Sunday, May 06, 2007

Things to keep in mind when implementing Custom Authentication Provider for SharePoint 2007

Recently I had to implement a custom authentication provider for one of my clients. From the surface, it looked easy since SharePoint 2007 is an ASP.NET 2.0 application so all you need to do is implement - MembershipProvider and RoleProvider. Well, that part was easy but the hard part was to figure out how SharePoint make calls to your custom provider, which calls need to be optimised, what data can be cached.

Here are some findings

1) RoleProvider : Although this is optional, you are better of implementing this one. One biggest problem I ran into without implementing this one was "Admin" user, How do you add a user to Admin role? and Without a admin user, how to login and add other users ? Chicken and Egg problem. Though via Central admin you can give a user full access to a virtual user but when you try to login into your application(site), SharePoint will throw "Access denied" error

2)User Lookup and Addressbook : Anywhere in SharePoint, when you click these two icons , They call your Custom Authentication Provider. Interestingly both these button call the FindUsersByEmail method. If you are expecting a wildcard user search, the default wildchar character SharePoint usages is %, though this can be replaced to a different character by modifying your Authentication provider entry in web.config file

3) Editing Master Page : One problem I ran to was that I had to update default master page, Because I was using CustomAuthentication Provider, I could not open it directly from SharePoint designer ( though there is a way to achieve this - e.g. persistent cookie) I had to edit it the old fashioned way aka - Notepad. Well I made couple of syntax errors but I forgot to test it locally and directly check-in via "Masterpages Gallery" - Bomb!, I could not get my default page to load, It keep giving me - "Resource not found" ASP.NET generic error. I could not see any error either in SharePoint log or in Event log. The only way I could roll it back was by changing my authentication provider back to "Windows" and then loading my master page in "SharePoint designer". I wish there was a better way to do this.

I am still having fun with it. I will post more findings later. If you are looking for how to implement an custom authentication provider, here is a great MSDN article

No comments: