You might be able to avoid creating a custom membership provider by using the Sitecore.Security.Authentication.AuthenticationManager
to build a virtual user and assign that user to a real role in Sitecore. This way you can restrict access for unauthenticated users (by denying read access to the extranet\anonymous
user account and enabling read access for your custom extranet role. The code (after validating username/password) would be something like this:
using Sitecore.Security.Authentication;
var user = AuthenticationManager.BuildVirtualUser("someone", isAuthenticated: true);
user.RuntimeSettings.AddedRoles.Add("extranet\\some role");
AuthenticationManager.LoginVirtualUser(user);