ASP.NET Membership/Roles - how to link user to multiple applications/roles?
https://stackoverflow.com/questions/8740171
-
14-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am working on a project to break-up a large web site into smaller, more specific sites. I need to be able to restrict access to these sites to only users that have the necessary permissions, and would like to make use of the existing membership/roles data model wherever possible.
So ideally, I would like to assign potentially multiple applications (as defined in the aspnet_applications table) and application specific roles (aspnet_roles) to a single user. However, the aspnet membership model does not seem to allow this, as the aspnet_users and aspnet_membership records hold a specific applicationID.
How would it be possible to assign a single user to multiple applications/roles?
Solution
If you don't want your data to be linked to one application perhaps in addition to the standard SqlMembership provider you could consider using a custom management/role provider.
It has much more greater flexibility of data source usage, like , you could use your own tables in the database to store members/roles information and use those tables across multiple applications etc.
You can even go further, for example you can implement the custom membership and role providers and create a separate module(assembly) and then reuse that module across your multiple applications.
OTHER TIPS
I have used the my sql membership provider and I don't think it is too different to the sql provider, in terms of design.
In order to relate the same user to different roles there should be a table called asp_net_usersinroles. In that table you can insert the same userID with different roleID, so that it will allow users to have multiple roles.
Likewise, you'd need to create the UI to allow admin users to assign different roles. In my case I used a ListBox to display the existing roles in the application, which allows the multiple selection.
Hope this helps.
You can set the ApplicationName that the membership checks against in code.
I have a administration application that controls everything for a series of other apps. I wanted users from that application to be able to log in to all the other apps, so if the login fails for a user in the default application, I then check for the "Administration" application. This is what I have for the login part. Note the line "Membership.ApplicationName = "Administration";"
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
Membership.ApplicationName = "Administration";
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && retu rnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
