Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# MVC4
Hi,
 
I'm currently working on a MVC4 Website which uses the standard MembershipProvider to enable login's. The website has multiple view's which use the same MVC engine, this way we have 1 website that acts like 2 different websites, while the only thing that is different is the design and URL. This all works great using a custom MVC View-engine.
 
Now for my problem, when I create a account on whitelabel #1, I can also login on whitelabel #2 using the same credentials. This is because both websites use the same MVC Engine, so they use the same MembershipProvider / ApplicationID.
 
This is wrong.
 
Both websites should have their own MembershipProvider, so you cannot login using the same credentials.
 
Now I've already goolged a little on this subject and found a solution by not using the singleton MembershipProvider and instanciate it myself. But then I cannot use the smart MVC security solutions like using the [Authorize] tag on controllers.
 
Does anyone have a solution for this?
 
Willem
Posted 9-Jan-13 4:37am
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

If you need to use a different membership provider, then you will probably find that you'll need to setup two independent Web Applications in IIS. You should library any common code between the two applications and just reference that code from each application. This will not only solve your authentication issues, but will also simplify the maintenance and flexibility of each application.
  Permalink  
Comments
willempipi at 9-Jan-13 10:39am
   
Sorry, it will be crazy to change everything, the current architecture is really powerfull in terms of expansion and the solution that you suggested is to throw that all away because you think it's complicated.
 
Think about it: 1 set of commen Controllers and Models, used by different Views.
 
I can always create my own security system without the smart MVC security solutions.
Marcus Kramer at 9-Jan-13 10:51am
   
You are correct that you can write your own custom security system to handle it. I've just done something similar in implementing a Single Sign On system that can handle both Windows and Forms Authentication from both AD and DB based accounts. From the sound of your initial question, I was under the impression that you had two very separate applications that were simply running like virtual sub applications and were independent of each other. From your comment I would suggest the custom security system. Cheers.
willempipi at 9-Jan-13 11:01am
   
Thanks, I'm already doing research in creating my own custom MembershipProvider, hopefully by overriding the MembershipProvider with my own custom MembershipProvider I can still use the smart MVC Security solutions... Thanks, and have nice day!
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Add this class:
    public class CustomMembershipProvider : SqlMembershipProvider
    {
        public override string ApplicationName
        {
            get
            {
                return ConfigHelper.DomainConfig.Name; // My own applicationname according to the URL.
            }
            set
            {
            }
        }
    }
Then replace the membership node in the web.config:
 
    <membership defaultprovider="CustomMembershipProvider">
      <providers>
        <clear />
        <add name="CustomMembershipProvider" type="CustomMembershipProvider">
             connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false"
             enablePasswordReset="true"
             requiresQuestionAndAnswer="false"
             requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5"
             minRequiredPasswordLength="6"
             minRequiredNonalphanumericCharacters="0"
             passwordAttemptWindow="10"
             applicationName="/" />
  Permalink  
v4

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 7,903
1 Sergey Alexandrovich Kryukov 7,192
2 DamithSL 5,604
3 Manas Bhardwaj 4,986
4 Maciej Los 4,820


Advertise | Privacy | Mobile
Web04 | 2.8.1411023.1 | Last Updated 9 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100