I have recently had to implement custom authentication providers for MOSS 2007 (MembershipProvider & RoleProvider). While I found a lot of excellent information on the Web to help me with this task, I learned a couple of interesting snippets of information that I wanted to share here.

First, let me summarize the different blog entries that helped me with the implementation:

One thing that wasn't clear to me is the minimal set of methods that I needed to implement in my custom providers to get MOSS to work. ASP.NET providers are very flexible and offer many entry points, but not all of them make sense in the SharePoint context; yet I couldn't find a definitive list of the methods SharePoint requires. After experimenting a bit and exchanging a few e-mails on internal mailing lists, here's what I gathered.

The minimal set of methods to implement for a SharePoint Server 2007 MembershipProvider:

  • GetUser()
  • GetUserNameByEmail()
  • ValidateUser()
  • FindUsersByEmail()
  • FindUsersByName()

The minimal set of methods to implement for a SharePoint Server 2007 RoleProvider:

  • GetRolesForUser()
  • RoleExists()

TODO: call sequence, which methods are called when -- at login time, at rights assignment time

The last thing I learned is how the ASP.NET providers and MOSS interact to handle login names and display names. The trick here is that ASP.NET's MembershipUser class, which is used to represent users, does not include a "display name" property, which means that you have no way to pass a nice display name up to MOSS (e.g. "Thomas Conté"). So, the MOSS "Display Name" property ends up being equal to the MembershipProvider "UserName" property (e.g. "tconte"), which is not as nice. The other little detail to remember is that, because MOSS can deal with multiple custom authentication providers, it has to make your LoginName unique. In order to achieve that, it will prefix the UserName with the Provider Name property, e.g. "mycustomprovider:tconte".

Hope this helps!