Pass additional parameter to Custom Membership provider's ValidateUser()

3
votes

I have a class "User" that is inherited by two other classes(LocalUser and Donor). I have created a custom membership provider for ASP.net forms authentication and overridden the ValidateUser() method. In the ValidateUser() method of my custom membership provider, I need to pass in a parameter to know whether the "User" to validate is "LocalUser" or "Donor" and accordingly validate the user against the database. The problem is that ValidateUser() takes only two parameters (username and password). So there is no scope for me to push in another one. One thing that came to my mind was to set a session variable but then I was looking for a cleaner approach. Any suggestions?

2
asp.netasp.net-mvcasp.net-mvc-3forms-authentication
What the reason to have two distinct classes for users instead of using roles? - Yuriy Rozhovetskiy
According to the model that I designed, there were a lot of fields common to both LocalUser and Donor, so I decided to create a User class and inherit it for the LocalUser and Donor. Both of them would be the users of the system, but Donors are public users whereas LocalUsers are the organizational users. So Donors have a lot less rights than LocalUsers. I have mapped the LocalUser and Donor to their respective roles using Custom role provider. There are separate Action methods in my Login Controller for validating (login) for Donor and LocalUser. - Jatin
Does anybody may be a LocalUser and Donor with the same login/password simultaneously? - Yuriy Rozhovetskiy
The User Class contains the login UserId field and so a LocalUser cannot have a UserId same as Donor UserId. - Jatin
I suppose that you complicating your business logic too much. Since the UserId is unique across all users there it's not required to distinguish users by type on validating. As a user I don't want to worry about who I am in your model - LocalUser or Donor or maybe some another type. All that I want - it's just give my login / password and got all permitted functionality access. - Yuriy Rozhovetskiy

2 Answers

1
votes

Just create an overridden version of your Validate method, taking 3 parameters and call it directly like:

((MyCustomMembershipProvider)Membership.Provider).Validate( username, pass, anything );

The only drawback of such approach is that you can no longer rely on the automatic invocation of the two-parameter version of the Validate method, if and only if it is automatically called from somewhere (for example from the asp:Login control)

0
votes

You could send both username and usertype in username field and then parse it in ValidateUser method? Like this: username|userType. Of course, you should forbid entering delimiter in username field.