Add extra parameter to Login/Membership - ASP 2.0

[David Sack]

I hope can explain this properly. I have a time keeping site that host
multiple companies data in a single database. I would like the logins to be
unique for each company but not across the entire site (i.e. I could have
two jsmith logins as long as they are with seperate companies).

I would like to add a drop down box to the login that allow the user to
select the company that they are with. By adding a "site" column to the
users table I would be able to partition the users so that they would be
authenticated only against the id that has a "site" that matches theirs.

Does this require creating a custom membership provider? I have written
my own authentication routines in the past and can do so for this projects
but I would really like to leverage the existing membership/role capablility
of ASP2. I'm not sure that I have the skills needed to write a custom
membership provider. I just want to make sure that I wasn't missing
anything.

Thanks
Dave

 

[Dominick Baier [DevelopMentor]]

Hello David,

can you "misuse" the ApplicationName for that??

otherwise i guess you need a custom provider.

 

[David Sack]

Thanks for the response. I think the Application name is set
automatically by settings in the web config? I would like to pass the value
from my login.aspx form to be used as part of the authentication process.
Kinda like saying to the server please check user "jsmith" with password
"xxxx" from Site (from drop down) "1".

Thanks again,

Dave

 

[Dominick Baier [DevelopMentor]]

Hello David,

smells like custom provider...

 

[David Sack]

Thats what I was afraid of. Do you know of any good "How to's" or
tutorials on the subject? Thanks again for the response. It is greatly
appreciated.

Thanks
Dave

 

[David Sack]

Something kind of clicked when I thought about this after the fact. As
far as I can tell the ApplicationID is set from the Web.Config file. If I
were to create application directories under my home directory that had a
different ApplicationID specified then create a login form on that directory
that would redirect on a successful login the the main menu page in the
parent web directory it would used the sub applications authentication to
allow access based upon the ApplicationID.

I have tested it quickly and it seems to work. I don't know how it will
affect overall security or the use of roles? I would also have the create a
sub-application login directory for each unique site that would be accessing
the site. That could turn into a pain.

Let me know what you think?

Thanks again,
Dave

 

[Dominick Baier [DevelopMentor]]

Hello David,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/ASPNETProvMod_Intro.asp
this is a good starting point
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Thats what I was afraid of. Do you know of any good "How to's" or
tutorials on the subject? Thanks again for the response. It is
greatly appreciated.

Thanks
Dave

Hello David,

smells like custom provider...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Thanks for the response. I think the Application name is set
automatically by settings in the web config? I would like to pass
the value from my login.aspx form to be used as part of the
authentication process. Kinda like saying to the server please check
user "jsmith" with password "xxxx" from Site (from drop down) "1".

Thanks again,

Dave

"Dominick Baier [DevelopMentor]"

Hello David,

can you "misuse" the ApplicationName for that??

otherwise i guess you need a custom provider.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I hope can explain this properly. I have a time keeping site that
host multiple companies data in a single database. I would like
the logins to be unique for each company but not across the entire
site (i.e. I could have two jsmith logins as long as they are with
seperate companies).

I would like to add a drop down box to the login that allow the
user to select the company that they are with. By adding a "site"
column to the users table I would be able to partition the users
so that they would be authenticated only against the id that has a
"site" that matches theirs.

Does this require creating a custom membership provider? I have
written my own authentication routines in the past and can do so
for this projects but I would really like to leverage the existing
membership/role capablility of ASP2. I'm not sure that I have the
skills needed to write a custom membership provider. I just want
to make sure that I wasn't missing anything.

Thanks
Dav

 

[Dominick Baier [DevelopMentor]]

Hello David,

this is fine for Membership - but the role provider, or more specifically
the RoleManagerModule is called on every request in your local application.
It subscribes to PostAuthenticateRequest in the HTTP pipeline to get the
roles for the user and sets Context.User. This will pick up the ApplicationID
of your local application.

so i think this will not work...

To be honest, i think a provider will not work at all for you ...

Let's say you have written your own provider witch a new ValidateUser method
that takes an additional application name as parameter - how do you want
to teach the login control the trick (without templating and basically rebuilding
it) ??

Well - you could subclass the SqlMembershipProvider and add a ApplicationName
property that you set on Application_Start e.g. - not a perfect solution
- but again this means you have to override ValidateUser and quite a number
of other methods.

On the other hand - if you don't use the new security controls - why would
you go through the hassle of building a provider - most probably you'll only
need 60% of the functionality.

So why not simply go for your own compact authentication library that does
exactly what you want - deploy it in the GAC and use it from all your apps??

providers are no panacea (unfortunately).

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Something kind of clicked when I thought about this after the fact.
As far as I can tell the ApplicationID is set from the Web.Config
file. If I were to create application directories under my home
directory that had a different ApplicationID specified then create a
login form on that directory that would redirect on a successful login
the the main menu page in the parent web directory it would used the
sub applications authentication to allow access based upon the
ApplicationID.

I have tested it quickly and it seems to work. I don't know how it
will affect overall security or the use of roles? I would also have
the create a sub-application login directory for each unique site that
would be accessing the site. That could turn into a pain.

Let me know what you think?

Thanks again,
Dave
"Dominick Baier [DevelopMentor]"
<[email protected]>
wrote in message

Hello David,

can you "misuse" the ApplicationName for that??

otherwise i guess you need a custom provider.

 

[David Sack]

Hadn't thought about the re-writing of the controls beyond the Login
control. I think that you are correct, It will be more work adjusting the
existing membership provider and others then just creating what I need
specifically for this application. Thanks so much for the input it was of
great value. BTW. I had a chance to take a look at your web site, great
stuff.

Thanks
Dave

Hello David,

this is fine for Membership - but the role provider, or more specifically
the RoleManagerModule is called on every request in your local
application. It subscribes to PostAuthenticateRequest in the HTTP pipeline
to get the roles for the user and sets Context.User. This will pick up the
ApplicationID of your local application.

so i think this will not work...

To be honest, i think a provider will not work at all for you ...

Let's say you have written your own provider witch a new ValidateUser
method that takes an additional application name as parameter - how do you
want to teach the login control the trick (without templating and
basically rebuilding it) ??

Well - you could subclass the SqlMembershipProvider and add a
ApplicationName property that you set on Application_Start e.g. - not a
perfect solution - but again this means you have to override ValidateUser
and quite a number of other methods.

On the other hand - if you don't use the new security controls - why would
you go through the hassle of building a provider - most probably you'll
only need 60% of the functionality.

So why not simply go for your own compact authentication library that does
exactly what you want - deploy it in the GAC and use it from all your
apps??

providers are no panacea (unfortunately).

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Something kind of clicked when I thought about this after the fact.
As far as I can tell the ApplicationID is set from the Web.Config
file. If I were to create application directories under my home
directory that had a different ApplicationID specified then create a
login form on that directory that would redirect on a successful login
the the main menu page in the parent web directory it would used the
sub applications authentication to allow access based upon the
ApplicationID.

I have tested it quickly and it seems to work. I don't know how it
will affect overall security or the use of roles? I would also have
the create a sub-application login directory for each unique site that
would be accessing the site. That could turn into a pain.

Let me know what you think?

Thanks again,
Dave
"Dominick Baier [DevelopMentor]"
<[email protected]>
wrote in message

Hello David,

can you "misuse" the ApplicationName for that??

otherwise i guess you need a custom provider.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I hope can explain this properly. I have a time keeping site that
host multiple companies data in a single database. I would like the
logins to be unique for each company but not across the entire site
(i.e. I could have two jsmith logins as long as they are with
seperate companies).

I would like to add a drop down box to the login that allow the user
to select the company that they are with. By adding a "site" column
to the users table I would be able to partition the users so that
they would be authenticated only against the id that has a "site"
that matches theirs.

Does this require creating a custom membership provider? I have
written my own authentication routines in the past and can do so for
this projects but I would really like to leverage the existing
membership/role capablility of ASP2. I'm not sure that I have the
skills needed to write a custom membership provider. I just want to
make sure that I wasn't missing anything.

Thanks
Dave

 

[Dominick Baier [DevelopMentor]]

Hello David,

in fact, it is easier than i thought -

you can subclass the providers and just override the ApplicationName property
- in the getter you can dynamically fetch the ApplicationName as all of the
provider methods use the property only.

you could e.g. set Context.Items["appname"] to your app/client name before
calling the ValidateUser method (via the login control) - and read it in
the getter again

there may be some testing involved to get that right for the RoleManager..but
i think this will work.

Again - if it makes more sense to tweak the providers vs. building your own
stuff - you decide.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hadn't thought about the re-writing of the controls beyond the Login
control. I think that you are correct, It will be more work
adjusting the existing membership provider and others then just
creating what I need specifically for this application. Thanks so
much for the input it was of great value. BTW. I had a chance to
take a look at your web site, great stuff.

Thanks
Dave

Hello David,

this is fine for Membership - but the role provider, or more
specifically the RoleManagerModule is called on every request in your
local application. It subscribes to PostAuthenticateRequest in the
HTTP pipeline to get the roles for the user and sets Context.User.
This will pick up the ApplicationID of your local application.

so i think this will not work...

To be honest, i think a provider will not work at all for you ...

Let's say you have written your own provider witch a new ValidateUser
method that takes an additional application name as parameter - how
do you want to teach the login control the trick (without templating
and basically rebuilding it) ??

Well - you could subclass the SqlMembershipProvider and add a
ApplicationName property that you set on Application_Start e.g. - not
a perfect solution - but again this means you have to override
ValidateUser and quite a number of other methods.

On the other hand - if you don't use the new security controls - why
would you go through the hassle of building a provider - most
probably you'll only need 60% of the functionality.

So why not simply go for your own compact authentication library that
does exactly what you want - deploy it in the GAC and use it from all
your apps??

providers are no panacea (unfortunately).

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Something kind of clicked when I thought about this after the fact.
As far as I can tell the ApplicationID is set from the Web.Config
file. If I were to create application directories under my home
directory that had a different ApplicationID specified then create a
login form on that directory that would redirect on a successful
login
the the main menu page in the parent web directory it would used the
sub applications authentication to allow access based upon the
ApplicationID.
I have tested it quickly and it seems to work. I don't know how it
will affect overall security or the use of roles? I would also have
the create a sub-application login directory for each unique site
that would be accessing the site. That could turn into a pain.

Let me know what you think?

Thanks again,
Dave
"Dominick Baier [DevelopMentor]"
<[email protected]>
wrote in message
Hello David,

can you "misuse" the ApplicationName for that??

otherwise i guess you need a custom provider.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I hope can explain this properly. I have a time keeping site that
host multiple companies data in a single database. I would like
the logins to be unique for each company but not across the entire
site (i.e. I could have two jsmith logins as long as they are with
seperate companies).

I would like to add a drop down box to the login that allow the
user to select the company that they are with. By adding a "site"
column to the users table I would be able to partition the users
so that they would be authenticated only against the id that has a
"site" that matches theirs.

Does this require creating a custom membership provider? I have
written my own authentication routines in the past and can do so
for this projects but I would really like to leverage the existing
membership/role capablility of ASP2. I'm not sure that I have the
skills needed to write a custom membership provider. I just want
to make sure that I wasn't missing anything.

Thanks
Dave