ASP.NET 2.0 Multiple Membership Providers for Authentication

Discussion in 'ASP .Net Security' started by Daniel, Dec 27, 2005.

  1. Daniel

    Daniel Guest


    we are planing two use - if possible - two Membership Providers at the
    same time for authentication within the same application.

    Short background

    Imagine a community page, such as a forum. It comes with its very own
    membership provider given to us by our customer. We cannot change that
    one. We just have to live with it. Their users are authenticated by
    this provider and then allowed to use forums, eCards, etc.

    Now, they want us to add a backend to their site. For that we need
    another membership provider which will determine whether the user has
    the rights needed to administer/change/add/delete certain pages/content
    areas. As both - totally different user roles - need to work on the
    same pages, we need a solution to implement two different
    authentication schemes in the same application at the same time.

    Is there a way to accomplish that and where would we start?

    Thanks in advance,
    Daniel, Dec 27, 2005
    1. Advertisements

  2. Daniel

    Brock Allen Guest

    You could always write your own provider and delegate to the right one, as
    Brock Allen, Dec 27, 2005
    1. Advertisements

  3. Daniel

    Daniel Guest

    thanks, however this is not quite the way we would like to go, as the
    backend should be reusable with different front end. It wouldn't make
    things easier to maintain a multitude of different interface adapters
    for different customer solutions.

    Thanks though,
    Daniel, Dec 28, 2005
  4. Daniel

    Brock Allen Guest

    Well, the provider infrastructure was designed to only work with one at a
    time. If you need something else, then you're going to have to write code
    to do that. You could build a custom provider that accepted configuration
    information such that it dynamically delegated to other providers (as opposed
    to hard coding which ones to use).
    Brock Allen, Dec 28, 2005
  5. Daniel

    MikeS Guest

    Hi Brock,

    Daniel is mentioning Membership (authentication) and Roles
    (authorization). Two different animals as far as I now. Whatever.

    So for a custom Auth Store Provider, we can pass in the providers
    collection to the custom provider, so it has all of them at it's
    fingertips to use, at application start from global, right?.

    What could we then branch on in the custom provider to determine which
    provider to pull out of the providers collection to use? If I had the
    request in hand I could look at the resource being asked for and branch
    on that I guess but I am not sure where is the right/safe place to grab

    Simply what I'd like to be able to do is use different auth store
    providers for different sub directories so I can break up my AzMan
    store into more managable seperate applications.

    What I want is different then Daniel but with a custom provider like I
    described, I think he could loop through the providers collection and
    pull of all roles found for a user, concatenate them into a string
    array and retrun them all.
    MikeS, Dec 29, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.