Clever Membership Providers
I have recently been creating membership/role providers for use with the content management system where I work. We use active directory to authenticate users, however, we have some generic users that need to authenticate and we don’t really want to create them in our AD. The solution: Have my login page attempt to authenticate with ad and if it fails, have it check the sql membership provider. To do this, I override the Authenticate method for the login control on our login page like so:
protected void Authenticate(object sender, AuthenticateEventArgs e)
{
bool Authenticated = false;
MembershipProvider provider;
provider = Membership.Providers["MyAdMembershipProvider"];
Authenticated = provider.ValidateUser(Login1.UserName, Login1.Password);
if (!Authenticated)
{
provider = Membership.Providers["SQLProvider"];
Authenticated = provider.ValidateUser(Login1.UserName, Login1.Password);
}
e.Authenticated = Authenticated;
}
Of course, there may be some sort of security implication to this but I think its ok. If you know otherwise or know a better way of doing this, feel free to leave a comment!
