Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Using two membership providers

Reply
Thread Tools

Using two membership providers

 
 
Daniel
Guest
Posts: n/a
 
      10-06-2006
Hello,

imagine an application that has two membership providers installed. The
first provider is used for public user to access some restricted
functions, e.g. a forum, his mailbox, or others.

The second provider is used for administrative purposes. Obviosly only
select users have such an account.

Almost every user (for sake of simplicity let's say every) has an
account with the first membership provider. Some select users with the
second as well. Now to the problem I have - which is not setting up
those providers.

First, I want to limit access to some folders (administrative part of
the site) to users that are logged in over the second provider, only.
At that point I do not care whether they are logged into the first
provider. How can I set up this scenario in the web.config?

Second, I want to know in the public part whether the user is logged
into the public account (first provider) and at the same time is logged
into a administrative account (second provider).

How can I achieve those two goals?

Thanks in advance,
Daniel

 
Reply With Quote
 
 
 
 
Cowboy \(Gregory A. Beamer\)
Guest
Posts: n/a
 
      10-07-2006
Why two providers? Why not multiple roles? Attach users to the roles and you
can easily check if the user is in a certain role. Using the web.sitemap and
web.config you can restrict pages and menus without any additional work.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Daniel" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> Hello,
>
> imagine an application that has two membership providers installed. The
> first provider is used for public user to access some restricted
> functions, e.g. a forum, his mailbox, or others.
>
> The second provider is used for administrative purposes. Obviosly only
> select users have such an account.
>
> Almost every user (for sake of simplicity let's say every) has an
> account with the first membership provider. Some select users with the
> second as well. Now to the problem I have - which is not setting up
> those providers.
>
> First, I want to limit access to some folders (administrative part of
> the site) to users that are logged in over the second provider, only.
> At that point I do not care whether they are logged into the first
> provider. How can I set up this scenario in the web.config?
>
> Second, I want to know in the public part whether the user is logged
> into the public account (first provider) and at the same time is logged
> into a administrative account (second provider).
>
> How can I achieve those two goals?
>
> Thanks in advance,
> Daniel
>



 
Reply With Quote
 
 
 
 
Daniel
Guest
Posts: n/a
 
      10-07-2006
Pretty simple because we use AD-authorization in some cases for the
administrative part and the same username sometimes is already taken by
a community member. So just using roles is *NOT* the solution. For the
community users we do not us AD-authentication obviosly.

Now before some of you flame, it is a multi-tiered environment. The
administrative part will be done on a server behind a firewall which is
called staging server. The community will only visit the so-called live
server. Both are the same architecture and the administrative users can
use the staging server in the same way visitors use the live server
(for testing purposes). So we need two different membership providers.

Any answer to my question now?

Cowboy (Gregory A. Beamer) wrote:
> Why two providers? Why not multiple roles? Attach users to the roles and you
> can easily check if the user is in a certain role. Using the web.sitemap and
> web.config you can restrict pages and menus without any additional work.
>
> --
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
> http://gregorybeamer.spaces.live.com
>
> *************************************************
> Think outside of the box!
> *************************************************
> "Daniel" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ps.com...
> > Hello,
> >
> > imagine an application that has two membership providers installed. The
> > first provider is used for public user to access some restricted
> > functions, e.g. a forum, his mailbox, or others.
> >
> > The second provider is used for administrative purposes. Obviosly only
> > select users have such an account.
> >
> > Almost every user (for sake of simplicity let's say every) has an
> > account with the first membership provider. Some select users with the
> > second as well. Now to the problem I have - which is not setting up
> > those providers.
> >
> > First, I want to limit access to some folders (administrative part of
> > the site) to users that are logged in over the second provider, only.
> > At that point I do not care whether they are logged into the first
> > provider. How can I set up this scenario in the web.config?
> >
> > Second, I want to know in the public part whether the user is logged
> > into the public account (first provider) and at the same time is logged
> > into a administrative account (second provider).
> >
> > How can I achieve those two goals?
> >
> > Thanks in advance,
> > Daniel
> >


 
Reply With Quote
 
Daniel
Guest
Posts: n/a
 
      10-07-2006
Thanks for your answer, but it did not aim at my questions.

Gaurav Vaish (www.EdujiniOnline.com) wrote:
> > Pretty simple because we use AD-authorization in some cases for the
> > administrative part and the same username sometimes is already taken by
> > a community member. So just using roles is *NOT* the solution. For the
> > community users we do not us AD-authentication obviosly.

>
> Have a templated Login control with an added DropDownList with the entries
> pointing to the type of server (AD, CommunityServer etc).
>
> Just before authentication, select the appropriate provider...
>
> loginControl.MembershipProvider = "Provider_Name_Based_On_DDL_Selection"
>
>
>
> --
> Happy Hacking,
> Gaurav Vaish | www.mastergaurav.com
> www.edujinionline.com
> http://articles.edujinionline.com/webservices
> -----------------------------------------


 
Reply With Quote
 
Cowboy \(Gregory A. Beamer\)
Guest
Posts: n/a
 
      10-08-2006
I see where you are going, but you are not truly using the same application
100%. There is nothing inherently wrong with this, of course.

What I would consider is abstracting out the provider so each app makes the
same call, but the application is configured to either hit AD or the
database. In this way, the majority of your application logic would be
identical; the only disparate part would be the actual call for
authentication.

To restrict certain sections, you can still use a role based system, with
the admin role only available on the internal site. This could also be a
configuration point for the application (ie, you can add a key that says
"this site never has this type of super user" and add saftery in your code).
The role based bits make it easy to restrict access to particular pages.

In the case of the external application, none of the users can ever hit the
bits that allow full admin. If they try, they keep getting kick back to
login. Not pretty, but you are not going to tell them those bits are there.

You could also, potentially, segregate out the super user functionality into
a "subweb" type of site that only exists on the internal servers. This would
add an additional layer of security.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Daniel" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Pretty simple because we use AD-authorization in some cases for the
> administrative part and the same username sometimes is already taken by
> a community member. So just using roles is *NOT* the solution. For the
> community users we do not us AD-authentication obviosly.
>
> Now before some of you flame, it is a multi-tiered environment. The
> administrative part will be done on a server behind a firewall which is
> called staging server. The community will only visit the so-called live
> server. Both are the same architecture and the administrative users can
> use the staging server in the same way visitors use the live server
> (for testing purposes). So we need two different membership providers.
>
> Any answer to my question now?
>
> Cowboy (Gregory A. Beamer) wrote:
>> Why two providers? Why not multiple roles? Attach users to the roles and
>> you
>> can easily check if the user is in a certain role. Using the web.sitemap
>> and
>> web.config you can restrict pages and menus without any additional work.
>>
>> --
>> Gregory A. Beamer
>> MVP; MCP: +I, SE, SD, DBA
>> http://gregorybeamer.spaces.live.com
>>
>> *************************************************
>> Think outside of the box!
>> *************************************************
>> "Daniel" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) ps.com...
>> > Hello,
>> >
>> > imagine an application that has two membership providers installed. The
>> > first provider is used for public user to access some restricted
>> > functions, e.g. a forum, his mailbox, or others.
>> >
>> > The second provider is used for administrative purposes. Obviosly only
>> > select users have such an account.
>> >
>> > Almost every user (for sake of simplicity let's say every) has an
>> > account with the first membership provider. Some select users with the
>> > second as well. Now to the problem I have - which is not setting up
>> > those providers.
>> >
>> > First, I want to limit access to some folders (administrative part of
>> > the site) to users that are logged in over the second provider, only.
>> > At that point I do not care whether they are logged into the first
>> > provider. How can I set up this scenario in the web.config?
>> >
>> > Second, I want to know in the public part whether the user is logged
>> > into the public account (first provider) and at the same time is logged
>> > into a administrative account (second provider).
>> >
>> > How can I achieve those two goals?
>> >
>> > Thanks in advance,
>> > Daniel
>> >

>



 
Reply With Quote
 
Daniel
Guest
Posts: n/a
 
      10-09-2006
Sorry for the delayed reply.

I think this is getting close to what I need and I would be sincerely
thankful if you could show me a sample of how to accomplish this. In
the end I probably would be getting it to work in a general way

Thanks in advance and I'll be checking here regularly, for sure,
Daniel

On Oct 8, 1:15 am, "Gaurav Vaish \(www.EdujiniOnline.com\)"
<(E-Mail Removed)> wrote:
> > Thanks for your answer, but it did not aim at my questions.Basically, what you are looking at is:

>
> 1. Single Sign-On
> 2. Custom provider that will in turn work with other-multiple-providers...
>
> There are three ways to accomplish this:
>
> a. Short cut: Add an event handler to the event Authenticate and do the
> authentication
>
> b. Longer way: Sub-class Login and override OnAuthenticate. This method does
> the authentication part if there's no handler to the event Authenticate.
>
> c. Create a custom membership provider that will in turn talk to other
> providers and do the ValidateUser.
>
> Personally, I would prefer 'c' with, may be, a custom section for 'my
> membership provider'.
>
> Well, suddenly in idea for implementation came to my mind... probably, you
> can revisit this thread after about a week. I should be posting up a
> solution for Single-Sign-On using multiple providers!
>
> --
> Happy Hacking,
> Gaurav Vaish |http://www.mastergaurav.comwww.eduji...jinionline.com
> -----------------------------------------


 
Reply With Quote
 
Registered User
Guest
Posts: n/a
 
      10-09-2006
On 6 Oct 2006 12:50:56 -0700, "Daniel" <(E-Mail Removed)> wrote:

>Hello,
>
>imagine an application that has two membership providers installed. The
>first provider is used for public user to access some restricted
>functions, e.g. a forum, his mailbox, or others.
>
>The second provider is used for administrative purposes. Obviosly only
>select users have such an account.
>

I've designed something similar.
>Almost every user (for sake of simplicity let's say every) has an
>account with the first membership provider. Some select users with the
>second as well. Now to the problem I have - which is not setting up
>those providers.
>
>First, I want to limit access to some folders (administrative part of
>the site) to users that are logged in over the second provider, only.
>At that point I do not care whether they are logged into the first
>provider. How can I set up this scenario in the web.config?
>

Each folder can have its own web.config file but...
>Second, I want to know in the public part whether the user is logged
>into the public account (first provider) and at the same time is logged
>into a administrative account (second provider).
>

A derived MembershipUser type could 'know' this but...
>How can I achieve those two goals?
>

Consider basing access upon Role instead of Membership. Each folder's
web.config file can define each folder's Role-based security.

regards
A.G.
 
Reply With Quote
 
Daniel
Guest
Posts: n/a
 
      10-11-2006
> Consider basing access upon Role instead of Membership. Each folder's
> web.config file can define each folder's Role-based security.
>

As outlined above that is not an aproach we can take. We looked into it
and it just will not work.

Regards,
Daniel

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
using membership providers for a web application Andy Fish ASP .Net 3 12-06-2007 03:24 PM
Using a Custom Principal with Membership and Role Providers David C ASP .Net Security 1 04-04-2006 12:02 PM
Using Custom Membership/Role Providers? Bill ASP .Net Security 3 12-17-2005 05:32 PM
Configuring two T1 lines in cisco 2600 (Total 4 Mbps) from two diffferent providers Kothanns Cisco 4 11-07-2005 02:49 PM
ASP.NET 2.0 security with two membership providers Roar Nestegard ASP .Net Security 0 02-21-2005 08:36 PM



Advertisments