0

I have created vNext empty project.

Added some API and views.

I also disabled registration, by removing [AllowsAnonymous] from Register methods, because I don't want public registration.

But what I want, is to allow private registration.

I will definitely need a "superadmin" user.

Then I see different ways:

  1. Invite system: site.com/register?invite-token, which expires after registration or X hours. Superadmin will be able to create this tokens.

  2. Everyone can register, but only approved (by superadmin) users can really login.

  3. Superadmin creates users manually.

And finally the questions:

  • How to create a "superadmin" user securely? (I'm publishing to azure)

    I found an example, how to do it: github, but storing opentext pass in code looks bad.

  • Which of the ways is the best or most? Are there well-known packages for such tasks?
  • Any of this ways impies, there is an admin-only-interface. How to secure it correctly?
  • How to scale for the case: "superadmin" > "admin" > "user" ?
M4N
  • 94,805
  • 45
  • 217
  • 260
Rustem Mustafin
  • 957
  • 1
  • 11
  • 23
  • 2
    Are you really using vNext? – trailmax Sep 10 '14 at 11:31
  • @trailmax Yes. There is no more web.config, no difference between `Controller` and `ApiController`, `k`, `kvm`, `kpm` et.c. – Rustem Mustafin Sep 10 '14 at 11:49
  • 1
    you can refer to Musicstore for creating the superadmin https://github.com/aspnet/MusicStore/blob/master/src/MusicStore/Models/SampleData.cs – Suhas Joshi Feb 10 '15 at 01:36
  • Suhas Joshi, has the right idea and this is really the only way you can do this. There's nothing inherently wrong with this because you "should" be changing the password of your super user account as soon as its been created, thus negating the fact that its hardcoded in your db initialization. – Marqueone Jun 01 '15 at 05:32

0 Answers0