Click here to Skip to main content
13,192,426 members (54,058 online)
Rate this:
Please Sign up or sign in to vote.
See more:

I'm currently working on a MVC4 Website which uses the standard MembershipProvider to enable login's. The website has multiple view's which use the same MVC engine, this way we have 1 website that acts like 2 different websites, while the only thing that is different is the design and URL. This all works great using a custom MVC View-engine.

Now for my problem, when I create a account on whitelabel #1, I can also login on whitelabel #2 using the same credentials. This is because both websites use the same MVC Engine, so they use the same MembershipProvider / ApplicationID.

This is wrong.

Both websites should have their own MembershipProvider, so you cannot login using the same credentials.

Now I've already goolged a little on this subject and found a solution by not using the singleton MembershipProvider and instanciate it myself. But then I cannot use the smart MVC security solutions like using the [Authorize] tag on controllers.

Does anyone have a solution for this?

Posted 9-Jan-13 3:37am
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

If you need to use a different membership provider, then you will probably find that you'll need to setup two independent Web Applications in IIS. You should library any common code between the two applications and just reference that code from each application. This will not only solve your authentication issues, but will also simplify the maintenance and flexibility of each application.
willempipi 9-Jan-13 10:39am
Sorry, it will be crazy to change everything, the current architecture is really powerfull in terms of expansion and the solution that you suggested is to throw that all away because you think it's complicated.

Think about it: 1 set of commen Controllers and Models, used by different Views.

I can always create my own security system without the smart MVC security solutions.
Marcus Kramer 9-Jan-13 10:51am
You are correct that you can write your own custom security system to handle it. I've just done something similar in implementing a Single Sign On system that can handle both Windows and Forms Authentication from both AD and DB based accounts. From the sound of your initial question, I was under the impression that you had two very separate applications that were simply running like virtual sub applications and were independent of each other. From your comment I would suggest the custom security system. Cheers.
willempipi 9-Jan-13 11:01am
Thanks, I'm already doing research in creating my own custom MembershipProvider, hopefully by overriding the MembershipProvider with my own custom MembershipProvider I can still use the smart MVC Security solutions... Thanks, and have nice day!
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

Add this class:
public class CustomMembershipProvider : SqlMembershipProvider
    public override string ApplicationName
            return ConfigHelper.DomainConfig.Name; // My own applicationname according to the URL.

Then replace the membership node in the web.config:
    <membership defaultprovider="CustomMembershipProvider">
        <clear />
        <add name="CustomMembershipProvider" type="CustomMembershipProvider">
             applicationName="/" />

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web04 | 2.8.171017.2 | Last Updated 9 Jan 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100