Search code examples
asp.netcustom-membershipprovider

ASP.net Custom membership on top of quality center authorization


I am relatively new to authorization/memberships in asp.net, so pls excuse if I ask anything silly. I have been looking at lot of examples to implement a custom membership provider in .net (in stackoverflow, codeproject, devX, and www.asp.net) and coded based on that but somehow couldn't get it working.

My requirement - our organization heavily uses HP's Quality center(QC), I am developing an asp.net application, its login page will use QC'a API for authenticating a user. I also have a SQL database in which I'll store the QC users who have registered to my application (just store QC user id's in DB, not password, like I said, password authentication is done using QC API). There will be a user-roles table in my DB to define the roles for registered users.

Why use 'membership' instead of some simple 'forms authentication' - because maybe in future I want to decouple QC authentication.
So, with this I started with first step - developing custom membership class(named AutoCenterMembershipProvider) and login page. I only need validateuser method. following is the approach I took to start with:
1. Ask user for QC user id/password, user clicks 'Authenticate' button
2. login page's code behind-'Authenticate' button's onClick method- checks if user is found in SQL database and if found, then uses QC API to authenticate user id-password
3. Second set of controls on Login page is enabled - ask user to select which QC Domain and Project user wants to login. Options for Domain and Project dropdown lists are also obtained using QC API after authenticating user. User selects those and clicks Login button
4. On Login button's click - call Membership.ValidateUser(objQCSession.UserName, objQCSession.Password). Since user is already validated using QC api, for simplicity I just return 'true' from my custom implementation of Membership.ValidateUser. Then I call - FormsAuthentication.RedirectFromLoginPage(obj_ACUser.QCSession.UserName, True) to direct user to apps default page provieded in web.config's - app_FAs.aspx.

The issue is - after user is redirected to app_FAs.aspx page, it directs user back to login page. I am trying to find out the mistake or missing piece.

Web.config looks like below:

<authentication mode="Forms">
  <forms loginUrl="~\Pages\Login.aspx" defaultUrl="App_FAs.aspx"></forms>
</authentication>
<authorization>
  <deny users="?"/>
</authorization>
<membership defaultProvider="AutoCenterMembershipProvider">
  <providers>
    <clear/>
    <add name="AutoCenterMembershipProvider" 
         type="CustomMembership.Models.AutoCenterMembershipProvider"
         enablePasswordRetrieval="false"   enablePasswordReset="false" 
         requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="100"  minRequiredPasswordLength="100"
         minRequiredNonalphanumericCharacters="0" 
         passwordAttemptWindow="100"   applicationName="/" />
  </providers>
</membership>

and customMembership class is like:

Public Class AutoCenterMembershipProvider
    Inherits System.Web.Security.MembershipProvider

    Public Overrides Function ValidateUser(ByVal username As String, ByVal password As String) As Boolean
        Return True
    End Function

rest all members are 'Not implemented'

any help, pointers to missing piece, mistake is greatly appreciated, thanks in advance

Authenticate button click code

Private Sub btn_Authenticate_Click(ByVal sender as Object, ByVal e As   System.Web.UI.ImageClickEventArgs) Handles btn_Authenticate.click
   objQCSession = Session("QCUserSession")
   If Membership.ValidateUser(objQCSession.UserName, objQCSession.Password) then
     FormaAuthentication.RedirectFromLoginPage(objQCSession.UserName, True)
   End if
End Sub

Solution

  • Currenlty, 2nd step - btn_Authenticate_Click method 1 - is just to assign FormAuthenticationTicket to cookie, and redirecting user to app_FAs.aspx page. It doesn't really need Custom Membership Provider's features.

    If I understand your problem correctly, I would change the logic like this.

    1) After validating user for QC, create FormAuthenticationTicket like this in the same method.

    FormsAuthentication.SetAuthCookie("UserName", true|false);
    

    2) btn_Authenticate_Click (does something and) redirects user to app_FAs.aspx

    You do not even need Custom Membership Provider. If you want to use Custom Membership Provider, you can implement in 1st step (Not in 2nd step).