.net - 2 Instances of SimpleMembership in MVC 4 Razor solutions -


i have solution client working on being built in .net mvc 4 razor contains following;

  1. public website client login area.
  2. private company webapp running company. not website service area.
  3. these seperate apps. company app run sub-domain.
  4. they both run off same sql db.

the issue. end seperate instances of simplemembership, 1 each app. end 2 sets of webpages_ tables created simplemembership roles etc. aware of cannot change names of these tables. can change user table name without issues can users , adminusers. have thought using old homegrown login model alternative. suggestions or articles on doing want?

you going have work around this, can't change default webpages_ prefix, or (afaik) database schema tables sit in.

the simple membership provider designed highly customisable, using out of box going save lot of work on rolling own provider. let's therefore assume better option find way use it. solution either:

  • two databases; or
  • if stuck single database use roles separate users.

the small disadvantage in using roles going have work little harder on userprofile class. typically put user attributes on class. if 2 sites use different user attributes have horizontally partition tables, using shared primary key associations.

in view going less work maintaining 2 separate sets of simple membership tables in separate databases, or in same database. it's not bad anyway, shared attributes "lastloginat" can go userprofile (and therefore can develop common library both sites) , site specific attributes "internalextensionnumber" can go partition table specific company users.

what's downside? if gets access user roles table, assign public user private site access. said, if gets access in user roles table, you're compromised , can't worse.

example:

if every user registers site 1 given role "publicuser" , every user registers site 2 given role "adminuser" wouldn't hard enforce mandatory role within given site, example decorate every controller requiring authorization in company app with:

[authorize(roles = "privateuser")] 

or enforce authorization across entire site site role. can use authorizeattribute , register attribute site filter, , use allowanonymousattribute allow access public methods:

// add global.asax.cs enforce authorization on controllers. public static void registerglobalfilters(globalfiltercollection filters)  {   filters.add(new handleerrorattribute());   //  add setting web.config specify site role,    //  , can use same value consistently when   //  registering users , assigning them role.   string siterole = system.configuration.configurationmanager.appsettings["siterole"];   filters.add(new system.web.mvc.authorizeattribute() { roles = siterole }); } 

if wanted go further extend authorize attribute creating own , using appropriate @ either site or controller level.


Comments

Popular posts from this blog

SPSS keyboard combination alters encoding -

Add new record to the table by click on the button in Microsoft Access -

CSS3 Transition to highlight new elements created in JQuery -