RE: Multiple Membership providers and AddUserToRole
- From: krs <krs@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Mar 2007 14:14:02 -0700
Hi Steven,
I have a question on the same subject if you dont mind?
W have an asp.net 2.0 application. The way we have written this web app is
that many companies can use the same software, differing by sub-domain. So if
we setup companyA.software.com they are company id 123, if we setup another
companyB.software.com they are company id 345. The application identifies the
sub-domain requested and set's the company id accordingly. This works well.
We also have used asp.net 2.0 membership in this application. We needed to
ensure that users are unique within each company, we did this by in
session_start setting the Membership.applicationName and
Roles.ApplicationName, similar to how we set the company id based on the url.
We 've found that this does not work and see from this thread that this is
due to a threading issue - we found that changing this resulted in other
users being 'kicked' out to the login screen. We are now trying to find a
solution to this problem...
We considered prefixing the usernames with the company id as they are added,
so for example '345~BobSmith' so that all users are unique to a company. This
seemed to work until we found that email addresses for users would not be
unique this way.
Your suggestion of having different providers in the web.config I dont think
will work in this scenario as we may have many different companies and we
would need to change the web.config on the fly, restarting the application
every time a new user signs up.
Do you have any other potential suggestions that we could consider for this
problem?
Many Thanks!
Kieran
"Steven Cheng[MSFT]" wrote:
Thanks for your reply MrGrundh,.
After your further description, I think you're right. A single role
provider with multiple membership user providers will not work here,
especially when you want to utilize the declarative role based
authorization in the web application.
When we use single RoleProvider, it always use the fixed applicationName
(configured in the provider configuration in web.config) and when we add
user into a role, it always assume the user is also in this applicationName
and will not add additional information to distince users in different
application.
So far I haven't found any perfect means on this. What we can get is as
below:
** if still use single provider to store roles for multiple application,
we'll not be able to handle duplicaetd usernames (in different application)
scenario.
** if use multiple role providers, there won't have user/role collision
issue, however, in such case, we will need to explicitly use the correct
role provider (according to applicationName) programmtically and lose the
declarative role based authroization feature (since ASP.NET role based
authorization only use the default role provider).
Actually this is also due to the limitation of the membership/role
provider, they're originally designed for manipulating users/roles in a
single application only and for your scenario, it is a bit beyond the
built-in ability.
Anyway, please feel free to let me know your consideration or if you have
any other questions on this.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
- Follow-Ups:
- Prev by Date: Re: Protecting .NET assemblies (runtime)
- Next by Date: Re: Protecting .NET assemblies (runtime)
- Previous by thread: opening restircted web sites
- Next by thread: Re: Multiple Membership providers and AddUserToRole
- Index(es):
Relevant Pages
|
|
