Only log in umbraco members when they have been approved

A common thing when dealing with members on your site is that they need to be approved after registration before they can access the protected area on your site.

This post describes a simple way of doing that.

On the umbraco member type I have a True/false property with the alias active. If this is set to true on the member he is an ‘active’ member and is allowed to log in.



The only thing that is needed is to override the ValidateUser method of the UmbracoMembershipProvider. So make a custom class, inherit from umbraco.providers.members.UmbracoMembershipProvider and override the method (make sure to reference umbraco.providers).

Instead of just checking if there is a member with the supplied loginname and password we’ll add some extra code that will check if the member has his active property set to true. If that is the case we return true, in all other cases we return false.


namespace Nibble
    public class CustomMemberShipProvider : umbraco.providers.members.UmbracoMembershipProvider
        public override bool ValidateUser(string username, string password)
            umbraco.cms.businesslogic.member.Member m =
                username, EncodePassword(password));
            if (m == null)
                return false;
                    if (m.getProperty(“active”).Value.ToString() == “1″)
                        return true;
                        return false;
                    return false;
            return (m != null);


Final step is to modify the web.config so that our custom membership provider is used instead of the default umbraco one. So Just change the type attribute on the umbraco membership provider to the type of the custom membership provider.

<add name=”UmbracoMembershipProvider” type=”Nibble.CustomMemberShipProvider”
 enablePasswordRetrieval=”false” enablePasswordReset=”false” requiresQuestionAndAnswer=”false”
 defaultMemberTypeAlias=”CobraMember” passwordFormat=”Hashed” />


That’s it, now the asp:login control will only login the member if he has his active property set to true.

14 Comments so far

  1. tom on May 3rd, 2009

    thanks for that. but is there any way to access newly created members? or allow to directly open member page (pass member id through query string or so) ?

  2. Nik on May 15th, 2009

    Will this override only the validate user method? What happens to the rest of the umbracomembershipprovider functionality?

  3. Tim Geyssens on May 15th, 2009

    @Nik, yes only the validate user method, the rest stays the same

  4. Nik on May 19th, 2009

    @Tim, thanks brother. This works flawlessly!

  5. Nik on May 19th, 2009

    Here’s a question for ya. How would you override the FailureText within ValidateUser? Anyone meddled with that?

  6. Tim Geyssens on May 19th, 2009
  7. Søren Linaa on May 21st, 2009

    Hi Tim

    It works great - thanks. Do you have a proposal on how to make a dashboard control or something to show only the not active members.

  8. Nik on June 10th, 2009

    Hi Tim, it’s me again :(

    After I upgraded to 4.0.2 this no longer works. It times out when trying to login and finally displays a network error in IE. Do you know of a fix? Thanks again!

  9. Nik on June 10th, 2009

    FYI, it seems that it is getting stuck in the GetMemberFromLoginNameAndPassword method and keeps returning a new Encoded password in an infinite loop. This only happens if a member is returned. If I use faulty credentials the code continues.

  10. Chad Rosenthal on December 21st, 2009

    I was running into the same issue. For some reason when I rand GetMemberFromLoginNameAndPassword and would send it the encoded password, it would start an infinite loop.

    I changed my code to the following code, and it is working great.

    string encodedPassword = EncodePassword(password);
    umbraco.cms.businesslogic.member.Member currentMember =

  11. Tom on February 3rd, 2010

    I too had the same problem as chad with the infinite loop.. very odd!

  12. Uday on March 17th, 2010


    I tried to use the above in “umbraco v″ but it’s not working, it give “Function evaluation timed out”. Does someone know why is this happening?

    Thanks in advance

  13. shah on August 17th, 2010

    This method does not work with Unbraco V 4.0.2 >

  14. CSharpDevPower on September 6th, 2012

    I was able to fix the infinite loop from ValidateUser() by using GetMemberFromLoginAndEncodedPassword() method instead.

    string encodedPassword = EncodePassword(password);
    umbraco.cms.businesslogic.member.Member currentMember =
    umbraco.cms.businesslogic.member.Member.GetMemberFromLoginAndEncodedPassword(username, encodedPassword);

Leave a Reply