Using two membership providers

D

Daniel

Hello,

imagine an application that has two membership providers installed. The
first provider is used for public user to access some restricted
functions, e.g. a forum, his mailbox, or others.

The second provider is used for administrative purposes. Obviosly only
select users have such an account.

Almost every user (for sake of simplicity let's say every) has an
account with the first membership provider. Some select users with the
second as well. Now to the problem I have - which is not setting up
those providers.

First, I want to limit access to some folders (administrative part of
the site) to users that are logged in over the second provider, only.
At that point I do not care whether they are logged into the first
provider. How can I set up this scenario in the web.config?

Second, I want to know in the public part whether the user is logged
into the public account (first provider) and at the same time is logged
into a administrative account (second provider).

How can I achieve those two goals?

Thanks in advance,
Daniel
 
C

Cowboy \(Gregory A. Beamer\)

Why two providers? Why not multiple roles? Attach users to the roles and you
can easily check if the user is in a certain role. Using the web.sitemap and
web.config you can restrict pages and menus without any additional work.
 
D

Daniel

Pretty simple because we use AD-authorization in some cases for the
administrative part and the same username sometimes is already taken by
a community member. So just using roles is *NOT* the solution. For the
community users we do not us AD-authentication obviosly.

Now before some of you flame, it is a multi-tiered environment. The
administrative part will be done on a server behind a firewall which is
called staging server. The community will only visit the so-called live
server. Both are the same architecture and the administrative users can
use the staging server in the same way visitors use the live server
(for testing purposes). So we need two different membership providers.

Any answer to my question now?
 
C

Cowboy \(Gregory A. Beamer\)

I see where you are going, but you are not truly using the same application
100%. There is nothing inherently wrong with this, of course.

What I would consider is abstracting out the provider so each app makes the
same call, but the application is configured to either hit AD or the
database. In this way, the majority of your application logic would be
identical; the only disparate part would be the actual call for
authentication.

To restrict certain sections, you can still use a role based system, with
the admin role only available on the internal site. This could also be a
configuration point for the application (ie, you can add a key that says
"this site never has this type of super user" and add saftery in your code).
The role based bits make it easy to restrict access to particular pages.

In the case of the external application, none of the users can ever hit the
bits that allow full admin. If they try, they keep getting kick back to
login. Not pretty, but you are not going to tell them those bits are there.

You could also, potentially, segregate out the super user functionality into
a "subweb" type of site that only exists on the internal servers. This would
add an additional layer of security.
 
D

Daniel

Sorry for the delayed reply.

I think this is getting close to what I need and I would be sincerely
thankful if you could show me a sample of how to accomplish this. In
the end I probably would be getting it to work in a general way :)

Thanks in advance and I'll be checking here regularly, for sure,
Daniel
 
R

Registered User

Hello,

imagine an application that has two membership providers installed. The
first provider is used for public user to access some restricted
functions, e.g. a forum, his mailbox, or others.

The second provider is used for administrative purposes. Obviosly only
select users have such an account.
I've designed something similar.
Almost every user (for sake of simplicity let's say every) has an
account with the first membership provider. Some select users with the
second as well. Now to the problem I have - which is not setting up
those providers.

First, I want to limit access to some folders (administrative part of
the site) to users that are logged in over the second provider, only.
At that point I do not care whether they are logged into the first
provider. How can I set up this scenario in the web.config?
Each folder can have its own web.config file but...
Second, I want to know in the public part whether the user is logged
into the public account (first provider) and at the same time is logged
into a administrative account (second provider).
A derived MembershipUser type could 'know' this but...
How can I achieve those two goals?
Consider basing access upon Role instead of Membership. Each folder's
web.config file can define each folder's Role-based security.

regards
A.G.
 
D

Daniel

Consider basing access upon Role instead of Membership. Each folder's
web.config file can define each folder's Role-based security.
As outlined above that is not an aproach we can take. We looked into it
and it just will not work.

Regards,
Daniel
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top