3

I am working on a project to break-up a large web site into smaller, more specific sites. I need to be able to restrict access to these sites to only users that have the necessary permissions, and would like to make use of the existing membership/roles data model wherever possible.

So ideally, I would like to assign potentially multiple applications (as defined in the aspnet_applications table) and application specific roles (aspnet_roles) to a single user. However, the aspnet membership model does not seem to allow this, as the aspnet_users and aspnet_membership records hold a specific applicationID.

How would it be possible to assign a single user to multiple applications/roles?

TheBoyan
  • 6,802
  • 3
  • 45
  • 61
Marcus Guinane
  • 139
  • 5
  • 12

3 Answers3

2

I have used the my sql membership provider and I don't think it is too different to the sql provider, in terms of design.

In order to relate the same user to different roles there should be a table called asp_net_usersinroles. In that table you can insert the same userID with different roleID, so that it will allow users to have multiple roles.

Likewise, you'd need to create the UI to allow admin users to assign different roles. In my case I used a ListBox to display the existing roles in the application, which allows the multiple selection.

Hope this helps.

aleafonso
  • 2,244
  • 8
  • 38
  • 58
2

If you don't want your data to be linked to one application perhaps in addition to the standard SqlMembership provider you could consider using a custom management/role provider.

It has much more greater flexibility of data source usage, like , you could use your own tables in the database to store members/roles information and use those tables across multiple applications etc.

You can even go further, for example you can implement the custom membership and role providers and create a separate module(assembly) and then reuse that module across your multiple applications.

TheBoyan
  • 6,802
  • 3
  • 45
  • 61
  • As far as I understand, the sql membership provider allows using several applications. Actually, there is a table called "aspnet_applications", which stores the id, name and description of the application to which the rest of the schema is linked. – aleafonso Jan 05 '12 at 09:49
  • 1
    @aleafonso - sure, you're right, I just wanted to shade some light by providing another alternative to your answer. +1 for your answer though. – TheBoyan Jan 05 '12 at 09:57
  • @BojanSkrchevski - thanks, custom providers may be what we need, had a read through your blog posts, very useful. – Marcus Guinane Jan 05 '12 at 14:22
0

You can set the ApplicationName that the membership checks against in code.

I have a administration application that controls everything for a series of other apps. I wanted users from that application to be able to log in to all the other apps, so if the login fails for a user in the default application, I then check for the "Administration" application. This is what I have for the login part. Note the line "Membership.ApplicationName = "Administration";"

if (Membership.ValidateUser(model.UserName, model.Password))
{
    FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
    if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
        && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
    {
        return Redirect(returnUrl);
    }
    else
    {
        return RedirectToAction("Index", "Home");
    }
}
else
{
    Membership.ApplicationName = "Administration";
    if (Membership.ValidateUser(model.UserName, model.Password))
    {
        FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
        if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && retu    rnUrl.StartsWith("/")
            && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
        {
            return Redirect(returnUrl);
        }
        else
        {
            return RedirectToAction("Index", "Home");
        }
    }
    else
    {
        ModelState.AddModelError("", "The user name or password provided is incorrect.");
    }
}
user1431422
  • 1,059
  • 1
  • 7
  • 2