Can you configure .Net membership to use a config/xml file as it's datasource

I'm developing a fairly simple website for a friend and want to provide some admin access features using .Net membership authentication.

Is it possible to store the role/user/membership info 开发者_C百科in the web.config or some other xml file, instead of using a SqlServer database?

Sure, you just need to roll your own MembershipProvider and RoleProvider that reads the XML file instead of a database. The MembershipProvider and RoleProvider have a lot of properties and functions that must be overridden, but only a handful of them are actually needed to make it functional -- I left a lot of the functions to add new users etc. throwing a not supported exception because I edit user information directly in the database.

pjabbott gave the correct answer to this, but I thought I'd show the code I've come up with to provide a more complete answer. This is about as simple as you could possibly make this by the way.

I created a class which inherits from System.Web.Security.MembershipProvider as shown below.

namespace MySolution
{
public class MembershipProvider : System.Web.Security.MembershipProvider
{

    public override string ApplicationName
    {
        get
        {
            return "PopupGallery";
        }
        set
        {
            throw new NotImplementedException();
        }
    }

    public override bool ChangePassword(string username, string oldPassword, string newPassword)
    {
        throw new NotImplementedException();
    }

    public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
    {
        throw new NotImplementedException();
    }

    public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
    {
        throw new NotImplementedException();
    }

    public override bool DeleteUser(string username, bool deleteAllRelatedData)
    {
        throw new NotImplementedException();
    }

    public override bool EnablePasswordReset
    {
        get { return false; }
    }

    public override bool EnablePasswordRetrieval
    {
        get { return false; }
    }

    public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
    {
        throw new NotImplementedException();
    }

    public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
    {
        throw new NotImplementedException();
    }

    public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
    {
        throw new NotImplementedException();
    }

    public override int GetNumberOfUsersOnline()
    {
        throw new NotImplementedException();
    }

    public override string GetPassword(string username, string answer)
    {
        throw new NotImplementedException();
    }

    public override MembershipUser GetUser(string username, bool userIsOnline)
    {
        throw new NotImplementedException();
    }

    public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)
    {
        throw new NotImplementedException();
    }

    public override string GetUserNameByEmail(string email)
    {
        throw new NotImplementedException();
    }

    public override int MaxInvalidPasswordAttempts
    {
        get { return 20; }
    }

    public override int MinRequiredNonAlphanumericCharacters
    {
        get { return 0; }
    }

    public override int MinRequiredPasswordLength
    {
        get { return 6; }
    }

    public override int PasswordAttemptWindow
    {
        get { throw new NotImplementedException(); }
    }

    public override MembershipPasswordFormat PasswordFormat
    {
        get { throw new NotImplementedException(); }
    }

    public override string PasswordStrengthRegularExpression
    {
        get { throw new NotImplementedException(); }
    }

    public override bool RequiresQuestionAndAnswer
    {
        get { throw new NotImplementedException(); }
    }

    public override bool RequiresUniqueEmail
    {
        get { throw new NotImplementedException(); }
    }

    public override string ResetPassword(string username, string answer)
    {
        throw new NotImplementedException();
    }

    public override bool UnlockUser(string userName)
    {
        throw new NotImplementedException();
    }

    public override void UpdateUser(MembershipUser user)
    {
        throw new NotImplementedException();
    }

    public override bool ValidateUser(string username, string password)
    {
        if (username == ConfigurationManager.AppSettings["Username"] && 
            password == ConfigurationManager.AppSettings["Password"])
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}
}

I then added the following entries into my web.config file to wire it all up.

<appSettings>
  <add key="Username" value="admin"/>
  <add key="Password" value="password"/>
</appSettings>

<system.web>
  <membership defaultProvider="CustomMembershipProvider" 
            userIsOnlineTimeWindow="30">
    <providers>
      <remove name="AspNetSqlProvider" />
      <add name="CustomMembershipProvider"
        type="MySolution.MembershipProvider"
        enablePasswordRetrieval="false"
        enablePasswordReset="false"
        requiresQuestionAndAnswer="false"
        passwordFormat="Hashed"
        applicationName="/" />
    </providers>
  </membership>

  <authentication mode="Forms"/>
</system.web>

Yes, you can implement your own custom Memebrship and Role Providers to authenticate/authorise against any datastore.

http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx