2

I have an asp.net application that uses the SQL membership provider. I know how to get multiple applications using the same membership provider so a user can go to multiple sites and login using the same credentials. However the requirement on my current project is that each user is given access only to certain applications. For example, the user is given credentials to access Site 1, then at some point in the future, the user needs access to Site 2 and a manager/admin has to allow the user to access Site 2. Or when the manager creates the user's account initially, he/she approves access to the 3 sites (or whatever) the user needs to access.

So my question is what is the best way to use 1 membership provider for many applications, but only allows users to access applications they're approved for (so a manager can manage access to applications, but give users 1 username and password)? I've thought about using roles, but I already use roles in the application for allowing access to certain features in the application. It seems like that would get messy.

I've read about 50 similar questions on SO but none of them addressed the application approval requirement. Thanks in advance.

user714241
  • 380
  • 1
  • 7

1 Answers1

0

The easiest straight forward method here is to use roles.

If you add more roles (one for each app) for this purpose it is no big deal. You have a basic role for each app that must be available and check this on Application_AuthenticateRequest or Application_AuthorizeRequest . There are other ways to do it, but this is the least impact, easiest to code (nothing required but a role check), and easy to follow.

Adam Tuliper
  • 29,982
  • 4
  • 53
  • 71
  • I figured that was the case, just wanted to make sure there wasn't some specific feature that was designed for this. Is there any way to create "sub roles" of a role? The issue being that the logical roles for each app could vary. So there would be an "APP1" role to give the user access to App 1, then "SALES" and "OPERATIONS" roles under it? Or am I stuck doing something like "APP1", "APP1_SALES" AND "APP1_OPERATIONS" roles? Thanks. – user714241 Jun 18 '11 at 06:16
  • Without doing your own custom work, you are stuck with the naming convention above - sorry!! – Adam Tuliper Jun 18 '11 at 06:22