenticacton turned od, in the membership provider and role mananer i put my own providers. When i am creating the sitecollection for that web app in the administrator textbox is not finding the windows user... I don't understand why...
My web application authorization is windows with FBA turn on. If i turn off the fba authentication in the web app, the windows user is working as the administration....
I don't understand why is happening this..


UpDate: I checked the eventviewer and i have this error when i want to put the windows user:

An exception occurred in Forms Auth claim provider when calling SPClaimProvider.FillResolve(): The configuration section cannot contain a CDATA or text element. (E:\inetpub\wwwroot\wss\VirtualDirectories\48079\web.config line 457).

This line on the web.config is where i have my membership provider:

 <add name="LMSMemberShipProvider" type="Company.LMS.LiveMembershipProvider, Company.LMS, Version=, Culture=neutral, PublicKeyToken=464df6932833bbb2" applicationName="/"/>



Can i reuse MOSS custom membership provider in SPS 2010


I have a MOSS 2007 site which uses the fba  with ustom membership provider. and now i want to reuse that membership provider in the new SPS 2010 claims based authentication which supports FBA.

Here, my question is  can i reuse the DLL which created the custom membership provider and deploy ti in the new sps 2010 environwemt?

will that suffice? i will  deploy the dll in new sps 2010 central admin web.config and sts toen service webconfig and my custom web appln's web.config. wil  tyhat enoughto up& runnning the new web appln with FBA enabled?

i am validating the users against a web service in teh MOSS envmnt.

Can anybody help me the right appraoch with links/resources.





PrasadWT PrasadWT
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend