Inherit SqlMembershipProvider and disable CreateUser() and DeleteUser()

Question

I want to inherit SqlMembershipProvider, setup the membership settings to use the derived custom provider, and prohibit someone from calling Membership.CreateUser() and Membership.DeleteUser().

I have an external application that will offer a user add/delete mechanism that does more than what built-in Membership does.

I was able to override the CreateUser() and DeleteUser() to throw NotSupportedExceptions when Membership.CreateUser() or Membership.DeleteUser() is called.

I then tried 2 custom methods and had each invoke base.CreateUser() and base.DeleteUser() but got null exceptions. I believe the issue is the base methods are only accessible by the overridden functions and not the custom ones.

My code is below:

public class UserMembershipSQL : SqlMembershipProvider
{
    internal MembershipUser CreateUserCustom(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        //do stuff here -- not accessible by Membership.CreateUser

        //currently throws a null exception even though all parameters are set properly
        return base.CreateUser(username, password, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey, out status);
    }

    internal bool DeleteUserCustom(string username, bool deleteAllRelatedData)
    {   
        //do stuff here -- not accessible by Membership.DeleteUser
        return base.DeleteUser(username, deleteAllRelatedData);
    }

    public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        throw new NotSupportedException();
    }

    public override bool DeleteUser(string username, bool deleteAllRelatedData)
    {
        throw new NotSupportedException();
    }
}

Thanks.

Answer 1

That's probably because you didn't specify it in the Providers section of the system.web\membership config node, as mentioned by abatishchev. Download the source code of ASP.Net Provider Model from here. Inherit from SqlMembershipProvider sample class and see how the SqlMembershipProvider internals work. The NullReference exception is thrown because the PasswordStrengthRegularExpression property is not initiallized. Including your provider is the only solution because if you don't do that, the CreateUser method will still fail because your custom provider is not in the list of 'approved' providers. Of course, you can bypass this by specifying an approved provider name when invoking the base.Initialize method in let's say the constructor of your custom membership provider, but I don't think this is correct. Besides, you won't be able to include your provider in the config file because your provider will be initialized twice, which will throw an exception. Again, check the source code.

Answer 2

Web.config:

<membership defaultProvider="Custom">
    <providers>
        <clear /> <!-- remove the built-in -->
        <add name="Custom" ... /> <!-- your own only -->
    </providers>
</membership>

Code:

public class UserMembershipSQL : SqlMembershipProvider
{
    public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        // do your stuff, don't call base
    }

    public override bool DeleteUser(string username, bool deleteAllRelatedData)
    {
        // do your stuff, don't call base
    }
}

Usage:

Membership.CreateUser(); // will call Membeship.Provider.Create(), i.e. - yours

Answer 3

You'd need to initialize the base class in your own Initialize method:

public override void Initialize(string name, NameValueCollection config)
{
    [...] // your own initialization stuff

    base.Initialize(name, config);
}