Customize simple membership provider to allow creating of users with the same usernames for different companies in C# .net MVC 4 application

StackOverflow https://stackoverflow.com/questions/20100889

Question

I have MVC 4 web application and i'm currently using simple membership with three users and 2 roles. My users table looks like this :

[Table("UserProfile")]
public partial class UserProfile
{
    [Key]
    [DatabaseGeneratedAttribute(DatabaseGeneratedOption.Identity)]
    public int UserId { get; set; }
    public string UserName { get; set; }
    public int  CompanyId { get; set; }
}

I need to implement a membership that can create users with the same username for different companies, but the websecurity.CreateUserAndAccount method does't allow duplicating usernames. For now i've implemented my own ValidateUsers method that looks like this:

public class ExtendedSimpleMembershipProvider
{
    private static IMyProjectRepository myProjectRepository = new MyProjectRepository(new MyProjectEntities());

    public static bool ValidateUser(string username, string password, string companyName)
    {
        int companyId = myProjectRepository.GetCompanyIdByName(companyName);

        int? userId = companyId == 0 ? null : GetUserId(username, companyId);

        if (userId.HasValue && userId.Value != 0)
            return WebSecurity.Login(username, password);
        else
            return false;
    }    

    private static int? GetUserId(string username, int companyId)
    {
        var userId = (from users
                      in myProjectRepository.GetUserProfiles()
                      where (users.UserName.ToLower() == username.ToLower()) && (users.CompanyId == companyId)
                      select users.UserId).FirstOrDefault();
        return userId;
    }
}

This validate users works fine. Can i extend the WebSecurity.CreateUsersAndAccount to create users with the same usernames for the different companies, without implementing my own membership or only with extending simple membership this would be impossible. I was thinking about something like : Create user only in the userProfile in the database and then add user in the membership table with the already created userId from the userProfile table. This should work, because in the UserProfile table only the UserId is unique and a key.

public override static string CreateUserAndAccount(string userName, string password,   object propertyValues = null, bool requireConfirmationToken = false)
{
     if(string != null && password && null && propertyValues.CompanyId != null)
     {
          UserProfile user = new UserProfile();
          user.Name = userName;
          user.CompanyId = propertyValues.CompanyId;
          context.UserProfile.Add(user);
          context.SaveChanges();
     }

     // here create new record in the membership table
}

Is this the way to do that ? Or i should take different approach.

Was it helpful?

Solution

The way we've done this on my project is to append a "domain" postfix to the username, based on the client. So you could have a "batman@wayne-enterprises.com" or "batman@whitehouse.gov" in the database. That way we can pretty much use the standard membership provider and just append the postfix before trying to authenticate the user.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top