Re: Add extra parameter to Login/Membership - ASP 2.0
From: David Sack (dsackNoSpam_at_NoSpamwp-int.com)
Date: 10/25/05
- Previous message: Dominick Baier [DevelopMentor]: "Re: Add extra parameter to Login/Membership - ASP 2.0"
- In reply to: Dominick Baier [DevelopMentor]: "Re: Add extra parameter to Login/Membership - ASP 2.0"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Add extra parameter to Login/Membership - ASP 2.0"
- Reply: Dominick Baier [DevelopMentor]: "Re: Add extra parameter to Login/Membership - ASP 2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Oct 2005 11:47:44 -0400
Hadn't thought about the re-writing of the controls beyond the Login
control. I think that you are correct, It will be more work adjusting the
existing membership provider and others then just creating what I need
specifically for this application. Thanks so much for the input it was of
great value. BTW. I had a chance to take a look at your web site, great
stuff.
Thanks
Dave
"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4256546011f7e78c7a79e4ac63c1a@news.microsoft.com...
> Hello David,
>
> this is fine for Membership - but the role provider, or more specifically
> the RoleManagerModule is called on every request in your local
> application. It subscribes to PostAuthenticateRequest in the HTTP pipeline
> to get the roles for the user and sets Context.User. This will pick up the
> ApplicationID of your local application.
>
> so i think this will not work...
>
> To be honest, i think a provider will not work at all for you ...
>
> Let's say you have written your own provider witch a new ValidateUser
> method that takes an additional application name as parameter - how do you
> want to teach the login control the trick (without templating and
> basically rebuilding it) ??
>
> Well - you could subclass the SqlMembershipProvider and add a
> ApplicationName property that you set on Application_Start e.g. - not a
> perfect solution - but again this means you have to override ValidateUser
> and quite a number of other methods.
>
> On the other hand - if you don't use the new security controls - why would
> you go through the hassle of building a provider - most probably you'll
> only need 60% of the functionality.
>
> So why not simply go for your own compact authentication library that does
> exactly what you want - deploy it in the GAC and use it from all your
> apps??
>
> providers are no panacea (unfortunately).
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Something kind of clicked when I thought about this after the fact.
>> As far as I can tell the ApplicationID is set from the Web.Config
>> file. If I were to create application directories under my home
>> directory that had a different ApplicationID specified then create a
>> login form on that directory that would redirect on a successful login
>> the the main menu page in the parent web directory it would used the
>> sub applications authentication to allow access based upon the
>> ApplicationID.
>>
>> I have tested it quickly and it seems to work. I don't know how it
>> will affect overall security or the use of roles? I would also have
>> the create a sub-application login directory for each unique site that
>> would be accessing the site. That could turn into a pain.
>>
>> Let me know what you think?
>>
>> Thanks again,
>> Dave
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com>
>> wrote in message
>> news:4256546011e8cd8c7a72e63bf10ca@news.microsoft.com...
>>> Hello David,
>>>
>>> can you "misuse" the ApplicationName for that??
>>>
>>> otherwise i guess you need a custom provider.
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> I hope can explain this properly. I have a time keeping site that
>>>> host multiple companies data in a single database. I would like the
>>>> logins to be unique for each company but not across the entire site
>>>> (i.e. I could have two jsmith logins as long as they are with
>>>> seperate companies).
>>>>
>>>> I would like to add a drop down box to the login that allow the user
>>>> to select the company that they are with. By adding a "site" column
>>>> to the users table I would be able to partition the users so that
>>>> they would be authenticated only against the id that has a "site"
>>>> that matches theirs.
>>>>
>>>> Does this require creating a custom membership provider? I have
>>>> written my own authentication routines in the past and can do so for
>>>> this projects but I would really like to leverage the existing
>>>> membership/role capablility of ASP2. I'm not sure that I have the
>>>> skills needed to write a custom membership provider. I just want to
>>>> make sure that I wasn't missing anything.
>>>>
>>>> Thanks
>>>> Dave
>
>
- Previous message: Dominick Baier [DevelopMentor]: "Re: Add extra parameter to Login/Membership - ASP 2.0"
- In reply to: Dominick Baier [DevelopMentor]: "Re: Add extra parameter to Login/Membership - ASP 2.0"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Add extra parameter to Login/Membership - ASP 2.0"
- Reply: Dominick Baier [DevelopMentor]: "Re: Add extra parameter to Login/Membership - ASP 2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
